cloud misconfigurations

Public appsettings.json leak exposes Azure AD credentials, enabling potential cloud access

Cloud, News, Risk, Vulnerabilities

September 3, 2025

Researchers from Resecurity’s HUNTER team warn that a publicly accessible appsettings.json file leaked Azure AD credentials (ClientId and ClientSecret), potentially enabling attackers to authenticate via OAuth 2.0 and access an organization’s Azure cloud resources; the incident underscores the ongoing risk of cloud-secret exposure and the need for strong secret-management practices.
Cloudflare Confirms 1.1.1.1 Outage Stemmed from Internal Misconfiguration, Not Attack

Cloud, News, Policy, Vendors

July 17, 2025

Cloudflare confirmed that a recent outage of its 1.1.1.1 Resolver service was caused by an internal misconfiguration, dismissing concerns of a cyberattack or BGP hijack. The incident led to significant disruptions for users globally, with full restoration achieved within hours.
Data Breach at Blue Shield of California Raises Concerns Over Cloud Misconfigurations

Cloud, Cybercrime, News, Policy, Privacy, Risk, Vendors, Vulnerabilities

April 29, 2025

Blue Shield of California has reported that a misconfiguration of Google Analytics led to the exposure of personal health information of 4.7 million subscribers, prompting discussions on cloud security and data handling best practices. Experts emphasize reading service documentation and assessing what data is shared and collected.