Cloud Security
-
PCPJack credential stealer targets cloud systems and removes TeamPCP traces
Researchers said PCPJack is a new cloud-focused credential stealer that targets exposed services, removes TeamPCP-related artifacts and uses multiple exploits to spread across compromised environments.
-
Hackers use Next.js flaw to harvest credentials from 766 hosts, Cisco Talos says
Cisco Talos says hackers used a Next.js flaw to compromise at least 766 hosts and harvest credentials, keys and cloud secrets through an automated operation tied to UAT-10608.
-
Amazon says it disrupted GRU-linked campaign that targeted misconfigured edge network devices
Amazon says it disrupted a years-long campaign attributed to the Russian GRU that shifted from exploiting software flaws to targeting misconfigured edge devices on customer cloud infrastructure, and that it has protected affected EC2 instances, notified customers and shared intelligence.
-
U.S. sues former Accenture manager over alleged false claims on Army cloud security
The U.S. has sued Danielle Hillmer, a former senior manager tied to Accenture, accusing her of misleading auditors about the security of the NIFMS cloud platform and falsely claiming FedRAMP High and DoD Impact Level compliance while work on Army contracts proceeded.
-
Unpatched Gogs vulnerability being actively exploited; hundreds of instances compromised
Wiz researchers say a high-severity unpatched flaw in Gogs (CVE-2025-8110) is being actively exploited, with more than 700 compromised instances; the issue allows file overwrites via symbolic links and can lead to remote code execution. Researchers recommend disabling open registration, limiting internet exposure and scanning for random repositories while a fix is developed.
-
Self‑replicating botnet abuses Ray clusters to mine cryptocurrency, steal data and launch DDoS attacks
Researchers say a campaign called ShadowRay 2.0 has been exploiting internet‑facing Ray clusters using CVE‑2023‑48022 and Ray’s orchestration features to spread a self‑replicating botnet that mines cryptocurrency, steals proprietary data and launches DDoS attacks, with attackers targeting large GPU environments and using automated discovery and multi‑stage payloads.
-
Researchers warn ‘CoPhish’ uses Microsoft Copilot Studio agents to harvest OAuth tokens
Datadog Security Labs disclosed “CoPhish,” a phishing method that uses Microsoft Copilot Studio agents and legitimate Microsoft-hosted demo pages to deliver fraudulent OAuth consent flows and harvest session tokens; Microsoft says it will address the issue in a future update and both vendors recommend tightening admin privileges and consent policies.
-
Researchers warn ‘Jingle Thief’ group exploits cloud access to commit gift card fraud
Palo Alto Networks Unit 42 says a group called Jingle Thief is targeting cloud environments used by retailers to steal credentials, issue unauthorized gift cards and resell them on gray markets, using phishing, long‑term access and identity misuse to evade detection.
-
Researchers say low-cost DDR4 interposer can bypass Intel and AMD memory protections
Researchers at KU Leuven and the University of Birmingham say a low-cost DDR4 interposer called Battering RAM can redirect physical addresses to bypass Intel SGX and AMD SEV-SNP protections in cloud confidential computing, potentially allowing plaintext reads, data corruption and persistent backdoors.
-
Senate Democrats flag DOGE program for privacy, cybersecurity risks across three federal agencies
A Senate Democratic report accuses the DOGE program of violating federal law and exposing Americans’ personal data across three agencies, urging immediate safeguards and compliance measures amid warnings of heightened identity theft risk.
