Cloud
European Commission confirms data breach after Europa.eu hack
The European Commission has confirmed a data breach after its Europa.eu web platform was hacked in a cyberattack claimed by the ShinyHunters extortion gang. GeekFeed first reported on Friday that this breach affects at least one of the Commission’s AWS (Amazon Web Services) accounts. The Commission says the attack didn’t disrupt any Europa websites and that its […]
European Commission investigating breach after Amazon cloud hack
The European Commission, the European Union’s main executive body, is investigating a security breach after a threat actor gained access to its Amazon cloud infrastructure. Although the EU’s executive cabinet has yet to disclose the incident publicly, GeekFeed has learned that the breach affected at least one account used to manage the compromised cloud infrastructure. […]
TeamPCP deploys Iran-targeted wiper in Kubernetes attacks
The TeamPCP hacking group is targeting Kubernetes clusters with a malicious script that wipes all machines when it detects systems configured for Iran. The threat actor is responsible for the recent supply-chain attack on the Trivy vulnerability scanner, and also an NPM-based campaign dubbed ‘CanisterWorm,’ which started on March 20. Selective destruction payload Researchers at application security […]
Google: Cloud attacks exploit flaws more than weak credentials
Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks to just days. At the same time, the use of weak credentials or misconfigurations has dropped significantly in the second half of 2025, Google notes in a report highlighting the […]
LexisNexis confirms data breach as hackers leak stolen files
American data analytics company LexisNexis Legal & Professional has confirmed to GeekFeed that hackers breached its servers and accessed some customer and business information. The company’s data breach confirmation comes as a threat actor named FulcrumSec leaked 2GB of files on various underground forums and sites. LexisNexis L&P is a global provider of legal, regulatory, […]
Microsoft to shut down Exchange Online EWS in April 2027
Microsoft announced today that the Exchange Web Services (EWS) API for Exchange Online will be shut down in April 2027, after nearly 20 years. EWS is a cross-platform API for developing apps that can access Exchange mailbox items, such as email messages, meetings, and contacts, retrieved from various sources, including Exchange Online and on-premises editions […]
Hackers hijack exposed LLM endpoints in Bizarre Bazaar operation
A malicious campaign is actively targeting exposed LLM (Large Language Model) service endpoints to commercialize unauthorized access to AI infrastructure. Over a period of 40 days, researchers at Pillar Security recorded more than 35,000 attack sessions on their honeypots, which led to discovering a large-scale cybercrime operation that monetizes and exploits access to exposed or poorly authenticated AI endpoints. […]
Hackers exploit security testing apps to breach Fortune 500 firms
Threat actors are exploiting misconfigured web applications used for security training and internal penetration testing, such as DVWA, OWASP Juice Shop, Hackazon, and bWAPP, to gain access to cloud environments of Fortune 500 companies and security vendors. An investigation from automated penetration testing company Pentera found evidence that hackers are leveraging this attack vector to compromise systems and […]
Cloud marketplace Pax8 accidentally exposes data on 1,800 MSP partners
Cloud marketplace and distributor Pax8 has confirmed that it mistakenly sent an email to fewer than 40 UK-based partners containing a spreadsheet with internal business information, including MSP customer and Microsoft licensing data. Pax8 is a fast-growing cloud commerce marketplace with more than 1,700 employees, over 47,000 partners worldwide, and operations in 18 countries. The company […]
Cloud file-sharing sites targeted for corporate data theft attacks
A threat actor known as Zestix has been offering to sell corporate data stolen from dozens of companies likely after breaching their ShareFile, Nextcloud, and OwnCloud instances. According to cybercrime intelligence company Hudson Rock, initial access may have been obtained through credentials collected by info-stealing malware such as RedLine, Lumma, and Vidar deployed on employee devices. The three […]