IaC Inventory: A Unified View Across Code, Deployments, and Cloud

As AI applications introduce a new class of infrastructure resources, visibility into what your IaC creates, where it runs, and whether it has drifted has never been more critical...

The agentic SOC—Rethinking SecOps for the next decade

Every major shift in cyberattacker behavior over the past decade has followed a meaningful shift in how defenders operate. When security operation centers SOCs deployed endpoint detection and response EDR—and later extended detection and response XDR—security teams raised the bar, pushing...

Server-side Request Forgery (SSRF)

Overview crewai-tools is a Set of tools for the crewAI framework Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the RAG search tools not properly validating user-supplied URLs at runtime. An attacker can access internal or cloud resources by supplying...

CVE-2025-61121

Mobile Scanner Android App version 2.12.38 package name com.glority.everlens, developed by Glority Global Group Ltd., contains a credential leakage vulnerability. Improper handling of cloud service credentials may allow attackers to obtain them and carry out unauthorized actions, such as sensitiv...

CVE-2025-61120

AG Life Logger Android App version v1.0.2.72 and before package name com.donki.healthy, developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic may allow attackers to misuse cloud resources, and predictable verification codes make brute-force...

PT-2025-44430

Name of the Vulnerable Software and Affected Versions AG Life Logger versions prior to v1.0.2.72 Description The AG Life Logger Android App has issues with access control. Exposed credentials in network traffic could allow misuse of cloud resources. Predictable verification codes enable potential...

Glority Limited Mobile Scanner Android App 安全漏洞

Glority Limited Mobile Scanner Android App is a mobile scanning application from Glority. A security vulnerability exists in Glority Limited Mobile Scanner Android App version 2.12.38, which stems from improper handling of cloud service credentials and could lead to disclosure of sensitive...

CVE-2025-61121

CVE-2025-61121 affects Mobile Scanner Android App v2.12.38 (package com.glority.everlens) by Glority Global Group Ltd. The connected sources describe a credential leakage vulnerability caused by improper handling of cloud service credentials. Exploitation could lead to disclosure of sensitive inf...

CVE-2025-61120

AG Life Logger Android App version v1.0.2.72 and before package name com.donki.healthy, developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic may allow attackers to misuse cloud resources, and predictable verification codes make brute-force...

CVE-2025-61120

AG Life Logger Android App (v1.0.2.72 and earlier; package com.donki.healthy) by IO FIT, K.K. has an improper access control vulnerability. Traffic contains credentials exposed in transit, which may allow misuse of cloud resources. Additionally, a predictable verification code mechanism enables b...

EUVD-2016-0013

Malware in sbrugna...

CVE-2025-55306

GenXFX is an advance IA trading platform that will focus on forex trading. A vulnerability was identified in the GenX FX backend where API keys and authentication tokens may be exposed if environment variables are misconfigured. Unauthorized users could gain access to cloud resources Google Cloud...

PT-2025-33843 · Microsoft +2 · Github +3

Name of the Vulnerable Software and Affected Versions: GenX FX affected versions not specified Description: GenX FX is an IA trading platform focused on forex trading. A flaw in the backend may expose API keys and authentication tokens if environment variables are misconfigured. This could allow...

Hazy Hawk Attack Spotted Targeting Abandoned Cloud Assets Since 2023

Infoblox reveals Hazy Hawk, a new threat exploiting abandoned cloud resources S3, Azure and DNS gaps since Dec…...

Microsoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data Leaks

Microsoft has warned that using pre-made templates, such as out-of-the-box Helm charts, during Kubernetes deployments could open the door to misconfigurations and leak valuable data. "While these 'plug-and-play' options greatly simplify the setup process, they often prioritize ease of use over...

Linux Distros Unpatched Vulnerability : CVE-2015-7546

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The identity service in OpenStack Identity Keystone before 2015.1.3 Kilo and 8.0.x before 8.0.2 Liberty and keystonemiddleware formerly python-keystoneclient...

CVE-2024-45461 Apache CloudStack Quota plugin: Access checks not enforced in Quota

The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administrative CloudStack user accounts are able to acce...

Azure Service Tags Vulnerability: Microsoft Warns of Potential Abuse by Hackers

Microsoft is warning about the potential abuse of Azure Service Tags by malicious actors to forge requests from a trusted service and get around firewall rules, thereby allowing them to gain unauthorized access to cloud resources. "This case does highlight an inherent risk in using service tags a...

New Silver SAML Attack Evades Golden SAML Defenses in Identity Systems

Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have been applied against Golden SAML attacks. Silver SAML "enables the exploitation of SAML to launch attacks from an identity provider like Entra ID against...

Microsoft named a Leader in 2023 Gartner® Magic Quadrant™ for Access Management for the 7th year​​

Protecting identity from compromise is top of mind for security professionals as identity attacks continue to intensify. Earlier this year we reported that we had observed a nearly three-fold increase in password attacks per second in the last two years, from 579 in 2021 to 4,000 in 2023.1 Identi...