A critical vulnerability discovered in Microsoft's Entra ID (formerly Azure AD) allowed for cross-tenant access and potential global admin privilege escalation. The flaw was found in the legacy Azu...
Wed, Sep 17th, 2025
A remote prompt injection vulnerability in GitLab Duo allowed attackers to steal source code from private projects, manipulate code suggestions, and exfiltrate confidential information. The attack ...
Thu, May 22nd, 2025
AWS's Account Assessment for AWS Organizations tool, designed to audit cross-account access, inadvertently introduced privilege escalation risks due to flawed deployment instructions. Customers wer...
Mon, May 19th, 2025
Security advisories were issued for FreeRTOS and coreSNTP releases containing unintended scripts that could potentially transmit AWS credentials if executed on Linux/macOS. Affected releases have b...
Sat, May 10th, 2025
A critical vulnerability in AZNFS-mount utility, preinstalled on Azure HPC/AI images, allowed unprivileged users to escalate privileges to root on Linux machines. The flaw existed in versions up to...
Tue, May 6th, 2025
Research uncovered security flaws in default AWS service roles, granting overly broad permissions like full S3 access. This allows privilege escalation, cross-service access, and potential account ...
Tue, Apr 29th, 2025