Storm-0501 Exploits Entra ID to Exfiltrate and Delete Azure Data in Hybrid Cloud Attacks
The financially motivated threat actor known as Storm-0501 has been observed refining its tactics to conduct data exfiltration and extortion…
Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data
A widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to steal OAuth and refresh tokens…
New Data Theft Campaign Targets Salesforce via Salesloft App
Salesforce customers have again been targeted in a “widespread data theft campaign,” this time via compromised OAuth tokens…
Is the Cyber Resilience Act the Biggest Thing to Hit Compliance Since GDPR?
There’s a lot of noise around compliance. New regulations seem to pop up every year, each promising to fix the ever-growing list of…
Online PDF Editors Safe to Use? Detailed Analysis of Security Risks Associated With It
Online PDF editors have become common tools for quick document manipulation, providing convenient alternatives to desktop software. However,…
Securing the AI Revolution: Introducing Cloudflare MCP Server Portals
2025-08-26 6 min read Securing the AI Revolution: Introducing Cloudflare MCP Server Portals Large Language Models (LLMs) are rapidly evolving…
Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads
Cybersecurity researchers have flagged a new phishing campaign that’s using fake voicemails and purchase orders to deliver a malware…
CVE-2025-52882: WebSocket authentication bypass in Claude Code extensions
A critical vulnerability in Claude Code for Visual Studio Code (VS Code) and other IDE extensions allowed malicious websites to connect to…
August 2025 Patch Tuesday: One Publicly Disclosed Zero-Day and 13 Critical Vulnerabilities Among 107 CVEs
Microsoft has addressed 107 vulnerabilities in its August 2025 security update release. This month’s patches include fixes for one…
Week in review: Covertly connected and insecure Android VPN apps, Apple fixes exploited zero-day
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Android VPN apps used by…
Attackers Abuse Virtual Private Servers to Compromise SaaS Accounts
Threat actors are abusing virtual private servers (VPS) to compromise software-as-a-service (SaaS) accounts, according to an investigation by…
Vegas, Vulnerabilities, and Voices: Black Hat and Squadcon 2025
The week of August 4th, I had the opportunity to attend two exciting conferences in the cybersecurity world: Black Hat USA 2025 and Squadcon…
U.K. Government Drops Apple Encryption Backdoor Order After U.S. Civil Liberties Pushback
The U.K. government has apparently abandoned its plans to force Apple to weaken encryption protections and include a backdoor that would have…
Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware
Cybersecurity researchers have lifted the lid on the threat actors’ exploitation of a now-patched security flaw in Microsoft Windows to…
Microsoft to Make All Products Quantum Safe by 2033
Microsoft has announced plans to implement quantum-safe solutions in its products and services from 2029, with the tech giant aiming for a…
Oregon Man Charged in Rapper Bot DDoS-for-Hire Case
A 22-year-old Oregon man has been charged with administering the Rapper Bot DDoS-for-hire botnet, which was allegedly used to launch…
Enumerating AWS the quiet way: CloudTrail-free discovery with Resource Explorer
As security researchers, we strive to ideate, identify, and document new methods of attacking cloud services and resources. We build…
Datadog threat roundup: Top insights for Q2 2025
As a leading provider in observability and cloud security, Datadog has unique insight into threat actor behavior that targets cloud…
Backdoors & Breaches gameplay guide
At DASH 2025, we released a Datadog expansion pack of Backdoors & Breaches, a popular incident response card game by Black Hills…
Datadog guide to Hacker Summer Camp 2025
Every year in early August, conferences in Las Vegas, Nevada, serve as a gathering of security professionals in a single place. This time of…
Beyond Mimo’lette: Tracking Mimo's Expansion to Magento CMS and Docker
Executive summary Through investigations into a string of workload compromises involving ecommerce sites, the Datadog Security Research team…
I SPy: Escalating to Entra ID's Global Admin with a first-party app
This research was presented at fwd:cloudsec North America on June 30th, 2025. You can find the talk here. Key points Service principals (SPs)…
Kubernetes security fundamentals: PKI
In the previous post in this series, we looked at how Kubernetes network security is implemented. For this post, we’ll explore a topic…
Tales from the cloud trenches: The Attacker doth persist too much, methinks
As a result of a recent threat hunt, we observed attacker activity originating from a leaked long-term AWS access key (AKIA*). Within a…
Datadog threat roundup: Top insights for Q1 2025
As a leading provider in observability and cloud security, Datadog has unique insight into threat actor behavior that targets cloud…