Cloud Security News
Latest news, vulnerabilities, and developments in cloud security. Stay informed about the rapidly evolving cloud threat landscape.
AWS Lambda Layer Code Injection Vulnerability
January 28, 2026
Security researchers discover vulnerability in Lambda layers allowing code injection through malicious layer imports. Affects serverless applications using third-party layers without verification. (Dark Reading)
Azure Blob Storage Misconfiguration Exposure
December 4, 2025
Study reveals widespread Azure Blob Storage misconfiguration exposing sensitive data. Authentication bypass through SAS token vulnerabilities. Cloud storage security best practices not widely adopted. (SecurityWeek)
Unprotected API Endpoint Leaks Enterprise Data
January 17, 2026
API endpoint without authentication discovered exposing millions of customer records. Vulnerable API running on cloud infrastructure for 18 months before detection. (The Hacker News)
LockBit Ransomware Targets Kubernetes Infrastructure
January 17, 2026
LockBit targeting Kubernetes clusters with misconfigured network policies. Lateral movement through container orchestration platforms. Advanced kubernetes knowledge required for defense. (SecurityWeek)
AWS S3 Bucket Policy Bypass Risk
January 16, 2026
Researchers highlight policy patterns that enable unintended cross-account access in S3. Guidance focuses on reducing confused deputy risk and tightening resource policies. (SecurityWeek)
Entra ID OAuth Consent Phishing Wave
January 14, 2026
Threat actors abuse OAuth consent flows to gain persistent access to cloud apps. Defenders urged to restrict third-party app consent and audit tenant-wide grants. (Infosecurity Magazine)
GCP Artifact Registry Poisoning Risk
January 9, 2026
Security researchers describe dependency confusion and image overwrite risks for Artifact Registry. Recommendations include immutability policies and signed artifacts. (The Hacker News)
Kubernetes Admission Controller Bypass
January 25, 2026
Misconfigured admission webhooks allow unvalidated workloads into clusters. Administrators urged to enforce failure policies and tighten webhook scopes. (BleepingComputer)
Okta Workforce Identity Incident Response Update
January 13, 2026
Okta publishes guidance on token rotation and session revocation for cloud tenants. Emphasis on improved monitoring and suspicious login detection. (Dark Reading)
Snowflake Data Sharing Misconfiguration Exposes Records
January 8, 2026
Misconfigured data shares exposed sensitive records across multiple tenants. Guidance stresses least-privilege sharing and continuous access reviews. (SecurityWeek)
Cloudflare Workers Sandbox Escape Fixed
January 31, 2026
Researchers disclose a sandbox escape impacting edge runtimes. Cloudflare rolled out fixes and recommends reviewing worker isolation settings. (BleepingComputer)
GuardDuty Adds Runtime Threat Detection for EKS
January 10, 2026
AWS announces expanded runtime detection for Kubernetes workloads with new rules for crypto mining and credential theft.
Defender for Cloud Adds AI Workload Protection
January 20, 2026
New controls for AI workloads improve monitoring of model endpoints and data pipelines. Microsoft recommends enabling new policies for AI services.
Google Cloud IAM Recommender Reduces Excess Permissions
January 17, 2026
New recommendations help teams remove unused roles and over-privileged service accounts. Guidance includes staged rollouts and audit automation. (Google Cloud)
Ransomware Targets Managed Kubernetes Services
January 19, 2026
Operators focus on managed clusters with weak network policies and exposed dashboards. Guidance stresses RBAC hardening and image provenance checks. (The Hacker News)
SaaS Supply Chain Risk Report 2026
January 21, 2026
New report shows rising SaaS integration risk and recommends continuous vendor monitoring and scoped OAuth permissions. (SecurityWeek)
Cloud Access Security Broker Research Report 2026
January 23, 2026
Updated survey of CASB implementations across enterprises. SaaS adoption growth driving CASB deployment. Average organization uses 50+ SaaS applications requiring broker visibility. (SecurityWeek)
Secrets Detection in Cloud Runtime Analysis Study
January 25, 2026
Research demonstrates effectiveness of runtime secret scanning in cloud environments. Traditional static analysis misses 30% of hardcoded secrets in cloud functions. (BleepingComputer)
Zero Trust Architecture Adoption Study
January 27, 2026
Research finds 65% of enterprises have zero trust strategy but only 15% fully implemented. Partial implementations create security gaps. Cloud migration accelerates zero trust adoption. (Infosecurity Magazine)
Serverless Security Posture Research 2025
December 20, 2025
Study reveals serverless security gaps widening. 60% of serverless functions log function signatures. IAM policies overly permissive. Logging and runtime protection insufficient. (The Hacker News)
