Big news: AWS and Splunk team up to launch the Open Cybersecurity Schema (OCSF) with help from Symantec, Broadcom & Cloudflare. A game‑changer for security logs & cloud security ops. Dive in to see why it matters. #OCSF #CloudSecurity #SecurityOps

🔗 aidailypost.com/news/aws-spl...

🚨 Lambda Watchdog CVE Report 🚨
Latest AWS Lambda image scan detected 24 CVEs across 27 images:
• 🔴 Critical: 0
• 🟠 High: 14
• 🟡 Medium: 6
• 🔵 Low: 4

Check the full report 👉 https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless

Data Security in the Digital Era Protecting Your Business in a Connected World In today's digital-first world, businesses rely on technology for nearly every aspect of their operations. While this brings numerous benefits such as improved efficiency, streamlined communica...

Data Security in the Digital Era Protecting Your Business in a Connected World
www.ekascloud.com/our-blog/dat...
#DataSecurity #CyberSecurity #DigitalSecurity #ProtectYourBusiness #CyberThreats #InfoSec #CloudSecurity #NetworkSecurity #DataProtection #BusinessSecurity #CyberAwareness #ITSecurity

Silent failures are the most expensive ones in the cloud.

Over-permissioned access. Unreviewed roles. Drifting configs.

Everything runs — while risk compounds.

Security fails when there’s no continuous visibility and control.

#CloudSecurity #M365 #AWS #AuditReady #DevSecOps #CloudRisk #IAM

Building a Cyber Resilient Business: Best Practices for 2025 As cyber threats continue to evolve, businesses must shift from a reactive cybersecurity approach to a proactive and resilient strategy. Cyber resilience goes beyond traditional cybersecurity; it e...

Building a Cyber Resilient Business: Best Practices for 2025
www.ekascloud.com/our-blog/bui...
#CyberSecurity #CyberResilience #BusinessSecurity #DataProtection #CyberThreats #InfoSec #DigitalSecurity #ITSecurity #RiskManagement #CyberAwareness #SecurityFirst #CloudSecurity #NetworkSecurity #Zero

EU breach highlights a growing risk:
Compromised supply chain + exposed API key = cloud access.
92GB data exfiltrated.
Are your dependencies truly trusted?
Follow TechNadu.
#CyberSecurity #CloudSecurity #InfoSec

260403 rootshell.online Created on Fri Apr 3 23:00:00 CST 2026 - A news, tutorials and conferences about security published on YouTube - Find the RSS Feed with latest playlists at h...

Latest cyber & hacking videos compiled for you twice a day. Watch now & stay ahead of threats. 🔒 www.youtube.com/playlist
#CyberSecurity #InfoSec #CloudSecurity #Phishing #EthicalHacking

Safeguard Your Digital Assets Protecting Your Business in the Digital Age In today’s interconnected world, digital assets—ranging from confidential business data and intellectual property to financial records and customer information—are crucial for bus...

Safeguard Your Digital Assets Protecting Your Business in the Digital Age
www.ekascloud.com/our-blog/saf...
#DigitalSecurity #CyberSecurity #DataProtection #DigitalAssets #BusinessSecurity #OnlineSafety #InfoSec #CyberDefense #SecureBusiness #DataPrivacy #ITSecurity #CloudSecurity

Securonix Securonix is transforming how security operations are delivered, measured, and scaled. Our Unified Defense SIEM combines SIEM, UEBA, SOAR, TIP, and TDIR in a single cloud-native platform that helps security teams detect threats faster, investigate with context, and respond with precision.

The latest update for #Securonix includes "Stop Measuring Effort. Start Measuring Outcomes in the SOC" and "Weathering the Attacker's Perfect Storm with #AgenticAI-Powered #SecOps".

#cybersecurity #cloudsecurity #SIEM https://opsmtrs.com/4qmpzeX

It’s World Cloud Security Day ☁️🔐

Your non-profit runs in the cloud—donor data, programs, operations.
But convenience without security? Risky.

Protect your data. Protect your mission. 💙

#CloudSecurity #CyberSecurity #Nonprofits

Microsoft Entra expands SCIM support with new SCIM 2.0 APIs for identity lifecycle operations A new standards-based option for identity teams to manage user and group lifecycle in Microsoft Entra.

Microsoft Entra expands SCIM support with new SCIM 2.0 APIs for identity lifecycle operations techcommunity.micros...

#MicrosoftEntra #MicrosoftSecurity #Cybersecurity #Azure #AzureAD #Identity #CloudSecurity

Hiring Security Engineer 🔐
Build Zero Trust, AI-driven cloud security systems across AWS, GCP & Azure. If you’re strong in IAM, Detection-as-Code & DevSecOps, this is for you.

