An open project to list all known cloud vulnerabilities and CSP security issues
GCP administrators face challenges in managing HMAC keys within their organizations, lacking visibility into which user accounts have generated these keys and whether they are actively being used...
Mon, Jun 17th, 2024
A Microsoft employee accidentally published credentials via a git commit to a public repository. These credentials granted privileged access to an internal Azure Container Registry (ACR) used by Az...
Thu, May 16th, 2024
Multiple vulnerabilities were uncovered in Azure Health Bot service, Microsoft's health chatbot platform. These could have potentially exposed sensitive user data and granted attackers extensive co...
Tue, May 7th, 2024
A vulnerability in Microsoft Graph allowed attackers to conduct password-spray attacks without detection. The issue involved switching the 'common' authentication endpoint with that of an unrelated...
Mon, Apr 29th, 2024
The AWS Amplify service was found to be misconfiguring IAM roles associated with Amplify projects. This misconfiguration caused these roles to be assumable by any other AWS account. Both the Ampl...
Mon, Apr 15th, 2024
A principal with the permissions glue:GetConnection and ec2:DescribeSubnets can retrieve the database password of a connection, since the password is loaded into the AWS console website when a conn...
Thu, Apr 11th, 2024