A recent investigation by security researchers has exposed critical vulnerabilities in the default IAM roles of several Amazon Web Services (AWS) offerings, including SageMaker, Glue, and EMR, as well as open-source projects like Ray. These roles, often automatically created or recommended during service setup, come with overly permissive policies such as AmazonS3FullAccess. This broad access, […]
The post AWS Defaults Open Stealthy Attack Paths Enabling Privilege Escalation and Account Compromise appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Skyhigh Security announced the expansion of its Skyhigh AI offering to include additional data protection solutions for Copilot for Microsoft 365 and ChatGPT Enterprise. This development follows the company’s earlier introduction of Skyhigh AI, an advanced suite of AI-powered capabilities designed to mitigate risks associated with AI applications while enhancing security operations, and expansion of data protection capabilities to secure Microsoft Copilot. While the capabilities of AI applications like Microsoft Copilot and ChatGPT are revolutionizing … More →
The post Skyhigh Security adds data protection solutions for Microsoft Copilot and ChatGPT Enterprise appeared first on Help Net Security.
A leading U.S.-based cybersecurity firm, sophisticated cyber-espionage campaigns attributed to Chinese state-sponsored actors have come to light. Tracked as the PurpleHaze activity cluster, these adversaries have targeted SentinelOne’s infrastructure alongside high-value organizations associated with its business ecosystem. Uncovering the PurpleHaze Threat Cluster SentinelLabs, the research arm of SentinelOne, identified this threat during a 2024 intrusion […]
The post China-Linked Hackers Targeting Organizational Infrastructure and High-Value Clients appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
A high-severity vulnerability (CVE-2025-30194) in PowerDNS DNSdist, a widely used DNS load balancer and security tool, enables remote attackers to trigger denial-of-service (DoS) conditions by exploiting flaws in its DNS-over-HTTPS (DoH) implementation. The vulnerability, disclosed in PowerDNS Security Advisory, affects DNSdist versions 1.9.0 through 1.9.8 when configured to use the nghttp2 library for DoH processing. […]
The post PowerDNS DNSdist Vulnerability Let Attackers Cause Denial of Service Condition appeared first on Cyber Security News.
Cybercriminals have discovered a new attack vector utilizing the legitimate file-sharing service GetShared to distribute malware and conduct phishing campaigns. This emerging threat allows attackers to circumvent traditional email security measures by exploiting the trusted status of notifications from recognized platforms. The technique represents an evolution in threat actors’ methodologies as they continue to adapt […]
The post Hackers Leveraging GetShared to Deploy Malware Bypassing Defenses appeared first on Cyber Security News.