Apply now 👇
tinyurl.com/mv6anbj6

#Hiring #CyberSecurity #CloudSecurity #SecurityEngineer #DevSecOps #ZeroTrust #RemoteJobs

Banner graphic celebrating World Cloud Security Day with a circular cybersecurity icon wheel featuring a central padlock, surrounded by tech icons on a dark blue background. OCTO (Office of the Chief Technology Officer) logo in the bottom right.

For OCTO, every day is cloud security day.

Behind every DC permit, benefit, and service is a secure cloud — protected 24/7 by our team.

Cloud security isn't just IT. It's public trust in action.

#WorldCloudSecurityDay #ThisIsHowWeTech #CloudSecurity

What Mattered in Cybersecurity in March 2026 March 2026 was not defined by one massive breach. It was defined by a pattern.

New article drop: What Mattered in Cybersecurity in March 2026. Biggest takeaway? Attackers kept winning in the control plane - identity, device management, cloud admin, and fast-moving exploits. Read it below. #Cybersecurity #InfoSec #CloudSecurity #IdentitySecurity #fyp #gaming

🚨 Lambda Watchdog CVE Report 🚨
Latest AWS Lambda image scan detected 24 CVEs across 27 images:
• 🔴 Critical: 0
• 🟠 High: 14
• 🟡 Medium: 6
• 🔵 Low: 4

Check the full report 👉 https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless

Automate Google Workspace backups with smart exclusions, optimized scheduling, and detailed reporting—no daily babysitting required.



zurl.co/oYlfx

#GoogleWorkspaceBackup #SaaSBackup #CloudBackup #DataProtection #BackupAutomation #CloudSecurity

Duales' Duc App Data Left Unprotected Due to Unencrypted Server, Over 360,000 Files Exposed A critical Duales data exposure left an Amazon-hosted storage server unprotected, revealing sensitive documents and escalating user data security risks.

Full story 👇
www.technadu.com/duales-duc-a...

#DataBreach #Cybersecurity #CloudSecurity #Infosec

360K+ sensitive files exposed in Duc App breach.
Unencrypted cloud server → passports, selfies, financial data publicly accessible.
A basic misconfiguration with massive impact.

What’s your take?
#Cybersecurity #DataBreach #CloudSecurity

#CloudSecurity #IdentityManagement #MVPBuzz #Security #MicrosoftTechCommunity
👉👉 tip.tbone.se/VnFcAu
[AI generated, Human reviewed]

CVE-2026-32213: CWE-285: Improper Authorization in Microsoft Azure AI Foundry CVE-2026-32213 is an improper authorization vulnerability classified under CWE-285 affecting Microsoft Azure AI Foundry, a cloud-based AI platform. The vulnerability allows an attacker to bypass authorization controls and elevate privileges

Azure AI Foundry faces CRITICAL CVE-2026-32213: attackers can elevate privileges remotely. Restrict access, monitor logs, and review permissions ASAP. radar.offseq.com/threat/cve-2026-32213-cw... #OffSeq #Azure #CloudSecurity

How Google Cloud Armor Helps Close OWASP Top 10 Risks in 2026 Most teams don’t fail OWASP because they ignore it. They fail because they can’t turn it into enforcement.

A useful point on Google Cloud Armor: OWASP awareness is not enough without enforcement. Strong edge controls can help reduce injection attempts, abusive automation, and pressure on fragile apps.
medium.com/google-cloud...
#CloudSecurity #GoogleCloud #GCP #OWASP #DevSecOps

Top 7 Secure IAM Patterns in GCP: How to Eliminate Editor, Long-Lived Keys, and Standing Privileges… If your GCP access model still depends on Editor, service account keys, and one-off exceptions, you do not have IAM hygiene — you have…

Secure IAM in GCP is simple: narrow access, temporary privilege, no long-lived service account keys, and regular review. Good overview of the patterns that matter in 2026.

medium.com/google-cloud...

#GCP #IAM #CloudSecurity #DevSecOps

L’Iran punta al cloud! I Datacenter di Oracle e Amazon colpiti dalla guardia rivoluzionaria

📌 Link all'articolo : www.redhotcyber.com/post/liran-c...

A cura di Chiara Nardini

#redhotcyber #news #cyberguerra #iran #usa #attacchihacking #cloudsecurity #oracolo #amazon #emiratiarabi

Cybersecurity M&A Roundup: 38 Deals Announced in March 2026 Thirty-eight cybersecurity M&A deals were announced in March 2026, featuring major strategic transactions across defense, cloud security, AI, and insurance. Notable moves included Google’s completion of its $32 billion acquisition of Wiz, Airbus agreeing to buy Ultra Cyber, Databricks acquiring Antimatter and SiftD.ai for its Lakewatch SIEM, and OpenAI’s purchase of...