Container Registry Security Assessment Report
January 31, 2026
Assessment of container registry security controls reveals common weaknesses. Image scanning, access control, and logging often missing. SCM integration improves container supply chain security. (SecurityWeek)
Zero Trust Plus AI Gains Enterprise Adoption
February 1, 2026
Organizations replacing legacy firewalls and VPNs with Zero Trust + AI security model. Protects AI usage while stopping AI-driven attacks. Zero Trust everywhere across workforce and clouds. (SC Magazine)
Astra Launches Cloud Vulnerability Scanner
February 3, 2026
New agentless scanner for AWS, Azure, GCP performs 400+ configuration checks and 3,000 automated vulnerability tests. Offensive-grade validation engine tests exploitability. Predictable pricing model. (The Hacker News)
Microsoft Defender for Cloud CIEM Updates
January 17, 2026
Updated Cloud Infrastructure Entitlement Management logic across Azure, AWS, GCP. Inactive identity detection now uses 90-day lookback. Permissions Creep Index deprecated for activity-based CIEM. (Microsoft)
Microsoft Defender Endor Labs Integration GA
January 19, 2026
Generally available integration enhances vulnerability analysis with software supply chain insights. Provides comprehensive code-to-cloud security visibility and remediation guidance. (Microsoft)
Hush Security in 2026 CrowdStrike Accelerator
January 21, 2026
Runtime security platform for non-human identities selected for elite 8-week program with CrowdStrike, AWS, NVIDIA. Focuses on replacing static secrets with identity-based access. (Yahoo Finance)
NVIDIA Cybercat Cloud Security Platform
January 23, 2026
NVIDIA unveils cloud security platform leveraging GPU acceleration for threat detection. Real-time analysis of cloud traffic and workloads. Integration with major cloud providers announced. (SecurityWeek)
Okta Identity Management Cloud Enhancements
January 25, 2026
Okta releases enhanced authentication capabilities for cloud workloads. Passwordless authentication and risk-based access control improvements. Multi-cloud identity governance simplified. (Dark Reading)
Microsoft OAuth Device Code Flow Exploited
January 27, 2026
Surge in phishing attacks exploiting Microsoft OAuth device code flow identified by Proofpoint. Attackers abuse legitimate authentication flow to gain unauthorized access to cloud resources. (Infosecurity Magazine)
Nezha Admin Tool Weaponized by Attackers
January 29, 2026
Legitimate remote administration tool Nezha deployed as post-exploitation RAT via bash script. Points to Alibaba Cloud infrastructure. Used for persistence and lateral movement. (The Hacker News)
AI Chatbot Flaws Enable Cross-User Attacks
January 31, 2026
Security researchers discovered AI chatbot vulnerabilities allowing message ID modification, cross-user compromise, and HTML injection. Attackers can exfiltrate prompts and run scripts in chat windows. (BleepingComputer)
Vect Ransomware Multi-Platform Attacks
February 1, 2026
Professional RaaS platform targeting Windows, Linux, VMware ESXi. Advanced technical capabilities, strict opsec. Active victim recruitment via dark web forums. Multi-platform defense required. (FireCompass)
Ransomware Groups Target Microsoft 365
February 3, 2026
Direct attacks on SharePoint and OneDrive for data exfiltration and encryption. Attackers move laterally from cloud to on-premises environments. Cloud becomes initial access point. (SC Magazine)
85% Increase in Network DDoS Attacks
January 17, 2026
Significant surge in sophisticated cyberattacks with 85% increase in network DDoS attacks in H1 2025 compared to previous year. Cloud infrastructure primary target. (Dark Reading)
Wiz zeroday.cloud: 11 Critical Zero-Days
January 19, 2026
Competition discovered 11 critical zero-day exploits in foundational open-source components. Affects container runtimes, AI infrastructure (vLLM, Ollama), and databases (Redis, PostgreSQL). (BleepingComputer)
Attackers Exploit Misconfigured VPN Services
January 21, 2026
Security researchers discover widespread VPN service misconfiguration in cloud environments. Attackers gain initial access and establish persistent backdoors. Lateral movement across cloud networks follows. (The Hacker News)
Advanced Persistent Threat Cloud Infrastructure Abuse
January 23, 2026
APT group exploiting cloud credit system to launch attacks from compromised cloud accounts. Using free tier resources for malware distribution. Detection challenges from legitimate cloud services abuse. (SecurityWeek)
Credentials Harvested from Cloud Development Environments
January 25, 2026
Attackers target developer machines and cloud-based development environments. Stolen credentials provide access to production cloud infrastructure. Developer security training and tools essential. (Infosecurity Magazine)
Kubernetes Service Account Token Extraction
January 27, 2026
