Week in review: Covertly connected and insecure Android VPN apps, Apple fixes exploited zero-day
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Android VPN apps used by…
Attackers Abuse Virtual Private Servers to Compromise SaaS Accounts
Threat actors are abusing virtual private servers (VPS) to compromise software-as-a-service (SaaS) accounts, according to an investigation by…
Vegas, Vulnerabilities, and Voices: Black Hat and Squadcon 2025
The week of August 4th, I had the opportunity to attend two exciting conferences in the cybersecurity world: Black Hat USA 2025 and Squadcon…
U.K. Government Drops Apple Encryption Backdoor Order After U.S. Civil Liberties Pushback
The U.K. government has apparently abandoned its plans to force Apple to weaken encryption protections and include a backdoor that would have…
Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware
Cybersecurity researchers have lifted the lid on the threat actors’ exploitation of a now-patched security flaw in Microsoft Windows to…
Microsoft to Make All Products Quantum Safe by 2033
Microsoft has announced plans to implement quantum-safe solutions in its products and services from 2029, with the tech giant aiming for a…
Oregon Man Charged in Rapper Bot DDoS-for-Hire Case
A 22-year-old Oregon man has been charged with administering the Rapper Bot DDoS-for-hire botnet, which was allegedly used to launch…
Enumerating AWS the quiet way: CloudTrail-free discovery with Resource Explorer
As security researchers, we strive to ideate, identify, and document new methods of attacking cloud services and resources. We build…
Datadog threat roundup: Top insights for Q2 2025
As a leading provider in observability and cloud security, Datadog has unique insight into threat actor behavior that targets cloud…
Backdoors & Breaches gameplay guide
At DASH 2025, we released a Datadog expansion pack of Backdoors & Breaches, a popular incident response card game by Black Hills…
Datadog guide to Hacker Summer Camp 2025
Every year in early August, conferences in Las Vegas, Nevada, serve as a gathering of security professionals in a single place. This time of…
Beyond Mimo’lette: Tracking Mimo's Expansion to Magento CMS and Docker
Executive summary Through investigations into a string of workload compromises involving ecommerce sites, the Datadog Security Research team…
I SPy: Escalating to Entra ID's Global Admin with a first-party app
This research was presented at fwd:cloudsec North America on June 30th, 2025. You can find the talk here. Key points Service principals (SPs)…
Kubernetes security fundamentals: PKI
In the previous post in this series, we looked at how Kubernetes network security is implemented. For this post, we’ll explore a topic…
Tales from the cloud trenches: The Attacker doth persist too much, methinks
As a result of a recent threat hunt, we observed attacker activity originating from a leaked long-term AWS access key (AKIA*). Within a…
Datadog threat roundup: Top insights for Q1 2025
As a leading provider in observability and cloud security, Datadog has unique insight into threat actor behavior that targets cloud…