March 2026 saw 38 cybersecurity M&A deals, including Google's $32B Wiz acquisition, Airbus buying UK’s Ultra Cyber, OpenAI and Databricks expanding AI security, and Zurich's $11B Beazley bid. #UK #CloudSecurity #CyberInsurance

CVE-2026-33107: CWE-918: Server-Side Request Forgery (SSRF) in Microsoft Azure D CVE-2026-33107 is a critical Server-Side Request Forgery (SSRF) vulnerability identified in Microsoft Azure Databricks, a cloud-based data analytics platform widely used for big data processing and machine learning workloads. SSRF vulnerabi

CRITICAL SSRF (CVE-2026-33107) in Azure Databricks exposes internal resources — no auth needed. Restrict outbound traffic, monitor anomalies, and patch ASAP when available. radar.offseq.com/threat/cve-2026-33107-cw... #OffSeq #Azure #CloudSecurity

CVE-2026-26135: CWE-918: Server-Side Request Forgery (SSRF) in Microsoft Azure C CVE-2026-26135 is a Server-Side Request Forgery (SSRF) vulnerability classified under CWE-918, affecting the Microsoft Azure Custom Locations Resource Provider (RP). SSRF vulnerabilities occur when an attacker can abuse a server to send una

Critical SSRF in Azure Custom Locations Resource Provider (CVSS 9.6) enables privilege escalation & internal access. Patch ASAP, tighten permissions, segment networks. radar.offseq.com/threat/cve-2026-26135-cw... #OffSeq #Azure #CloudSecurity

Connect only trusted endpoints. #ZeroTrust #AISecurity #CloudSecurity #AdaptiveSecurity: Adopt a Zero Trust approach that lets you verify every access request—human, machine, or AI—before it reaches your most critical resources. As AI agents,… MSFTMechanics #ZeroTrust #AISecurity #CloudSecurity

BSides Luxembourg talk announcement!

🐧🚨 𝗡𝗢𝗧 𝗦𝗢 𝗛𝗔𝗥𝗠𝗟𝗘𝗦𝗦: 𝗧𝗛𝗘 𝗛𝗜𝗗𝗗𝗘𝗡 𝗪𝗢𝗥𝗟𝗗 𝗢𝗙 𝗟𝗜𝗡𝗨𝗫 𝗣𝗔𝗖𝗞𝗘𝗥𝗦 𝗔𝗡𝗗 𝗗𝗘𝗧𝗘𝗖𝗧𝗜𝗢𝗡 𝗖𝗛𝗔𝗟𝗟𝗘𝗡𝗚𝗘𝗦 - 𝗠𝗔𝗦𝗦𝗜𝗠𝗢 𝗕𝗘𝗥𝗧𝗢𝗖𝗖𝗛𝗜 🛡️🔍

Linux packers and loaders are a sneaky blind spot in cybersecurity. They hide code with encryption and obfuscation […]

[Original post on infosec.exchange]