Attackers targeting service account tokens stored in Kubernetes secrets. Stolen tokens enable cluster compromise and lateral movement. Pod security policies and RBAC critical preventive measures. (The Hacker News)
73% of Breaches From Misconfigurations
January 29, 2026
Research shows 73% of cloud breaches originate from misconfigurations rather than sophisticated exploits. Traditional quarterly scanning cycles inadequate. Continuous monitoring essential. (SC Magazine)
Third-Party SaaS Supply Chains Primary Entry
January 31, 2026
Security experts predict third-party SaaS supply chains become primary breach entry point in 2026. Sprawling integrations and dependencies create attack surface organizations can't inventory. (SC Magazine)
AWS re:Invent: AI Agents Introduce New Risks
February 1, 2026
AWS re:Invent 2025: Autonomous AI agents introduce risks similar to insider threats due to non-deterministic actions. Execute tasks beyond content generation requiring new security approaches. (Security Boulevard)
Cloud-Native Adoption Accelerates
February 3, 2026
Cloud-native adoption accelerating but security falling behind. Only 8% remain single-cloud by late 2025. High-profile incidents from misconfigured databases at LinkedIn, Accenture wake-up call. (Medium)
Salesforce Marketing Cloud Security Flaw Fixed
January 21, 2026
Salesforce disclosed and patched a vulnerability in Marketing Cloud Engagement affecting link encryption. AES-GCM encryption deployed January 21, 2026. No confirmed unauthorized access reported. (Vantage Point)
Cloud Security Challenges Multi-Cloud 2026
January 10, 2026
82% of breaches attributed to lack of visibility in hybrid environments. Only 8% remain single-cloud. 1,200+ monthly misconfiguration alerts per enterprise. Human error causes 80%+ of breaches. (Medium)
2026 Cloud Security Report: Complexity Gap
January 12, 2026
88% operate hybrid/multi-cloud creating critical complexity gap. Ransomware groups targeting Microsoft 365 directly. Third-party SaaS supply chains primary breach entry point. (SC Magazine)
Tenable 2026 Predictions: Machine Identities
January 15, 2026
Machine identities will become top cloud risk in 2026. AI will accelerate attack speed and volume. Automated remediation adoption increases. Custom in-house AI security tools emerge. (Security Boulevard)
2026: Runtime Visibility Becomes Standard
January 15, 2026
Runtime visibility stops being differentiator, becomes norm in 2026. AI security integrates with cloud security. AI helps defenders with vulnerability discovery and risk prioritization. (Sweet Security)
Cloud & SaaS Risks Rise in 2026
January 15, 2026
Experts predict continued rise in cloud-native intrusions. SaaS supply chains become primary entry point. Attackers exploit sprawling integration dependencies organizations struggle to inventory. (SC Magazine)
Quantum Computing Threat Accelerates
January 15, 2026
Quantum computers could soon break today's encryption. Post-quantum cryptography needed to keep data safe. Organizations must prepare for quantum-resistant encryption transition. (Dark Reading)
Cloud Complexity Gap Widens
January 15, 2026
Visibility no longer sufficient - context needed to interpret constant automated change. 88% operate hybrid/multi-cloud creating critical complexity gap. Traditional approaches fail at scale. (SC Magazine)
Post-Quantum Crypto Impacts Cloud
January 15, 2026
Post-quantum cryptography standards beginning to impact cloud infrastructure planning. Organizations must prepare for quantum-resistant encryption transition. Major cloud providers announcing timelines. (The Hacker News)
January 2026 Cyber Breaches Summary
January 15, 2026
Weekly report covering n8n Ni8mare exploit (CVSS 10.0), Trust Wallet supply chain attack, Vect ransomware, and SAP critical patches. 26,500+ exposed n8n instances at risk. (FireCompass)
Google Cloud Email Feature Abused in Phishing Campaign
January 15, 2026
Attackers exploited Google Cloud Application Integration to send 9,394 phishing emails from legitimate Google domains, bypassing security filters and targeting 3,200 organizations globally. (The Hacker News)
European Space Agency Security Incident
January 15, 2026
ESA reported security issue involving external servers in January 2026. Limited details disclosed. Investigation underway into potential unauthorized access to space agency systems. (Infosecurity Magazine)
Healthcare Cloud Ransomware Attack Wave
January 15, 2026
Coordinated ransomware attacks targeting healthcare cloud providers in January 2026. Patient data at risk. Attack exploits misconfigured Azure and AWS environments in healthcare sector. (The Hacker News)
Google Looker RCE Vulnerabilities Disclosed
January 15, 2026
Tenable discovered two critical vulnerabilities in Google Looker enabling RCE and cross-tenant access. Affects Google-hosted and on-premises deployments. Google patched cloud instances immediately.
