Researchers propose fresh approaches to cloud-security bugs and mitigating exposure, impact and risk. Big gaps exist in the 22-year-old Common Vulnerability and Exposures (CVE) system that do not ...
Google has fixed a critical flaw in its Google Cloud Platform's database service that researchers used to gain access to sensitive data and secrets, as well as escalate privileges to breach other ...
Exploitation of user-managed cloud software has overtaken credential abuse as the method by which most attackers gain initial access to cloud resources. In its semi-annual "Cloud Threat Horizons ...
The popular continuous-delivery platform has a path-traversal bug (CVE-2022-24348) that could allow cyberattackers to hop from one application ecosystem to another. A high-severity security ...
The operators of the Kinsing malware are targeting cloud environments with systems vulnerable to "Looney Tunables," a Linux security issue identified as CVE-2023-4911 that allows a local attacker to ...
The "ongoing exploitation" of two Ivanti bugs has now extended beyond on-premises environments and hit customers' cloud instances, according to security shop Wiz.… CVE-2025-4427 is an authenticated ...
Over half of organizations have suffered a security incident due to misconfiguration or a known vulnerability in their cloud native applications, according to new research from Snyk. The open source ...
Security researchers have warned of another critical software supply chain vulnerability – this time affecting a popular logging utility with 13 billion downloads. Tenable claimed that a memory ...
Google Cloud has fixed a potentially dangerous application programming interface (API) vulnerability in its platform that, had it been exploited by malicious actors, could have led to widespread data ...