Cloud
-
Docker flaw lets attackers bypass authorization plugins in some setups
Docker disclosed a high-severity flaw in Engine that could let attackers bypass authorization plugins in some setups. The issue, tracked as CVE-2026-34040, was patched in version 29.3.1 and linked to an incomplete fix for an earlier bug.
-
Over 1,000 exposed ComfyUI instances targeted in crypto mining botnet campaign
A Censys technical analysis says more than 1,000 exposed ComfyUI instances are being scanned and infected in a campaign that installs crypto miners, a proxy botnet and persistence tools through unsafe custom nodes.
-
Iran-Linked Password-Spraying Campaign Hits Microsoft 365 Accounts in Middle East
An Iran-linked threat actor is suspected of targeting Microsoft 365 accounts in Israel and the United Arab Emirates in March 2026, affecting more than 300 organizations in Israel and over 25 in the U.A.E. across three attack waves.
-
Hackers use Next.js flaw to harvest credentials from 766 hosts, Cisco Talos says
Cisco Talos says hackers used a Next.js flaw to compromise at least 766 hosts and harvest credentials, keys and cloud secrets through an automated operation tied to UAT-10608.
-
Microsoft Warns of WhatsApp Campaign Delivering Malicious VBS Files
Microsoft says a campaign that began in late February 2026 has used WhatsApp messages to spread malicious VBS files, then used renamed Windows tools and cloud services to help install persistent access on infected systems.
-
Google Drive ransomware detection enabled by default for paying users
Google said its AI-powered Google Drive ransomware detection is now generally available and on by default for paying users, with sync pausing, alerts and file restoration available after an attack is detected.
-
Google Vertex AI flaw could expose cloud data, researchers say
Researchers say a Google Cloud Vertex AI flaw could let an attacker abuse AI agent permissions to reach customer data and restricted internal repositories. Google has updated guidance and urged least-privilege controls.
-
CareCloud says hackers accessed patient data in eight-hour breach
CareCloud said hackers accessed one of its electronic health record environments on March 16, exposing patient data and causing an eight-hour disruption. The company is still investigating how many people were affected and what information was taken.
-
European Commission says attackers breached public web infrastructure
The European Commission said attackers broke into cloud systems hosting its Europa websites on March 24 and may have taken data. The sites stayed online, but officials gave few details about what was exposed.
-
Phishing campaign targets TikTok for Business accounts with bot-blocking pages
A phishing campaign is targeting TikTok for Business accounts with bot-blocking pages that redirect through Google Storage and use a Cloudflare Turnstile check, then present fake login pages designed to capture credentials and session cookies.
