🚨 CRITICAL: CVE-2025-65037 in Azure Container Apps enables unauthenticated remote code injection (CVSS 10). No patch yet — restrict access, monitor for attacks, update IR plans. Full advisory: https://radar.offseq.com/threat/cve-2025-65037-cwe-94-improper-control-of-generati-ddd87b56 #OffSeq #Azure #CloudSec #Vulnerability

🚩 CoPhish phishing campaign (HIGH severity) targets Copilot Studio agents to steal OAuth tokens — enabling session hijack & cloud access. No CVE. User training, OAuth app reviews, and token monitoring are key. Details: https://radar.offseq.com/threat/new-cophish-attack-steals-oauth-tokens-via-copilot-266ec823 #OffSeq #OAuth #Phishing #CloudSec

⚠️ HIGH-severity operational risk: the remediation gap in multi-tool cloud environments delays fixing critical vulnerabilities. Solutions like Pentera Resolve automate and unify workflows, reducing exposure and ensuring compliance. More info: https://radar.offseq.com/threat/bridging-the-remediation-gap-introducing-pentera-r-0c2edfa6 #OffSeq #VulnMgmt #CloudSec

Dear fantastic BSides community.

So here it is, the #BSidesLuxembourg2026 date announcement!!

We’re expanding into a 3-day event! It will be very exciting, we hope you all agree !?

May 6th will be exclusively for workshops.
May 7-8th will be for various talk tracks, tracks to be determined at a later stage but might include:

1 #Offsec
2. #CloudSec
3. #SOC
4. Etc

Do you have a track idea? Shoot it at us!

#bsides
Feel free to boost, fam.

Tickets booked for #fwdcloudseceurope - hope to meet some new and old faces there!

#CloudSec #Fwdcloudsec

🎥 Missed one of my past conference talks? Let’s fix that.

I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.

“Cloud Native Security; Explained”
📽️ https://twp.ai/4ipSVP

#CyberSecurity #SecurityAwareness #cloudsec #cloud #cloudnative

🎥 Missed one of my past conference talks? Let’s fix that.

I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.

“Cloud Native Security; Explained”
📽️ https://twp.ai/4iosID

#CyberSecurity #SecurityAwareness #cloudsec #cloud #cloudnative

🚨 CRITICAL vuln (CVE-2025-49831) in CyberArk Conjur OSS <1.22.1 & Secrets Manager, Self-Hosted (<13.5.1, 13.6): Improper auth enables rerouting of AWS creds via misconfigured networks. Upgrade immediately! https://radar.offseq.com/threat/cve-2025-49831-cwe-287-improper-authentication-in--6d5b7789 #OffSeq #CyberArk #Vuln #CloudSec

🎥 Missed one of my past conference talks? Let’s fix that.

I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.

“Cloud Native Security; Explained”
📽️ https://twp.ai/4in9re

#CyberSecurity #SecurityAwareness #cloudsec #cloud #cloudnative

@fwdcloudsec Europe is offering need-based scholarships for students in the infosec field or those looking to transition. The scholarship covers a complimentary ticket and a stipend for travel costs.

🗓️ Apply by 13th July 2025 at 23:59 CET (UTC+1).

Priority is given to those living within a 4-hour flight to Berlin.

For more info, visit: https://fwdcloudsec.org/conference/europe/

#CloudSec #Infosec #Scholarship #CyberSecurity #Berlin #TechConference #StudentOpportunities #europe #cybersecurity

🔐 Gamma AI is now being used to craft pixel-perfect phishing pages.
These attacks mimic cloud login portals, flip JavaScript behavior, and bypass email filters.

📉 We break it all down in our latest article:
— Real misuse cases
— MITRE TTP matrix
— Python detection script
— Visual trust infographic

📖 Read it here: https://open.substack.com/pub/teamivity/p/weaponized-intelligence-how-gamma?r=3cbcvp&utm_medium=ios

#CyberSecurity #GammaAI #LLMSecurity #CloudSec #Phishing #Infosec

Hot take, If you develop for cloud environments you need to get used to a default deny on egress and only allow dependencies to be pulled during the build phase. You should know exactly what is talking to where and why. allow all on egress is the equivalent to I chmod 777'd it and it works so whatever...

#cloudsecurity #CloudSec #HotTake #Infosec

Neida, bloggen var ikke død! Vi har skrevet en rapport om bruk av skyen for kritisk OT - se sammendrag her: https://infosec.sintef.no/informasjonssikkerhet/2025/03/skybasert-ot-i-kritisk-infrastruktur-sikkerhetsutfordringer-og-muligheter/ (og link til hele rapporten) #cloudsec #cybersec #OT

In the Cloud, #FinOps is #CloudSec

Fight me.

🚀 Container Security in 2025: 7 Must-Know Best Practices!

🐳 As a #Docker Captain, I break down supply chain attacks, misconfigurations & more—with live demos of Docker Scout & Snyk!

https://youtu.be/EoeoCTZAGuU?si=TUalNcTTuYhZzaOB

#DevSecOps #ContainerSecurity #Kubernetes #CloudSec #Snyk

It's been a minute since I've posted anything relevant.

Back in August, we made a recommendation to our leadership to realign our teams so we could better support our internal customers. As a result, on Jan 1st I picked up two more engineers on my team and took over our Cloud Security operations. We're still doing a lot of traditional AppSec work from an advisory and/or training perspective, but now we get to play in the Cloud space.

Its been a wild ride, gutting and building out a whole new program. Hopefully by end of the fiscal year, we'll have a solid new program built to scale with all processes at least partially automated.

#appsec #cloudsec

"An open-source collection of cloud infrastructure best practices, for bootstrapping your own cloud platform."

https://www.cloudguardrails.com/

#security #cybersecurity #cloud #cloudsec

"Highlights from fwd:cloudsec Europe 2024"

https://securitylabs.datadoghq.com/articles/highlights-from-fwdcloudsec-europe-2024/

#security #cloudsec

Yet another #cloud breach.

https://www.darkreading.com/cloud-security/fortinet-customer-data-breach-third-party

#cloudsecurity #cloudsec
#azure #microsoft #fortinet

"Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources"

https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/

#aws #security #cloudsec #infosec