#cloud-security
24 stories taggedcloud-security.
Bash Shell Tricks From the '90s Are Breaking AI Coding Agents Wide Open
Old-school shell injection techniques can bypass safeguards in most open-source AI coding agents — and a poisoned repo is all it takes to start the chain.
Compliance Theatre Has a Reckoning Coming. FedRAMP 20x Is the Opening Act.
Most SOC 2 and ISO 27001 reports audit a curated version of history, not operational reality. A federal cloud-security overhaul is forcing the question nobody wanted to answer: does passing audits actually mean anything?
AI-SPM Is Now a Real Category. Here's Why Your Organization Probably Needs It.
More than half of enterprise AI agents run without security oversight or logging. A maturing class of AI security posture management tools exists to fix that — if you know what to look for.
Dify AI Platform Carried Multi-Tenant Flaws Exposing Private Chats and Internal APIs
Cross-tenant data leakage vulnerabilities in Dify's cloud service let attackers read other users' conversations, preview documents, and probe internal API endpoints.
AWS Continuum Wants to Close the Gap Between AI-Generated Code and AI-Fixed Vulnerabilities
Amazon's new agentic security service promises continuous discovery, triage, and remediation. In practice, it's a bet that the same AI acceleration creating your backlog can also drain it.
ShinyHunters Doesn't Need Malware. That's the Point.
The group's latest breaches are a reminder that stolen credentials and patience beat zero-days most days of the week.
Briefing: Apple Fixes Beats Bug, GCP Config Connector Flaw Enables Account Takeover, Velvet Ant's Decade in the Shadows
A Bluetooth eavesdropping patch, a quietly dangerous GCP misconfiguration vulnerability, and a threat actor that spent ten years undetected — here's what you may have missed.
The SOC Triangle Was Always a Lie We Accepted. AI Is Changing the Math.
Security operations have run on a structural compromise for decades — quality, consistency, or cost: pick two. That constraint is finally starting to bend.
SearchLeak Shows How a Single Crafted URL Can Drain Your M365 Tenant
Varonis researchers chained three weaknesses in Copilot Enterprise Search into a full data-exfiltration path. Microsoft patched it. The attack class isn't going anywhere.
Splunk Enterprise RCE Flaw Under Active Exploitation, CISA Gives Feds 72 Hours
CVE-2026-20253 allows unauthenticated remote code execution in Splunk Enterprise. Attackers didn't wait long.
Bucket Squatting in Vertex AI SDK Opened Cross-Tenant RCE Window
A staging-bucket naming flaw in two versions of Google's Vertex AI Python SDK let attackers pre-register a victim's expected bucket and swap in a malicious pickle model before the platform could retrieve the original.
The Exposures Defenders Will Be Cleaning Up in 2026
From memory-leak bugs like MongoBleed to forgotten admin panels, the attack surface keeps growing faster than patch cycles.
Oracle's June 2026 CPU: 245 Patches Across Communications, EBS, and Enterprise Manager
Oracle's second monthly Critical Patch Update ships a significant fix load. If you're running EBS or Enterprise Manager in AWS or on-prem, your change window just got scheduled for you.
TrustCloud Wants to Kill the Security Questionnaire. Here's the Pitch.
Continuous analysis of security, infrastructure, and governance data sounds compelling. Whether it replaces the questionnaire grind depends on what 'real-time' actually means at the data layer.
Poisoned Documents Can Freeze AI Agent Guardrails Dead in Their Tracks
Researchers found that a single malicious input can trap reasoning-based safety systems in extended thinking loops, slowing LangGraph deployments by 148x and starving co-located agents of resources.