CyberAlerts

🏴‍☠️ Akira has just published a new victim : Arbour Volkswagen

Description: Throughout the year your Arbour Volkswagen in Laval offers you a large choice of special offers, impressive rebates and unbeatable promotions. We are ready to upload more than 4 GB of documents such as: confi dential agreements containing clients personal information, detai led financial data (audits, payment details, reports, invoices), employee and partners information, etc.

Source: Ransomware.live

June 26th, 2025 (about 5 hours ago)

🏴‍☠️ Akira has just published a new victim : Studio Verna SocietàProfessionale

Description: Studio Verna Società Professionale offers integrated economic, ta x and legal advice to businesses and third sector entities, with a highly personalized approach to the needs of the client and the sector in which it operates. We are ready to upload more than 7 GB of documents such as: finan cial data (audits, payment details, reports, invoices), client fi nancial data, agreements, project information, employee informati on, etc.

Source: Ransomware.live

June 26th, 2025 (about 5 hours ago)

🏴‍☠️ Akira has just published a new victim : MultiStone

Description: MultiStone is the Low Country's leader in fabrication and install ation of Natural and Engineered stone countertops. We are ready to upload more than 8 GB of documents such as: emplo yee documents, financial data, lots of projects, confidentiality agreements, etc.

Source: Ransomware.live

June 26th, 2025 (about 5 hours ago)

The Toxic Cloud Trilogy: Why Your Workloads Are a Ticking Time Bomb

Description: Don’t let hidden cloud risks become tomorrow’s headline breach. The time to dismantle the toxic cloud trilogy is now. Here’s how Tenable Cloud Security can help.In today’s cloud environments, individual misconfigurations or vulnerabilities are dangerous — but it’s their combinations that can lead to catastrophic breaches. The Tenable Cloud Security Risk Report 2025 reveals that nearly 29% of organizations still have at least one toxic cloud trilogy. While this is a reduction from last year, it’s still alarming. These high-risk clusters occur when a single cloud workload is:Publicly exposed to the internetCritically vulnerable due to unpatched CVEsOver-permissioned, with identity and access management (IAM) roles that allow lateral movement or privilege escalationThis trifecta has the potential to open up a highly exploitable attack path in the cloud.Breaking down the toxic cloud trilogyLet’s walk through a real-world example:An attacker scans public IP ranges and finds an Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instance running a web server (public exposure)They detect an unpatched remote code execution (RCE) vulnerability in that server (critical vulnerability).Upon exploitation, they gain access to an IAM role with iam:PassRole, ec2:RunInstances, or even *:* (excessive permission).The result? Full environment compromise — which could enable actions including sensitive data exfiltration or infrastructure takeover.This is not a rare edge case. Tenable’s resea...

Source: Tenable Blog

June 26th, 2025 (about 5 hours ago)

Taming Agentic AI Risks Requires Securing Non-Human Identities

Description: As the definition of machine identities broadens, AI agents working on behalf of the user and gaining access to various services blurs the lines of non-human identities even more.

Source: Dark Reading