Cloud
Microsoft finds default Kubernetes Helm charts can expose data
Microsoft warns about the security risks posed by default configurations in Kubernetes deployments, particularly those using out-of-the-box Helm charts, which could publicly expose sensitive data. In many cases, those Helm charts required no authentication, left exploitable ports open, and used weak or hardcoded passwords that were trivial to break. A report published by security researchers […]
WhatsApp unveils ‘Private Processing’ for cloud-based AI features
WhatsApp has announced the introduction of ‘Private Processing,’ a new technology that enables users to utilize advanced AI features by offloading tasks to privacy-preserving cloud servers. This is required to utilize AI functionalities such as message summarization and writing suggestions on WhatsApp, which are too demanding for on-device hardware. The new feature will be entirely opt-in […]
ASUS warns of critical auth bypass flaw in routers using AiCloud
ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device. The vulnerability, tracked under CVE-2025-2492 and rated critical (CVSS v4 score: 9.2), is remotely exploitable via a specially crafted request and requires no authentication, making it particularly dangerous. “An improper […]
AWS rolls out ML-KEM to secure TLS from quantum threats
Amazon Web Services (AWS) has added support for the ML-KEM post-quantum key encapsulation mechanism to AWS Key Management Service (KMS), AWS Certificate Manager (ACM), and AWS Secrets Manager, making TLS connections more secure. ML-KEM (Module-Lattice-based Key Encapsulation Mechanism) is a post-quantum cryptographic algorithm designed to secure key exchanges from the perceived, yet still theoretical threat of […]
Cloudflare R2 service outage caused by password rotation error
Cloudflare announced that its R2 object storage and dependent services experienced an outage lasting 1 hour and 7 minutes, causing 100% write and 35% read failures globally. Cloudflare R2 is a scalable, S3-compatible object storage service with free data retrieval, multi-region replication, and tight Cloudflare integration. The incident, which lasted between 21:38 UTC and 22:45 […]
Google Cloud introduces quantum-safe digital signatures in KMS
Google Cloud has introduced quantum-safe digital signatures to its Cloud Key Management Service (Cloud KMS), making them available in preview. The tech giant says this initiative aligns with the National Institute of Standards and Technology’s (NIST) post-quantum cryptography (PQC) standards, addressing future risks of quantum computing breaking classic encryption schemes. With Google Cloud being used by […]
Microsoft fixes Power Pages zero-day bug exploited in attacks
Microsoft has issued a security bulletin for a high-severity elevation of privilege vulnerability in Power Pages, which hackers exploited as a zero-day in attacks. The flaw, tracked as CVE-2025-24989, is an improper access control problem impacting Power Pages, allowing unauthorized actors to elevate their privileges over a network and bypass user registration controls. Microsoft says it […]
whoAMI attacks give hackers code execution on Amazon EC2 instances
Security researchers discovered a name confusion attack that allows access to an Amazon Web Services account to anyone that publishes an Amazon Machine Image (AMI) with a specific name. Dubbed “whoAMI,” the attack was crafted by DataDog researchers in August 2024, who demonstrated that it’s possible for attackers to gain code execution within AWS accounts by exploiting how […]
Hackers exploit critical Aviatrix Controller RCE flaw in attacks
Threat actors are exploiting a critical remote command execution vulnerability, tracked as CVE-2024-50603, in Aviatrix Controller instances to install backdoors and crypto miners. The Aviatrix Controller, part of the Aviatrix Cloud Networking Platform, enhances networking, security, and operational visibility for multi-cloud environments. It is used by enterprises, DevOps teams, network engineers, cloud architects, and managed […]
CISA orders federal agencies to secure Microsoft 365 tenants
CISA has issued this year’s first binding operational directive (BOD 25-01), ordering federal civilian agencies to secure their cloud environments by implementing a list of required secure configuration baselines (SCBs). While CISA has only finalized the SCBs for Microsoft 365, it plans to release additional baselines for other cloud platforms, starting with Google Workspace (anticipated to […]