Red Hat

Crimson Collective targets AWS cloud instances to steal data and extort firms

Cloud, Cybercrime, News, Research, Risk

October 9, 2025

Researchers at Rapid7 said the Crimson Collective has been exploiting exposed AWS credentials to create privileged IAM users, export database and storage snapshots for exfiltration, and issue extortion demands; AWS recommended using short‑term, least‑privileged credentials and provided remediation guidance.
High-severity flaw in Red Hat OpenShift AI could allow full cluster takeover, vendor warns

Cloud, News, Risk, Vendors, Vulnerabilities

October 2, 2025

Red Hat warned that a CVE-2025-10725 flaw in OpenShift AI, scored 9.9 by CVSS, could let a low-privileged authenticated user escalate to cluster administrator, enabling data theft, service disruption and full platform takeover; Red Hat and a Bugzilla report provided mitigation steps and urged urgent patching and investigation.