How Storm-2949 turned a compromised identity into a cloud-wide breach

In this article 1. Attack chain overview 1. Cloud compromise: Microsoft Entra ID and Microsoft 365 2. Initial access and persistence through targeted social engineering and SSPR abuse 3. Directory discovery and persistence 4. Microsoft 365 discovery and exfiltration 5. Cloud compromise: Microsoft...

Exposed AWS Credentials Lead to AI-Assisted Cloud Breach in 8 Minutes

Researchers recently tracked a high-speed cloud attack where an intruder gained full admin access in just eight minutes. Discover how AI automation and a simple storage error led to a major security breach...

Microsoft Patch Tuesday, August 2025 Edition

Microsoft today released updates to fix more than 100 security flaws in its Windows operating systems and other software. At least 13 of the bugs received Microsoft's most-dire "critical" rating, meaning they could be abused by malware or malcontents to gain remote access to a Windows system with...

Oracle Hit with Lawsuit Over Alleged Cloud Breach Affecting Millions

Oracle faces a class action lawsuit filed in Texas over a cloud data breach exposing sensitive data of 6M+ users; plaintiff alleges negligence and delays...

Attackers Exploit Public .env Files to Breach Cloud Accounts in Extortion Campaign

A large-scale extortion campaign has compromised various organizations by taking advantage of publicly accessible environment variable files .env that contain credentials associated with cloud and social media applications. "Multiple security missteps were present in the course of this campaign,...

Cloud Breach: Compromising AWS IAM Credentials

The post Cloud Breach: Compromising AWS IAM Credentials appeared first on Rhino Security Labs...