Cloud Security Archives – SecurityWeek Cybersecurity News, Insights & Analysis
- Fluent Bit Vulnerabilities Expose Cloud Services to Takeover
by Ionut Arghire on November 25, 2025 at 1:45 pmFive flaws in the open source tool may lead to path traversal attacks, remote code execution, denial-of-service, and tag manipulation. The post Fluent Bit Vulnerabilities Expose Cloud Services to Takeover appeared first on SecurityWeek.
- New Attack Targets DDR5 Memory to Steal Keys From Intel and AMD TEEsby Eduard Kovacs on October 29, 2025 at 7:45 am
Intel and AMD have published advisories after academics disclosed details of the new TEE.fail attack method. The post New Attack Targets DDR5 Memory to Steal Keys From Intel and AMD TEEs appeared first on SecurityWeek.
- RMPocalypse: New Attack Breaks AMD Confidential Computingby Ionut Arghire on October 14, 2025 at 10:52 am
A vulnerability in RMP initialization allows the AMD processor’s x86 cores to maliciously control parts of the initial RMP state. The post RMPocalypse: New Attack Breaks AMD Confidential Computing appeared first on SecurityWeek.
- Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitationby Ionut Arghire on October 7, 2025 at 8:32 am
Authenticated attackers can exploit the security flaw to trigger a use-after-free and potentially execute arbitrary code. The post Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation appeared first on SecurityWeek.
- $4.5 Million Offered in New Cloud Hacking Competitionby Eduard Kovacs on October 6, 2025 at 9:44 am
Wiz has teamed up with Microsoft, Google and AWS and is inviting cloud security researchers to its Zeroday.Cloud competition. The post $4.5 Million Offered in New Cloud Hacking Competition appeared first on SecurityWeek.
- Battering RAM Attack Breaks Intel and AMD Security Tech With $50 Deviceby Eduard Kovacs on October 1, 2025 at 8:50 am
Intel and AMD say the research is not in scope of their threat model because the attack requires physical access to a device. The post Battering RAM Attack Breaks Intel and AMD Security Tech With $50 Device appeared first on SecurityWeek.
- CSA Unveils SaaS Security Controls Framework to Ease Complexityby Kevin Townsend on September 25, 2025 at 11:00 am
New framework from the Cloud Security Alliance helps SaaS customers navigate the shared responsibility model with confidence. The post CSA Unveils SaaS Security Controls Framework to Ease Complexity appeared first on SecurityWeek.
- All Microsoft Entra Tenants Were Exposed to Silent Compromise via Invisible Actor Tokens: Researcherby Kevin Townsend on September 23, 2025 at 11:44 am
The strength of responsible disclosure is that it can solve problems before they are actioned. The weakness is that it potentially generates a false sense of security in the vendor. The post All Microsoft Entra Tenants Were Exposed to Silent Compromise via Invisible Actor Tokens: Researcher appeared first on SecurityWeek.
- Researchers Earn $150,000 for L1TF Exploit Leaking Data From Public Cloudby Ionut Arghire on September 22, 2025 at 12:48 pm
L1TF Reloaded is a vulnerability combining the old L1TF and half-Spectre hardware flaws to bypass deployed software mitigations. The post Researchers Earn $150,000 for L1TF Exploit Leaking Data From Public Cloud appeared first on SecurityWeek.
- VMScape: Academics Break Cloud Isolation With New Spectre Attackby Ionut Arghire on September 12, 2025 at 9:49 am
Exploiting incomplete speculative execution attack mitigations extended to the branch predictor state, VMScape leaks arbitrary memory. The post VMScape: Academics Break Cloud Isolation With New Spectre Attack appeared first on SecurityWeek.
