Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups

August 7, 2025May 31, 2026 ~ Author ~ Leave a comment

Microsoft has released an advisory for a high-severity security flaw affecting on-premise versions of Exchange Server that could allow an attacker to gain elevated privileges under certain conditions.
The vulnerability, tracked as CVE-2025-53786, carries a CVSS score of 8.0. Dirk-jan Mollema with Outsider Security has been acknowledged for reporting the bug.
“In an Exchange hybrid deployment, an

from The Hacker News https://ift.tt/vXib1py
via IFTTT

The AI-Powered Security Shift: What 2025 Is Teaching Us About Cloud Defense

August 7, 2025May 31, 2026 ~ Author ~ Leave a comment

Now that we are well into 2025, cloud attacks are evolving faster than ever and artificial intelligence (AI) is both a weapon and a shield. As AI rapidly changes how enterprises innovate, security teams are now tasked with a triple burden:

Secure AI embedded in every part of the business.
Use AI to defend faster and smarter.
Fight AI-powered threats that execute in minutes—or seconds.

Security

from The Hacker News https://ift.tt/Ipqe79j
via IFTTT

Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft

August 6, 2025May 31, 2026 ~ Author ~ Leave a comment

Cybersecurity researchers have demonstrated an “end-to-end privilege escalation chain” in Amazon Elastic Container Service (ECS) that could be exploited by an attacker to conduct lateral movement, access sensitive data, and seize control of the cloud environment.
The attack technique has been codenamed ECScape by Sweet Security researcher Naor Haziz, who presented the findings today at the

from The Hacker News https://ift.tt/huClmvy
via IFTTT

Critical NVIDIA Container Toolkit Flaw Allows Privilege Escalation on AI Cloud Services

July 18, 2025May 31, 2026 ~ Reporter ~ Leave a comment

Cybersecurity researchers have disclosed a critical container escape vulnerability in the NVIDIA Container Toolkit that could pose a severe threat to managed AI cloud services.
The vulnerability, tracked as CVE-2025-23266, carries a CVSS score of 9.0 out of 10.0. It has been codenamed NVIDIAScape by Google-owned cloud security company Wiz.
“NVIDIA Container Toolkit for all platforms contains a

from The Hacker News https://ift.tt/1IeCvHp
via IFTTT

Securing Agentic AI: How to Protect the Invisible Identity Access

July 15, 2025May 31, 2026 ~ Reporter ~ Leave a comment

AI agents promise to automate everything from financial reconciliations to incident response. Yet every time an AI agent spins up a workflow, it has to authenticate somewhere; often with a high-privilege API key, OAuth token, or service account that defenders can’t easily see. These “invisible” non-human identities (NHIs) now outnumber human accounts in most cloud environments, and they have

from The Hacker News https://ift.tt/IzhSY4U
via IFTTT

Securing Data in the AI Era

July 11, 2025May 31, 2026 ~ Reporter ~ Leave a comment

The 2025 Data Risk Report: Enterprises face potentially serious data loss risks from AI-fueled tools. Adopting a unified, AI-driven approach to data security can help.
As businesses increasingly rely on cloud-driven platforms and AI-powered tools to accelerate digital transformation, the stakes for safeguarding sensitive enterprise data have reached unprecedented levels. The Zscaler ThreatLabz

from The Hacker News https://ift.tt/nClGStx
via IFTTT

Taiwan NSB Alerts Public on Data Risks from TikTok, Weibo, and RedNote Over China Ties

July 5, 2025May 31, 2026 ~ Reporter ~ Leave a comment

Taiwan’s National Security Bureau (NSB) has warned that China-developed applications like RedNote (aka Xiaohongshu), Weibo, TikTok, WeChat, and Baidu Cloud pose security risks due to excessive data collection and data transfer to China.
The alert comes following an inspection of these apps carried out in coordination with the Ministry of Justice Investigation Bureau (MJIB) and the Criminal

from The Hacker News https://ift.tt/20RQo3n
via IFTTT

Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms

July 3, 2025May 31, 2026 ~ Reporter ~ Leave a comment

The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors in the country were impacted by a malicious campaign undertaken by a Chinese hacking group by weaponizing several zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices.
The campaign, detected at the beginning of

from The Hacker News https://ift.tt/UJ3xo2m
via IFTTT

Microsoft Extends Windows 10 Security Updates for One Year with New Enrollment Options

June 25, 2025May 31, 2026 ~ Reporter ~ Leave a comment

Microsoft on Tuesday announced that it’s extending Windows 10 Extended Security Updates (ESU) for an extra year by letting users either pay a small fee of $30 or by sync their PC settings to the cloud.
The development comes ahead of the tech giant’s upcoming October 14, 2025, deadline, when it plans to officially end support and stop providing security updates for devices running Windows 10. The

from The Hacker News https://ift.tt/mg3q9ib
via IFTTT

New Malware Campaign Uses Cloudflare Tunnels to Deliver RATs via Phishing Chains

June 18, 2025May 31, 2026 ~ Reporter ~ Leave a comment

A new campaign is making use of Cloudflare Tunnel subdomains to host malicious payloads and deliver them via malicious attachments embedded in phishing emails.
The ongoing campaign has been codenamed SERPENTINE#CLOUD by Securonix.
It leverages “the Cloudflare Tunnel infrastructure and Python-based loaders to deliver memory-injected payloads through a chain of shortcut files and obfuscated

from The Hacker News https://ift.tt/TVfwenI
via IFTTT

Cloud | Sec | Labs

Securing our World

The Hacker News