Cloud security, container security, network security
Kubernetes has become a popular choice for enterprise software development, attracting increased attacks from cybercriminals using sophisticated exploits. Newly created Kubernetes clusters can be targeted by malicious scans within minutes, with attackers employing automated methods to find and exploit vulnerabilities.
Truffle Security discovered nearly 3,000 exposed Google Cloud API keys with the prefix 'AIza' embedded in client-side code that can authenticate to sensitive Gemini endpoints. These exposed keys could be abused to access private data and authenticate to Google AI services.
A critical vulnerability in Juniper Networks PTX series routers running Junos OS Evolved could allow an unauthenticated attacker to execute code with root privileges. The vulnerability, which lies in the On-Box Anomaly detection framework, affects versions earlier than 25.4R1-S1-EVO and 25.4R2-EVO, but not the standard Junos OS.
Juniper Networks has released an out-of-band security update for Junos OS Evolved to address a remote code execution vulnerability, CVE-2026-21902, affecting PTX routers. This vulnerability requires immediate patching to prevent potential exploitation.
A critical vulnerability in Juniper Networks' Junos OS Evolved, affecting PTX Series routers, enables unauthenticated remote code execution with root privileges. The flaw poses a significant risk, potentially allowing attackers to gain complete control of affected routers.
Microsoft is expanding the ability for enterprise users to restore their personal settings and Microsoft Store apps from a previous Windows 11 device. This feature aims to streamline the transition process when upgrading or replacing devices, ensuring a consistent user experience.
Zyxel has released patches to address a critical vulnerability affecting the UPnP function in multiple device models. Successful exploitation of this flaw could lead to remote code execution.
CISA has released an alert regarding an authentication bypass vulnerability (CVE-2026-1241) in Pelco, Inc. Sarix Pro 3 Series IP Cameras. Successful exploitation could allow attackers to gain unauthorized access to sensitive device data and bypass surveillance controls.
Multiple vulnerabilities have been identified in EV2GO ev2go.io charging stations, potentially allowing attackers to impersonate stations, hijack sessions, cause denial of service, and manipulate backend data. The most severe vulnerability, CVE-2026-24731, involves a lack of authentication for WebSocket endpoints.
CISA has released an alert regarding multiple vulnerabilities affecting EV Energy's ev.energy charging stations. Successful exploitation of these vulnerabilities could allow attackers to gain unauthorized administrative control or disrupt charging services through denial-of-service attacks.
Chargemap chargemap.com is affected by multiple vulnerabilities, including missing authentication, improper restriction of authentication attempts, insufficient session expiration, and insufficiently protected credentials. Successful exploitation could lead to unauthorized administrative control over charging stations or denial-of-service attacks.
CISA has released an alert regarding multiple vulnerabilities affecting Mobility46 charging stations. Successful exploitation of these vulnerabilities could allow attackers to gain unauthorized administrative control or disrupt charging services through denial-of-service attacks.
CISA has issued an alert regarding vulnerabilities in SWITCH EV swtchenergy.com charging stations. Successful exploitation could allow attackers to impersonate charging stations, hijack sessions, cause denial of service, and manipulate backend data; multiple CVEs are associated with the affected versions.
CISA has released an alert regarding multiple vulnerabilities in CloudCharge cloudcharge.se charging stations. Successful exploitation of these vulnerabilities could allow attackers to impersonate charging stations, hijack sessions, cause denial of service, and manipulate data sent to the backend.
CISA has released an alert regarding multiple vulnerabilities in Johnson Controls, Inc. Frick Controls Quantum HD versions <=10.22. Successful exploitation of these vulnerabilities could lead to pre-authentication remote code execution, information leaks, or denial of service.
CISA has released an alert regarding multiple vulnerabilities in Copeland XWEB and XWEB Pro versions 1.12.1 and prior. Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, cause a denial-of-service condition, cause memory corruption, and execute arbitrary code.