Vect Ransomware Multi-Platform Attacks
January 15, 2026
Professional RaaS platform targeting Windows, Linux, VMware ESXi. Advanced technical capabilities, strict opsec. Active victim recruitment via dark web forums. Multi-platform defense required. (FireCompass)
Microsoft Teams Security Features Default On
January 15, 2026
Teams auto-enables weaponizable file protection, malicious URL protection, and detection reporting starting January 12, 2026. External user blocking via Defender portal available mid-January. (The Hacker News)
Microsoft Teams Security Features Default On
January 12, 2026
Teams auto-enables weaponizable file protection, malicious URL protection, and detection reporting starting January 12, 2026. External user blocking via Defender portal available mid-January. (The Hacker News)
61 Cloud Security Statistics 2025
December 31, 2025
80% of companies experienced serious cloud issues, 82% of breaches from visibility gaps, 71% shortage of skilled professionals, 94% report API security issues, 48% saw ransomware increase. (Exabeam)
Kubernetes Vulnerabilities Rise 440% in 5 Years
December 31, 2025
SentinelOne research shows dramatic 440% increase in Kubernetes vulnerabilities. 60% of cloud-hosted apps use Kubernetes. Over 50% find securing Kubernetes challenging.
Gartner Magic Quadrant for CSPM 2025
December 31, 2025
Gartner releases updated Magic Quadrant for Cloud Security Posture Management. Key capabilities evaluated: misconfigurations, compliance, identity governance, and threat analytics. (Dark Reading)
Serverless Security Posture Research 2025
December 31, 2025
Study reveals serverless security gaps widening. 60% of serverless functions log function signatures. IAM policies overly permissive. Logging and runtime protection insufficient. (The Hacker News)
85% Increase in Network DDoS Attacks
December 31, 2025
Significant surge in sophisticated cyberattacks with 85% increase in network DDoS attacks in H1 2025 compared to previous year. Cloud infrastructure primary target. (Dark Reading)
61 Cloud Security Statistics 2025
December 31, 2025
80% of companies experienced serious cloud issues, 82% of breaches from visibility gaps, 71% shortage of skilled professionals, 94% report API security issues, 48% saw ransomware increase. (Exabeam)
Kubernetes Vulnerabilities Rise 440% in 5 Years
December 31, 2025
SentinelOne research shows dramatic 440% increase in Kubernetes vulnerabilities. 60% of cloud-hosted apps use Kubernetes. Over 50% find securing Kubernetes challenging.
Gartner Magic Quadrant for CSPM 2025
December 31, 2025
Gartner releases updated Magic Quadrant for Cloud Security Posture Management. Key capabilities evaluated: misconfigurations, compliance, identity governance, and threat analytics. (Dark Reading)
71% Report Cloud Security Skills Shortage
December 31, 2025
Critical shortage of skilled cloud security professionals reported by 71% of organizations. 91% concerned about zero-day vulnerabilities. Skills gap impacts security posture and incident response. (Exabeam)
48% See Ransomware Increase
December 31, 2025
48% of IT professionals reported increase in ransomware incidents. 29% of infections via file downloads or email attachments. 80% of breaches involve compromised privileged credentials. (Exabeam)
Trust Wallet Chrome Extension Supply Chain Attack
December 24, 2025
Browser extension release pipeline compromised in November 2025, malicious version 2.68 deployed December 24. Affected thousands of cryptocurrency users globally. (BleepingComputer)
AI & Cloud Security Breaches: 2025 Year in Review
December 15, 2025
Comprehensive analysis of 16 major 2025 breaches including Drift OAuth abuse, SaaS supply chain attacks, and zero-click AI vulnerabilities. Attackers exploited trust rather than vulnerabilities. (Reco)
Five Key Flaws in 2025 Supply Chain Incidents
December 15, 2025
Analysis of major supply chain attacks exploiting React2Shell, credential harvesting from AWS/Azure/GCP metadata services, and cross-victim data exfiltration. North Korean groups identified. (Infosecurity Magazine)
React2Shell Critical RCE in Next.js
December 15, 2025
CVE-2025-55182 (CVSS 10.0) discovered in React Server Components and Next.js enabling unauthenticated RCE. Exploited by Earth Lamia and Jackpot Panda threat groups. 77,000+ vulnerable IPs identified. (Infosecurity Magazine)
Orca 2025 State of Cloud Security Report
December 15, 2025
Analysis of billions of cloud assets across AWS, Azure, GCP, Oracle, Alibaba. Rising non-human identities, AI vulnerabilities, exposed data, and neglected cloud assets identified as top risks. (Orca Security)
