This page collects WhisperX intelligence signals tagged #cloud-security. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security vulnerability has been flagged on an Adobe Experience Manager (AEM) Cloud staging environment, exposing a potential entry point for attackers. The issue centers on the publish-p138954-e320524-cmstg.adobeaemcloud.com site, which is running an outdated and vulnerable version of the `biz.aQute.bnd` (bn...
A critical security vulnerability in the widely-used Axios HTTP client library has been patched, exposing a dangerous attack chain that could allow attackers to escalate a common flaw into full system compromise. The vulnerability, tracked as CVE-2026-40175, centers on a specific "Gadget" attack vector. This flaw enabl...
A high-severity Server-Side Request Forgery vulnerability in the `fetchPageTitle` server action exposes cloud infrastructure to credential theft and internal network reconnaissance. The endpoint, located in `app/actions.ts` (lines 94–129), accepts arbitrary URLs from authenticated users and fetches them server-side wit...
Cybersecurity researchers have uncovered a sophisticated credential theft framework targeting exposed cloud infrastructure, distinguishing itself by aggressively removing artifacts linked to a prior threat actor known as TeamPCP. The tool, dubbed PCPJack, employs a worm-like propagation mechanism to move laterally acro...
Security researchers have identified a new credential-stealing worm framework, designated PCPJack, which demonstrates an unusual dual-function capability: removing rival malware infections while simultaneously harvesting sensitive authentication data from cloud infrastructure. The malicious framework specifically targ...
A defense-in-depth update has identified five IPv6 transition and reserved prefixes that can bypass traditional SSRF protections, including NAT64-wrapped routes to internal metadata services. The blocked ranges include 6to4, Teredo tunneling, NAT64 well-known and local-use prefixes, and a discard-only sinkhole prefix—e...