Microsoft finds default Kubernetes Helm charts can expose data

Microsoft warns about the security risks posed by default configurations in Kubernetes deployments, particularly those using out-of-the-box Helm charts, which could publicly expose sensitive data. In many cases, those Helm charts required no authentication, left exploitable ports open, and used weak or hardcoded passwords that were trivial to break. A report published by security researchers […]

WhatsApp unveils ‘Private Processing’ for cloud-based AI features

WhatsApp has announced the introduction of ‘Private Processing,’ a new technology that enables users to utilize advanced AI features by offloading tasks to privacy-preserving cloud servers. This is required to utilize AI functionalities such as message summarization and writing suggestions on WhatsApp, which are too demanding for on-device hardware. The new feature will be entirely opt-in […]

ASUS warns of critical auth bypass flaw in routers using AiCloud

ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device. The vulnerability, tracked under CVE-2025-2492 and rated critical (CVSS v4 score: 9.2), is remotely exploitable via a specially crafted request and requires no authentication, making it particularly dangerous. […]

Cloudflare R2 service outage caused by password rotation error

Cloudflare announced that its R2 object storage and dependent services experienced an outage lasting 1 hour and 7 minutes, causing 100% write and 35% read failures globally. Cloudflare R2 is a scalable, S3-compatible object storage service with free data retrieval, multi-region replication, and tight Cloudflare integration. The incident, which lasted between 21:38 UTC and 22:45 […]

Silk Typhoon hackers now target IT supply chains to breach networks

Microsoft warns that Chinese cyber-espionage threat group ‘Silk Typhoon’ has shifted its tactics, now targeting remote management tools and cloud services in supply chain attacks that give them access to downstream customers. The tech giant has confirmed breaches across multiple industries, including government, IT services, healthcare, defense, education, NGOs, and energy. “They [Silk Typhoon] exploit […]

Hackers exploit critical Aviatrix Controller RCE flaw in attacks

Threat actors are exploiting a critical remote command execution vulnerability, tracked as CVE-2024-50603, in Aviatrix Controller instances to install backdoors and crypto miners. The Aviatrix Controller, part of the Aviatrix Cloud Networking Platform, enhances networking, security, and operational visibility for multi-cloud environments. It is used by enterprises, DevOps teams, network engineers, cloud architects, and managed […]

AWS, Azure auth keys found in Android and iOS apps used by millions

Multiple popular mobile applications for iOS and Android come with hardcoded, unencrypted credentials for cloud services like Amazon Web Services (AWS) and Microsoft Azure Blob Storage, exposing user data and source code to security breaches. Exposing this type of credentials can easily lead to unauthorized access to storage buckets and databases with sensitive user data. Apart from […]