Public GitLab repositories exposed more than 17,000 secrets
After scanning all 5.6 million public repositories on GitLab Cloud, a security engineer discovered more than 17,000 exposed secrets across over 2,800 unique domains. [...]
Stay updated with the latest trends and security protocols in cloud computing. Navigate the evolving landscape of Cloud Information Security with us.
Search across headline titles and summaries.
Background for this topic.
Cloud computing involves delivering computing services—such as storage, processing, and networking—over the internet using remote data centers. This model enables organizations to scale resources dynamically without owning physical infrastructure. In security terms, the cloud environment is defined by multi-tenant infrastructure where multiple customers share hardware and software resources managed by a cloud provider.
Key security concerns include controlling access through strong identity and access management (IAM), protecting data with encryption both at rest and in transit, and managing vulnerabilities in shared infrastructure components. The cloud’s shared responsibility model requires customers to secure their applications and data while providers secure the underlying platform. Misconfigurations, weak access controls, and insufficient monitoring can expose cloud assets to unauthorized access or data leakage, making precise configuration and continuous security assessment essential.
After scanning all 5.6 million public repositories on GitLab Cloud, a security engineer discovered more than 17,000 exposed secrets across over 2,800 unique domains. [...]
Project cites fears of state access as cloud sovereignty row deepens French cloud outfit OVHcloud took another hit this week after GrapheneOS, a mobile operating system, said it was ditching the company's servers over concerns about France's approach to digital privacy.…
Google Cloud and Palo Alto Networks on Scaling AI With Unified ProtectionAs organizations build AI-enabled applications across complex cloud ecosystems, many face challenges in securing those deployments. A platform-based approach can help protect the full life cycle of AI, from data ingestion to model runtime, while reducing fragmentation and complexity.
Shai-hulud 2.0 campaign features a sophisticated variant capable of stealing credentials and secrets from major cloud platforms and developer services, while automating the backdooring of NPM packages maintained by victims. Its advanced tactics enable rapid, stealthy propagation across the software supply chain, putting countless downstream users at risk.
Talcott Financial Group's Dalavi on Oracle to Azure Migration and AI InnovationTalcott Financial Group's move from a dual-cloud setup to a unified Azure environment is reshaping performance, efficiency and AI readiness, says Sudhakar Dalavi, head of software engineering. He explains how data unification and continuous learning drive the next phase of innovation.
State-linked hackers stayed under the radar by using a variety of commercial cloud services for command-and-control communications.
Israeli Startup Plans to Integrate AI Agent Guardrails Into Cloud PlatformSweet Security secured $75 million in Series B funding to integrate AI security into its CNAPP platform. With runtime protection as its differentiator, the startup plans to address growing CISO concerns over shadow AI and attack vectors involving intelligent agents.
The exploitation of CVE-2025-61757 follows a breach of Oracle Cloud earlier this year as well as a recent extortion campaign targeting Oracle E-Business Suite customers.
Fluent Bit has 15B+ deployments … and 5 newly assigned CVEs A series of "trivial-to-exploit" vulnerabilities in Fluent Bit, an open source log collection tool that runs in every major cloud and AI lab, was left open for years, giving attackers an exploit chain to completely disrupt cloud services and alter data.…
Cybersecurity researchers have discovered five vulnerabilities in Fluent Bit, an open-source and lightweight telemetry agent, that could be chained to compromise and take over cloud infrastructures
Hybrid work exposes the limits of SCCM and WSUS, with remote devices often missing updates and WSUS now deprecated. Action1's cloud-native patching keeps devices updated from any location, strengthening compliance and security. [...]