Datadog lifts full-year outlook as cloud security demand accelerates
Datadog raised its annual forecast citing robust demand for cloud security, with the upbeat guidance fueling a sharp rise in its stock price.
Tag
Cloud Security
All articles tagged with #cloud security
Entra ID Agent Role Flaw Allows Service Principal Takeover, Patch Deployed
A built-in Entra ID role called Agent ID Administrator could let attackers take ownership of arbitrary service principals, enabling privilege escalation and potential tenant compromise. Microsoft issued a patch across cloud environments on April 9 to block ownership changes by the Agent ID Administrator on non-agent principals, mitigating the risk. Security researchers urge ongoing monitoring of sensitive role usage, ownership changes, secure handling of privileged service principals, and auditing credential creation on service principals to reduce exposure from this loophole.
Cloud breaches pivot to new flaws as credential abuse wanes
Google’s threat intelligence shows cloud intrusions are increasingly driven by exploiting freshly disclosed third-party software flaws, shrinking the window to weaponize exploits to days. Weak credentials have declined as an attack vector while remote code execution flaws like React2Shell (CVE-2025-55182) and XWiki (CVE-2025-24893) are frequently exploited. Attacks often begin via phishing or stolen identities, with Iran-, China-, and North Korea–linked campaigns maintaining long-term access to steal data, crypto, and credentials. OpenID Connect abuse, supply-chain incidents, and insider threats also feature prominently, underscoring the need for automated, rapid incident response as cloud threats accelerate into 2026.
Identity as the Perimeter: The Hidden Gate in Cyber Breaches
A sponsored Visual Capitalist infographic (in partnership with Unit 42 by Palo Alto Networks) outlines how cyberattackers breach systems by exploiting identity. Identity-based techniques drive about 65% of initial access, with social engineering and credential misuse leading the way, and 90% of recent investigations showing identity weaknesses as material. Once inside, over-privileged identities and token abuse enable rapid lateral movement, making identity the practical perimeter. Defenses recommended include phishing-resistant MFA (passkeys/FIDO2), rotating machine credentials, shorter sessions, just-in-time elevation for admins, and cross-cloud identity telemetry to detect unusual access chains.
Researchers uncover 27 attack scenarios targeting cloud password managers
Swiss researchers disclosed 27 attack scenarios across Bitwarden, LastPass, Dashlane and 1Password that could let attackers view or modify vaults, challenging the science of end-to-end encryption and exploiting issues in onboarding, key escrow, and item-level encryption. A notable attack demonstrated is ‘malicious auto-enrolment’ against Bitwarden, which could allow a server-controlled attacker to hijack a vault during organization onboarding. Vendors are patching (Bitwarden, LastPass, Dashlane) while 1Password defends its SRP-based design. The paper recommends stronger authentication, key separation and ciphertext integrity. Users should check remediation status with providers and ask for audits.)
Researchers expose 25 recovery attacks against leading cloud password managers
A joint ETH Zurich/USI study identifies 25 distinct password-recovery/related attacks across major cloud password managers (Bitwarden, Dashlane, LastPass; with 1Password also noted for some flaws). Attacks span four categories: exploiting key escrow in account recovery, weaknesses in item-level encryption and metadata, vulnerabilities in sharing features, and downgrades due to legacy code. In total, 12 attacks hit Bitwarden, 7 LastPass, and 6 Dashlane; 1Password was linked to item-level and sharing flaws as known limitations. Vendors have issued patches or mitigations (e.g., Dashlane removing legacy crypto, Bitwarden remediation, LastPass hardening, 1Password using SRP), and there’s no evidence these issues have been exploited in the wild.
VoidLink: A Cloud-Native Linux Malware Framework Targets Cloud and Containers
Check Point Research details VoidLink, a modular, cloud-first Linux malware framework designed for long-term access in cloud and container environments. Written in Zig, it features a two-stage loader, an in-memory plugin system with 37 default plugins, a web-based C2 dashboard, and adaptive stealth that tailors behavior after detecting cloud providers (AWS, GCP, Azure, Alibaba, Tencent). It supports multiple command-and-control channels (HTTP/HTTPS, DNS, ICMP) and even a potential mesh network, plus rootkit capabilities (LD_PRELOAD, eBPF, LKM) depending on kernel version, anti-analysis and self-deletion measures, and a broad plugin ecosystem for post-exploitation tasks. The framework appears to be under active development—likely commercial—raising the need for defenders to harden Linux, cloud, and container environments; as of publication, no real-world infections had been observed.
Palo Alto Networks and Google Cloud Secure $10 Billion AI and Cloud Deal
Palo Alto Networks and Google Cloud have expanded their partnership to enhance AI security across cloud and hybrid environments, integrating Palo Alto's Prisma AIRS with Google Cloud's AI services to protect AI workloads, improve security management, and streamline deployment, while also migrating Palo Alto's internal workloads to Google Cloud to optimize performance and reliability.
Tips to Prevent Cloud Account Lockouts
The article warns about the risks of being locked out of cloud storage accounts like Google, Dropbox, iCloud, and OneDrive, highlighting the importance of security measures to prevent losing access to valuable data, as illustrated by a Reddit story of a user losing 30 years of photos and work.
Netskope IPO Surges 18% in Market Debut
Netskope's IPO in 2025 raised over $900 million with a valuation of $7.3 billion, and its stock surged 18.4% on its first trading day, reflecting strong investor interest in cybersecurity and cloud security solutions.
Whistleblower Alleges DOGE Exposed Social Security Data
A whistleblower has alleged that the Department of Government Efficiency improperly stored sensitive personal data of over 300 million Americans, including Social Security numbers, on a vulnerable cloud server, violating laws and creating significant security risks, with potential for widespread identity theft and other harms.
Whistleblower Warns of Major Social Security Data Security Threats
A whistleblower has revealed that the Department of Government Efficiency uploaded a massive, unsecured Social Security database to the cloud, risking sensitive personal information of over 300 million Americans, raising concerns about identity theft and data security, despite official assurances of safety.
Whistleblower Warns DOGE and Trump Actions Endanger Millions' Social Security Data
A top SSA official warns that Doge uploaded all Social Security Numbers to a risky cloud server, raising concerns about data security and privacy risks.
Researchers Reveal GPT-5 Jailbreak and Zero-Click AI Attacks Threatening Cloud and IoT Security
Cybersecurity researchers have discovered sophisticated jailbreak techniques and zero-click AI agent attacks targeting GPT-5 and cloud/IoT systems, exposing vulnerabilities in AI safety measures and highlighting the increasing risks of indirect prompt injections and external system integrations. These attacks can manipulate AI models to generate harmful content or exfiltrate sensitive data without user interaction, emphasizing the need for improved security protocols in AI development.
Major Data Breach Exposes 184 Million User Logins and Passwords
A massive data breach exposed over 184 million records, including emails and passwords linked to major platforms and government services, highlighting the urgent need for consumers to update passwords, enable multi-factor authentication, and monitor their accounts to prevent fraud and identity theft.