State of Cybersecurity 2025: Key Insights
December 15, 2025
Cloud security shifted from point solutions to architecture question. Authentication evolving to cryptographic proof. Software supply chains deliver binaries without full visibility. (The Hacker News)
Wiz zeroday.cloud: 11 Critical Zero-Days
December 15, 2025
Competition discovered 11 critical zero-day exploits in foundational open-source components. Affects container runtimes, AI infrastructure (vLLM, Ollama), and databases (Redis, PostgreSQL). (BleepingComputer)
Nezha Admin Tool Weaponized by Attackers
December 15, 2025
Legitimate remote administration tool Nezha deployed as post-exploitation RAT via bash script. Points to Alibaba Cloud infrastructure. Used for persistence and lateral movement. (The Hacker News)
AI Chatbot Flaws Enable Cross-User Attacks
December 15, 2025
Security researchers discovered AI chatbot vulnerabilities allowing message ID modification, cross-user compromise, and HTML injection. Attackers can exfiltrate prompts and run scripts in chat windows. (BleepingComputer)
Cloud-Native Adoption Accelerates
December 15, 2025
Cloud-native adoption accelerating but security falling behind. Only 8% remain single-cloud by late 2025. High-profile incidents from misconfigured databases at LinkedIn, Accenture wake-up call. (Medium)
AWS re:Invent: AI Agents Introduce New Risks
December 15, 2025
AWS re:Invent 2025: Autonomous AI agents introduce risks similar to insider threats due to non-deterministic actions. Execute tasks beyond content generation requiring new security approaches. (Security Boulevard)
Orca 2025 State of Cloud Security Report
December 15, 2025
Analysis of billions of cloud assets across AWS, Azure, GCP, Oracle, Alibaba. Rising non-human identities, AI vulnerabilities, exposed data, and neglected cloud assets identified as top risks. (Orca Security)
State of Cybersecurity 2025: Key Insights
December 15, 2025
Cloud security shifted from point solutions to architecture question. Authentication evolving to cryptographic proof. Software supply chains deliver binaries without full visibility. (The Hacker News)
n8n Workflow Platform RCE Vulnerability
November 15, 2025
CVE-2026-21877 (CVSS 10.0) allows authenticated RCE in n8n workflow automation. Affects versions >= 0.123.0 < 1.121.3. Patched in November 2025 but many instances remain unpatched. (BleepingComputer)
AWS Security Specialty Exam Updated
November 15, 2025
AWS Certified Security - Specialty exam updated to include greater focus on generative AI and machine learning security. New exam prep plan and Security Engineer Learning Plan available.
AWS Security Specialty Exam Updated
November 15, 2025
AWS Certified Security - Specialty exam updated to include greater focus on generative AI and machine learning security. New exam prep plan and Security Engineer Learning Plan available.
90% Had Kubernetes Security Incident in 2024
December 31, 2024
Red Hat survey revealed 90% of organizations encountered at least one Kubernetes security incident in past year. Runtime security incidents affected 45% of organizations. (Pomerium)
90% Had Kubernetes Security Incident in 2024
December 31, 2024
Red Hat survey revealed 90% of organizations encountered at least one Kubernetes security incident in past year. Runtime security incidents affected 45% of organizations. (Pomerium)
80% Had Serious Cloud Security Issue
December 31, 2023
80% of companies experienced serious cloud security issue in 2023. Average data breach cost $4.35 million. 83% consider cloud security major concern. Attack surface grows with cloud adoption. (Exabeam)
94% Report API Security Issues
December 31, 2023
94% of businesses reported API-related security issues in 2023. 55% of HTTP malware downloads from cloud applications. 52% cite insecure interfaces as major cloud threat. (Exabeam)
80% Had Serious Cloud Security Issue
December 31, 2023
80% of companies experienced serious cloud security issue in 2023. Average data breach cost $4.35 million. 83% consider cloud security major concern. Attack surface grows with cloud adoption. (Exabeam)
94% Report API Security Issues
December 31, 2023
94% of businesses reported API-related security issues in 2023. 55% of HTTP malware downloads from cloud applications. 52% cite insecure interfaces as major cloud threat. (Exabeam)
Google Cloud Kernel Vulnerabilities GKE Impact
January 15, 2022
Linux kernel vulnerabilities CVE-2021-4154, CVE-2021-22600, CVE-2022-0185 discovered affecting GKE nodes. Container breakout and privilege escalation risks. Patch management critical for GKE security. (Google Cloud)