Cloud Security Archives – SecurityWeek Cybersecurity News, Insights & Analysis
- Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation
by Ionut Arghire on October 7, 2025 at 8:32 amAuthenticated attackers can exploit the security flaw to trigger a use-after-free and potentially execute arbitrary code. The post Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation appeared first on SecurityWeek.
- $4.5 Million Offered in New Cloud Hacking Competitionby Eduard Kovacs on October 6, 2025 at 9:44 am
Wiz has teamed up with Microsoft, Google and AWS and is inviting cloud security researchers to its Zeroday.Cloud competition. The post $4.5 Million Offered in New Cloud Hacking Competition appeared first on SecurityWeek.
- Battering RAM Attack Breaks Intel and AMD Security Tech With $50 Deviceby Eduard Kovacs on October 1, 2025 at 8:50 am
Intel and AMD say the research is not in scope of their threat model because the attack requires physical access to a device. The post Battering RAM Attack Breaks Intel and AMD Security Tech With $50 Device appeared first on SecurityWeek.
- CSA Unveils SaaS Security Controls Framework to Ease Complexityby Kevin Townsend on September 25, 2025 at 11:00 am
New framework from the Cloud Security Alliance helps SaaS customers navigate the shared responsibility model with confidence. The post CSA Unveils SaaS Security Controls Framework to Ease Complexity appeared first on SecurityWeek.
- All Microsoft Entra Tenants Were Exposed to Silent Compromise via Invisible Actor Tokens: Researcherby Kevin Townsend on September 23, 2025 at 11:44 am
The strength of responsible disclosure is that it can solve problems before they are actioned. The weakness is that it potentially generates a false sense of security in the vendor. The post All Microsoft Entra Tenants Were Exposed to Silent Compromise via Invisible Actor Tokens: Researcher appeared first on SecurityWeek.
- Researchers Earn $150,000 for L1TF Exploit Leaking Data From Public Cloudby Ionut Arghire on September 22, 2025 at 12:48 pm
L1TF Reloaded is a vulnerability combining the old L1TF and half-Spectre hardware flaws to bypass deployed software mitigations. The post Researchers Earn $150,000 for L1TF Exploit Leaking Data From Public Cloud appeared first on SecurityWeek.
- VMScape: Academics Break Cloud Isolation With New Spectre Attackby Ionut Arghire on September 12, 2025 at 9:49 am
Exploiting incomplete speculative execution attack mitigations extended to the branch predictor state, VMScape leaks arbitrary memory. The post VMScape: Academics Break Cloud Isolation With New Spectre Attack appeared first on SecurityWeek.
- Amazon Disrupts Russian Hacking Campaign Targeting Microsoft Usersby Ionut Arghire on September 2, 2025 at 12:12 pm
The Midnight Blizzard cyberspies used compromised websites to trick users into authorizing devices they controlled. The post Amazon Disrupts Russian Hacking Campaign Targeting Microsoft Users appeared first on SecurityWeek.
- Ransomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise Attacksby Ionut Arghire on August 29, 2025 at 12:10 pm
Storm-0501 has been leveraging cloud-native capabilities for data exfiltration and deletion, without deploying file-encrypting malware. The post Ransomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise Attacks appeared first on SecurityWeek.
- Docker Desktop Vulnerability Leads to Host Compromiseby Ionut Arghire on August 26, 2025 at 11:24 am
A critical vulnerability in Docker Desktop allows attackers to modify the filesystem of Windows hosts to become administrators. The post Docker Desktop Vulnerability Leads to Host Compromise appeared first on SecurityWeek.