The article discusses the CLAIR model, a conceptual framework for mapping critical infrastructure interdependencies. This framework aims to help understand and manage the complex relationships between different critical infrastructure sectors, improving resilience and security.
Zyxel has released security updates to patch a critical remote code execution (RCE) vulnerability impacting numerous router models. Unauthenticated attackers could exploit this flaw to execute arbitrary commands on vulnerable, unpatched devices, potentially gaining full control.
ICS/OT experts have created a new scoring system, akin to the Richter scale, for gauging the magnitude and impact of cyber incidents within operational technology (OT) environments. This system aims to provide a standardized method for assessing the severity and consequences of such events.
VMware has released patches for high- and medium-risk vulnerabilities affecting Aria Operations, Cloud Foundation, Telco Cloud Platform, and Telco Cloud Infrastructure products. The most serious flaw, CVE-2026-22719, allows unauthenticated attackers to execute arbitrary commands, while CVE-2026-22720 allows authenticated users to elevate privileges via stored XSS.
Broadcom has released patches for multiple vulnerabilities in VMware Aria Operations, including some classified as high severity. One of the patched flaws could potentially allow for remote code execution.
CISA released an advisory regarding vulnerabilities in InSAT MasterSCADA BUK-TS, specifically related to SQL Injection and OS Command Injection. Successful exploitation of these vulnerabilities may allow remote code execution.
Multiple vulnerabilities in the Gardyn Home Kit, including the mobile application and Cloud API, could allow unauthenticated users to access and control edge devices, access cloud-based devices and user information, and pivot to other edge devices. The vulnerabilities include cleartext transmission of sensitive information, use of default credentials, OS command injection, and use of hard-coded credentials.
Schneider Electric has identified vulnerabilities in EcoStruxure Building Operation Workstation and WebStation that could lead to exposure of local files or denial of service, potentially resulting in data breaches and operational disruptions. The affected versions include specific releases of both Workstation and WebStation, and the vulnerabilities stem from improper restriction of XML external entity reference and improper control of code generation.
The article discusses the increasing importance of OT (Operational Technology) security in industrial production due to digitalization and interconnectedness, highlighting the vulnerability of production data, SCADA systems, and networked machines to cyberattacks. It explores the cost-effectiveness of open-source OT security tools as an alternative to expensive commercial solutions, emphasizing their lower costs, flexibility, and active community support.
The article discusses how attackers are bypassing traditional authentication methods by stealing tokens and compromising devices, effectively reusing existing trust relationships. It highlights the importance of continuous device verification in a Zero Trust architecture to mitigate these risks, emphasizing that identity alone is insufficient for security.
The increasing deployment of internal services and APIs to support Large Language Models (LLMs) is expanding the attack surface and introducing new security risks. The risks stem more from the infrastructure supporting the model rather than the models themselves, highlighting the importance of securing these endpoints.
Sophos has released Workspace Protection, a solution designed to enable secure access for contractors and guests. This product falls under the Products & Services category.
A critical vulnerability, CVE-2026-2329, has been discovered in Grandstream phones. The vulnerability allows unauthenticated remote code execution with root privileges, potentially exposing calls to interception.
NIST has developed a single photon chip that could make Quantum Key Distribution (QKD) more accessible to a broader range of companies. This advancement may lead to increased adoption of quantum-resistant encryption methods.
A Bleeping Computer article discusses the challenges of the "shift left" approach to security, noting that increased pressure on developers can lead to security being overlooked. A Qualys analysis of container images found that 7.3% were malicious, highlighting the need for default security measures at the infrastructure level.
A startup founder attempted to move away from AWS and build their infrastructure using only European providers to achieve data sovereignty. The founder discovered that while cloud costs may be lower, the time and effort required to manage a less mature ecosystem are significantly higher.
The rise of chiplet designs, which are scaled-down circuits with limited functions used in AI systems and autonomous vehicles, presents new cybersecurity challenges. The flexibility of these designs requires novel security approaches to protect critical infrastructure.
