153 matches found
CVE-2026-53228 vulnerabilities
Vulnerabilities for packages: linux-vmware, linux-aws, linux-azure, linux-gcp, linux-qemu...
GHSA-WFX4-V2WF-4GMP vulnerabilities
Vulnerabilities for packages: linux-vmware, linux-aws, linux-azure, linux-gcp, linux-qemu...
GHSA-PW9R-H2M6-6VVG vulnerabilities
Vulnerabilities for packages: linux-vmware, linux-aws, linux-azure, linux-gcp, linux-qemu...
CVE-2026-53216 vulnerabilities
Vulnerabilities for packages: linux-vmware, linux-aws, linux-azure, linux-gcp, linux-qemu...
GHSA-JPVF-6235-4RH8 vulnerabilities
Vulnerabilities for packages: linux-vmware, linux-aws, linux-azure, linux-gcp, linux-qemu...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...
How Storm-2949 turned a compromised identity into a cloud-wide breach
In this article 1. Attack chain overview 1. Cloud compromise: Microsoft Entra ID and Microsoft 365 2. Initial access and persistence through targeted social engineering and SSPR abuse 3. Directory discovery and persistence 4. Microsoft 365 discovery and exfiltration 5. Cloud compromise: Microsoft...
CVE-2026-43109 vulnerabilities
Vulnerabilities for packages: linux-vmware, linux-aws, linux-azure, linux-gcp, linux-qemu...
GHSA-H53C-6597-VMFW vulnerabilities
Vulnerabilities for packages: linux-vmware, linux-aws, linux-azure, linux-gcp, linux-qemu...
GHSA-R5QW-5M8Q-6774 vulnerabilities
Vulnerabilities for packages: linux-vmware, linux-aws, linux-azure, linux-gcp, linux-qemu...
CVE-2026-33117
The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted encrypted input may...
Defending consumer web properties against modern DDoS attacks
If you own, create, or maintain online services and web portals, you’re probably aware of the dramatic upswing in DDoS attacks on your domains. AI has democratized tooling not just for us but for threat actors as well. DDoS in this era has extended from simple bandwidth saturation to sophisticate...
CVE-2026-35428
Improper neutralization of special elements used in a command 'command injection' in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network...
EUVD-2026-28453
Improper neutralization of special elements used in a command 'command injection' in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-35428
Improper neutralization of special elements used in a command 'command injection' in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-35428 Azure Cloud Shell Spoofing Vulnerability
...
CVE-2026-35428
Improper neutralization of special elements used in a command 'command injection' in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-35428
CVE-2026-35428 affects Azure Cloud Shell and is described as improper neutralization of special elements used in a command (command injection) that allows an unauthorized attacker to perform spoofing over a network. The available references consistently attribute the issue to command injection wi...
CVE-2026-35428 Azure Cloud Shell Spoofing Vulnerability
...
Azure Cloud Shell Spoofing Vulnerability
Improper neutralization of special elements used in a command 'command injection' in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network...