Cloud Security

China-Linked Hackers Exploit New VMware Zero-Day Active Since October 2024

A critical security flaw in Broadcom VMware Tools and VMware Aria Operations has been actively exploited since October 2024. According to cybersecurity researchers at NVISO Labs, the attacks are linked to a China-based hacking group tracked as UNC5174 (also known as Uteus or Uetus). The bug, identified as CVE-2025-41244 with a CVSS score of 7.8, […]

China-Linked Hackers Exploit New VMware Zero-Day Active Since October 2024 Read More »

Microsoft Expands Sentinel Into Agentic Security Platform With Unified Data Lake

Microsoft has officially announced a major expansion of its Sentinel Security Information and Event Management (SIEM) solution, transforming it into a unified agentic security platform. At the core of this update is the general availability of the Sentinel data lake, designed to provide enterprises with advanced capabilities for managing and analyzing security data. In addition

Microsoft Expands Sentinel Into Agentic Security Platform With Unified Data Lake Read More »

Researchers Reveal Google Gemini AI Flaws Enabling Prompt Injection and Cloud Exploits

Cybersecurity researchers have disclosed a trio of now-patched vulnerabilities, collectively called the Gemini Trifecta, that impacted Google’s Gemini AI suite. If exploited, these flaws could have exposed users to privacy breaches and data theft, by turning AI features into attack vectors, rather than just targets. The findings underscore a worrying trend, where sophisticated threat actors,

Researchers Reveal Google Gemini AI Flaws Enabling Prompt Injection and Cloud Exploits Read More »

$50 Battering RAM Attack Breaks Intel, AMD Cloud Security Protections

The researchers describe a simple interposer, which can be assembled for about $50, that sits between the processor and the DDR4 memory modules. During system start, the interposer remains transparent and passes all integrity and trust checks. At runtime, however, the device can be flipped into an active mode, where it stealthily remaps physical addresses

$50 Battering RAM Attack Breaks Intel, AMD Cloud Security Protections Read More »

Phishing Campaign Hid for 3 Years on Google Cloud and Cloudflare Services

A highly advanced phishing campaign managed to stay undetected for more than three years while operating through Google Cloud and Cloudflare services. The attackers impersonated leading corporations, including major defense contractor Lockheed Martin, raising concerns about the detection gaps in two of the world’s most trusted internet infrastructure providers. How the Campaign Worked The operation

Phishing Campaign Hid for 3 Years on Google Cloud and Cloudflare Services Read More »

add a heading (3)

Cryptojacking Attack Exploits Redis Servers to Deploy Miners, Disable Security

A highly advanced cryptojacking campaign has been uncovered, where misconfigured Redis servers are being exploited across multiple regions. The attackers deploy cryptocurrency miners while simultaneously disabling key security defenses, turning exposed systems into long-term profit engines. TA-NATALSTATUS Threat Actor The group behind this operation, tracked as TA-NATALSTATUS, has been active since 2020. However, in 2025

Cryptojacking Attack Exploits Redis Servers to Deploy Miners, Disable Security Read More »