Abu Dhabi Finance Week suffered a data exposure incident where VIP passport details were left unprotected in the cloud. This incident raises concerns about data security as Abu Dhabi attempts to attract investors and become a global financial center.
A vulnerability exists in Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller that could lead to over- or under-odorization events. The affected product lacks proper authentication, allowing remote influence of the underlying PLC. Welker has not responded to attempts at coordination; users are encouraged to contact Welker and keep their systems updated.
A vulnerability exists in Valmet DNA Engineering Web Tools that could allow an unauthenticated attacker to manipulate the web maintenance services URL to achieve arbitrary file read access. The affected versions are Valmet DNA Engineering Web Tools <= C2022 (CVE-2025-15577). Valmet has released a fix and recommends users contact their customer service for assistance.
CISA has released an alert regarding vulnerabilities in EnOcean SmartServer IoT versions up to 4.60.009. Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code and bypass ASLR.
CISA released an alert regarding multiple vulnerabilities affecting Jinan USR IOT Technology Limited (PUSR) USR-W610 devices (versions <=3.1.1.0). Successful exploitation could lead to disabled authentication, denial-of-service, or credential theft, including administrator credentials.
The article discusses how AI is accelerating the exploitation of misconfigurations and security vulnerabilities in cloud environments. Previously considered minor operational risks to be addressed later, these issues are now being discovered and exploited much faster due to AI-powered tools.
Deutsche Bahn, the German rail company, was targeted by a large-scale DDoS attack. The attack disrupted information and booking systems for several hours.
Recorded Future reports on the evolving cloud threat landscape for 2025, highlighting increased exploitation of misconfigurations, abuse of native services, and pivoting through hybrid environments. Attack patterns are evolving across exploitation, ransomware, credential abuse, and targeting of AI services.
A critical vulnerability exists in Honeywell CCTV products allowing unauthorized access to feeds or account hijacking. CISA has issued a warning about this flaw, which impacts multiple Honeywell CCTV models.
Deutsche Bahn, the German national rail company, experienced a disruption to its online services, including bookings and timetables, due to a DDoS attack. The attack lasted for nearly 24 hours, impacting customers' ability to book train trips.
This article discusses how integrating real-time threat intelligence into DevOps pipelines can enhance security and enable threat-aware DevOps. It emphasizes embedding threat feeds into code scanning, build pipelines, and deployment gates to proactively detect and mitigate risks such as malicious dependencies and compromised images. The session aims to provide actionable strategies for securing the software supply chain and automating threat detection within DevOps.
This BrightTALK InfoSec article discusses how platform engineering can help organizations scale security governance and address challenges arising from the rapid adoption of cloud-native technologies. It emphasizes embedding security into developer workflows, consolidating tools, adopting policy-as-code, and automating compliance to maintain robust security without hindering development velocity. The session will also cover strategies for securing AI agents in modern platforms.
The article discusses the challenges organizations face in successfully implementing AI and automation initiatives, noting that a large percentage of AI proofs-of-concept fail to reach production. It emphasizes that investing in tools alone is insufficient, and a more comprehensive approach is needed to realize the full potential of intelligent workflows. The article implies that intelligent workflow programs can help security, IT, and engineering teams.
The article discusses the challenges faced by modern SOC teams in investigating cloud breaches due to the ephemeral nature of cloud infrastructure and data. It highlights the need for AI and contextual awareness to accelerate investigation processes and effectively respond to rapidly evolving cloud attacks.
Microsoft Teams experienced an outage affecting users in the United States and Europe. The outage caused delays and prevented some users from accessing the service while Microsoft works to resolve the issue.
SecurityWeek highlights the continued challenges of securing Industrial Control Systems (ICS) in 2026 due to nation-state actors, ransomware groups, and outdated infrastructure. The article stresses the importance of resilience, visibility, and modern security strategies in defending critical operations.
Honeywell CCTV products are affected by a vulnerability (CVE-2026-1670) due to missing authentication for critical functions. Successful exploitation could lead to account takeovers and unauthorized access to camera feeds by changing the recovery email address.
