#amazon

Hackers are sending fake invoice emails with malicious Office files that install the XWorm RAT on Windows systems, allowing full remote access and data theft. Learn how the shellcode and process injection are used to steal data, and how to stay safe from this persistent threat.

Flo Health and Google agreed to pay $56 million to settle lawsuits alleging the period-tracking app shared sensitive health data for ads.

### Impact A vulnerability has been identified within Rancher Manager whereby `Impersonate-Extra-*` headers are being sent to an external entity, for example `amazonaws.com`, via the `/meta/proxy` Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses. If the authentication provider is configured to have email or other sensitive and/or identifiable information as part of the username and principal ID then when a new cloud credential is being created in Rancher Manager this information is sent to an external entity such as `amazonaws.com`, in case of an AWS cloud credentials, in `Impersonate-Extra-Username` and/or `Impersonate-Extra-Principalid` headers. Please note that neither password, password hashes or Rancher’s related authentication tokens are leaked in those requests. The entities to which such information is sent to are limited by the whitelisted domains specified in `nodedrivers.management.cattle.io` objects. For example...

California-based Archer Health exposed 23GB of patient records, including SSNs, IDs, and medical files, after an unprotected database was found online.

Darktrace researchers have uncovered ShadowV2, a new botnet that operates as a DDoS-for-hire service by infecting misconfigured Docker containers on AWS cloud servers.

Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web Services (AWS) Instance Metadata Service (IMDS). The vulnerability in question is CVE-2025-51591 (CVSS score: 6.5), which refers to a case of Server-Side Request Forgery (SSRF) that allows attackers to

Cybersecurity researchers have disclosed details of a new botnet that customers can rent access to conduct distributed denial-of-service (DDoS) attacks against targets of interest. The ShadowV2 botnet, according to Darktrace, predominantly targets misconfigured Docker containers on Amazon Web Services (AWS) cloud servers to deploy a Go-based malware that turns infected systems into attack nodes

Not long ago, the mere idea that cryptocurrencies could ever be integrated into mainstream finance would have seemed…

We hear this a lot: “We’ve got hundreds of service accounts and AI agents running in the background. We didn’t create most of them. We don’t know who owns them. How are we supposed to secure them?” Every enterprise today runs on more than users. Behind the scenes, thousands of non-human identities, from service accounts to API tokens to AI agents, access systems, move data, and execute tasks

A critical token validation failure in Microsoft Entra ID (previously Azure Active Directory) could have allowed attackers to impersonate any user, including Global Administrators, across any tenant. The vulnerability, tracked as CVE-2025-55241, has been assigned the maximum CVSS score of 10.0. It has been described by Microsoft as a privilege escalation flaw in Azure Entra. There is no