Security Flaw in Popular Python Library Threatens User Machines   The software ecosystem experienced a brief but significant breach on March 24, 2026 that went almost unnoticed, underscoring how fragile even well-established development pipelines have become. As a result of a threat actor operating under the name TeamPCP successfully compromising the PyPI credentials of the maintainer, malicious code has been quietly seeded into newly published versions of the popular LiteLLM Python package versions 1.82.7 and 1.82.8. LiteLLM itself was not the victim of the intrusion, but rather a previous breach involving Trivy, an open source security scanner integrated into the project's CI/CD pipeline, which effectively made a defensive tool into a channel for an attack.  PyPI quarantined the tainted packages only after a limited period of approximately three hours when they were live, but the extent of potential exposure was significant due to the staggering number of downloads and installs of LiteLLM, which exceeds 3.4 million per day and 95 million per month, respectively.  A powerful and unified interface for interacting with multiple large language model providers is provided by LiteLLM, a tool deeply embedded within modern artificial intelligence development environments. LiteLLM frequently operates in environments containing highly sensitive assets such as API credentials, cloud configurations, and proprietary information.  The incident illustrates not only a fleeting compromise; it also illustrates a broader and increasingly urgent reality that the open source supply chain remains vulnerable to exactly the types of indirect, multi-stage attacks that are the most difficult to detect and the most damaging when they are successful in a global software development environment. This incident was not simply the result of code tampering; it was a carefully designed, multi-stage intrusion intended to exploit environments that are heavily automated and trusted.  The threat group TeamPCP leveraged its access in order to introduce two trojanized versions of LiteLLM - versions 1.82.7 and 1.82.8 - which contained obfuscated payloads embedded in core components of the package, namely within the module litellm/proxy/proxy_server.py.  While the insert was subtle, positioned between legitimate code paths, and encoded so as to evade immediate attention, it ensured execution at import, an important point in the development lifecycle that virtually ensures activation in production environments.  An even more durable mechanism was introduced in the subsequent version by the attackers as a malicious .pth file directly embedded within the site-packages directory, which was used to extend their foothold. As a result of exploiting Python's internal initialization behavior, the payload executed automatically upon every interpreter startup, regardless of whether LiteLLM itself was ever invoked again. Using detached subprocess calls, the malicious logic was able to operate without visibility, effectively bypassing conventional monitoring tools which focus on application execution.  Designing the payload reflected an in-depth understanding of cloud-native architectures and the dense concentrations of sensitive information contained within them. When activated, the code acted as a comprehensive orchestration layer capable of conducting reconnaissance, credential harvesting, and environment mapping. Through a systematic process of traversing the host system, SSH keys, cloud provider credentials, Kubernetes configurations, container registry secrets, and environment variables were extracted. Additionally, managed services were probed further for information. Cloud-based environments utilize native authentication mechanisms, such as AWS instance metadata, to generate signed requests and retrieve secrets directly from services such as Secrets Manager and Parameter Store, extending its reach beyond traditional disk-based storage or network access.  A comprehensive collection process was conducted, including infrastructure-as-code artifacts, continuous integration and continuous delivery configurations as well as cryptographic material, database credentials, and developer shell histories, effectively turning each compromised device into an extensive repository of exploitable information.  Data exfiltration was highly sophisticated, utilizing layered encryption and infrastructure that blended seamlessly into legitimate traffic patterns to exfiltrate data. After compression, encryption, and asymmetric key wrapping, stolen data was transmitted to a domain fabricated to resemble legitimate LiteLLM infrastructure before being encrypted. As a consequence, even intercepted traffic would be of little value without access to the attacker's private key, complicating the forensic analysis and response process. Furthermore, the operation demonstrated a clear emphasis on persistence and lateral expansion, particularly within Kubernetes environments.  As service account tokens were present in the payload, it initiated cluster-wide reconnaissance, deployed privileged pods across all nodes, including control-plane systems, and mounted host filesystems and bypassed scheduling restrictions. It then introduced a secondary persistence layer that was disguised as a benign system telemetry service within user-level configurations of systemd. During periodic communication with a remote command-and-control endpoint, this component provided operators with the ability to deliver additional payloads, update tooling, or terminate the activity by using a built-in kill switch. In summary, the incident indicates that operational maturity extends beyond opportunistic exploitation, demonstrating a level of operational maturity.  The team PCP successfully maximized the return on each compromised host by targeting LiteLLM, a gateway technology at the intersection of multiple artificial intelligence providers. This allowed them access not only to infrastructure credentials, but also to a wide variety of API keys that cover numerous large language model platforms.  As a result, the compromise of one, widely trusted component can have alarming ripple effects across entire development and production environments with alarming speed and precision in an ecosystem increasingly characterized by interconnected dependencies. Organizations must reevaluate trust boundaries within their software supply chains in the aftermath of the incident, as remediation is no longer the only priority for organizations. As security teams are increasingly being encouraged to adopt a zero-trust approach towards third-party dependencies, verification does not end when the product is installed, but continues throughout the entire execution lifecycle.  Among these measures are the enforcing of strict version pins, verifying package integrity using trusted sources, and developing continuous monitoring mechanisms that will detect anomalous behavior at runtime as opposed to simply relying on static analysis.  The strengthening of continuous integration/continuous delivery pipelines—especially their tools—has emerged as a critical control point, as this attack demonstrated how upstream compromise can cascade downstream without significant resistance.  An institutionalization of rapid response playbooks is equally important in order to ensure that credentials are rotated, systems are isolated, and forensic validation is conducted without delay when anomalies are discovered.  As the use of interconnected AI frameworks continues to increase, security responsibilities are shifting from reactive patching to proactive resilience, where detection, containment, and recovery of supply chain intrusions become as essential as preventing them.

Security Flaw in Popular Python Library Threatens User Machines #CICDPipeline #CloudSecurity #CredentialTheft

Cut SaaS backup costs while gaining enterprise-class protection for Google Workspace. Smart pricing that scales with your business.


zurl.co/v7Jxt


#SaaSBackup #CloudBackup #DataProtection #GoogleWorkspaceBackup 
#BackupSolutions #CloudSecurity