Cloud
-
Interlock ransomware exploited Cisco FMC zero-day CVE-2026-20131
Amazon Threat Intelligence links Interlock ransomware to exploitation of Cisco Secure FMC CVE-2026-20131. The flaw allowed unauthenticated root code execution and was used as a zero-day from January 26, 2026. Apply patches and assess systems.
-
Attack on Stryker erased nearly 80,000 employee devices, company says
Stryker says an attack limited to its internal Microsoft environment erased nearly 80,000 employee devices on March 11. Medical products remain safe but ordering systems are offline and orders must be placed manually while recovery continues.
-
Threat actors using modified AuraInspector to mass-scan Salesforce Experience Cloud sites
Salesforce warned that attackers are using a modified AuraInspector to mass-scan public Experience Cloud sites and extract data from overly permissive guest user profiles. Customers should review guest settings and restrict external object access.
-
UNC6426 used stolen npm keys to gain AWS administrator access in under 72 hours
UNC6426 leveraged keys from an August 2025 nx npm supply chain compromise to obtain a GitHub token and escalate to AWS administrator permissions in under 72 hours, leading to S3 data exfiltration and production resource destruction.
-
Nine LeakyLooker flaws in Google Looker Studio could expose GCP data
Tenable found nine cross-tenant vulnerabilities in Google Looker Studio that could have allowed arbitrary SQL queries and data exfiltration across Google Cloud tenants. Google patched the flaws after a June 2025 responsible disclosure.
-
Microsoft warns OAuth redirect abuse used to deliver malware to government targets
Microsoft warned that phishing campaigns are abusing OAuth redirect features to deliver malware to government and public sector targets, using malicious OAuth apps, ZIP payloads, PowerShell and DLL sideloading. Organizations are advised to limit consent and review app permissions.
-
Drone strikes damage AWS data centers in UAE and Bahrain
Drone strikes damaged three AWS facilities in the UAE and one in Bahrain, causing outages that affect dozens of cloud services. Structural, power and water damage were reported and recovery work is under way.
-
Microsoft warns of OAuth redirect abuse used to deliver malware to public sector
Microsoft warned that attackers are abusing OAuth redirect features to bypass phishing defenses and direct government and public sector users to attacker controlled domains that deliver malware or intercept credentials.
-
Suspected Chinese cyberespionage used Google Sheets API to hide C2 in campaign affecting 53 organisations
A suspected Chinese threat actor used Google Sheets API calls for command-and-control in a global campaign that affected 53 organisations in 42 countries since 2023. A technical analysis details the GRIDTIDE backdoor and mitigation steps.
-
RoguePilot flaw in GitHub Codespaces could have leaked GITHUB_TOKEN, researcher says
A flaw named RoguePilot let attackers hide Copilot instructions in a GitHub issue to manipulate Codespaces and leak a privileged GITHUB_TOKEN. Orca Security published a technical analysis and Microsoft patched the issue after disclosure.
