Kubernetes Flaws Let Hackers Jump From Containers to Cloud Accounts
Hackers are increasingly abusing Kubernetes misconfigurations to jump from containers into high‑value cloud accounts, turning a single compromised pod into f...
Amazon
20 articles
MCP isn't a protocol problem. It's an identity crisis nobody is treating.
MCP’s real risk isn’t protocol flaws — it’s missing identity, leaving AI actions untraceable.
Cloudflare Targets WordPress With New AI-Powered EmDash CMS
Cloudflare launches EmDash CMS, an AI-powered platform built to fix WordPress security flaws with sandboxed plugins, serverless scaling, and passkey auth.
Apache Traffic Server Flaw Allowed Attackers to Trigger Denial-of-Service Attacks
The Apache Software Foundation has released critical security updates to address two vulnerabilities in Apache Traffic Server (ATS). Disclosed on April 2, 20...
Introducing the Landing Zone Accelerator on AWS Universal Configuration and LZA Compliance Workbook
November 20, 2025: Date this information was first published. We’re pleased to announce the availability of the latest sample security baseline from Landing ...
European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack
Hackers stole over 300GB of data from the Commission’s AWS environment, including personal information. The post European Commission Confirms Data Breach Lin...
When an Attacker Meets a Group of Agents: Navigating Amazon Bedrock's Multi-Agent Applications
Unit 42 research on multi-agent AI systems on Amazon Bedrock reveals new attack surfaces and prompt injection risks. Learn how to secure your AI applications.
Multiple EU entities impacted by European Commission breach, CERT-EU says
At least 29 other European Union entities were disclosed by CERT-EU to have had their data compromised following the TeamPCP supply chain attack against the ...
CERT-EU blames Trivy supply chain attack for Europa.eu data breach
The European Union’s Computer Emergency Response Team, CERT-EU, has traced last week’s theft of data from the Europa.eu platform to the recent supply chain a...
How AWS KMS and AWS Encryption SDK overcome symmetric encryption bounds
If you run high-scale applications that encrypt large volumes of data, you might be concerned about tracking encryption limits and rotating keys.
ShinyHunters issues final warning to Cisco over alleged data theft
ShinyHunters alleges access to data from three breach paths: UNC6040, Salesforce Aura, and compromised AWS accounts, claiming over three million Salesforce r...
New Progress ShareFile Flaws Expose Servers to Unauthorized Remote Takeover
Security researchers at watchTowr Labs have disclosed a critical exploit chain in the Progress ShareFile Storage Zone Controller. The vulnerabilities, tracke...
Critical ShareFile Flaws Lead to Unauthenticated RCE
The vulnerabilities can be chained together to bypass authentication and upload arbitrary files to the server. The post Critical ShareFile Flaws Lead to Unau...
TP-Link Router Flaws Allowed Attackers to Launch DoS Attacks and Cause Crashes
TP-Link has recently addressed a batch of severe vulnerabilities affecting the Tapo C520WS security camera system. Security cameras are critical pieces of eq...
OpenSSH 10.3 Released With Patch for Shell Injection and Other Security Flaws
the OpenSSH project released version 10.3 alongside its portable version 10.
Massive Cisco breach claimed by ShinyHunters
Cisco had over three million Salesforce records with personal information, AWS buckets, GitHub repositories, and other corporate information allegedly stolen...
AWS, Wasabi, Cloudflare, and Backblaze go head-to-head in new cloud storage test
Cloud storage buyers rarely get vendor-provided performance data that includes the vendor’s own weak spots. Backblaze’s Q1 2026 Performance Stats report, att...
ShinyHunters Hackers Claim Theft of 3M+ Cisco Records, Threaten Public Leak
ShinyHunters hackers claim they stole 3 million+ Cisco records via Salesforce and AWS, warning of a public leak if demands are not met by April 3, 2026.
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database cre...
Cisco fixed critical and high-severity flaws
Cisco fixed critical flaws that could allow attackers to bypass authentication, run code, and gain access to sensitive data. Cisco released patches for two c...