Serverless Phishing Kit on GitHub Targets Mexican Banks
GitBait phishing kit abuses GitHub Pages and the SheetBest API to steal Mexican banking credentials
Serverless security covers risks in cloud functions, including excessive permissions, exposed APIs, insecure dependencies, and event-driven abuse.
Search across headline titles and summaries.
Background for this topic.
Serverless is a cloud execution model in which a provider runs and scales application code—typically short-lived, event-triggered functions—while the customer manages the code, configuration, and data rather than allocating servers. “Serverless” does not mean that servers are absent; it means their operation is abstracted from the application team.
Security responsibility therefore concentrates on application and cloud configuration. Material risks include overly broad identity permissions, publicly reachable function or API triggers, exposed secrets, vulnerable dependencies, and unsafe handling of event data. Functions should use least-privilege roles, authenticated and authorized triggers, protected secret stores, dependency scanning, and infrastructure-as-code review. Short lifetimes and distributed execution can also complicate logging and investigation, so teams need centralized, tamper-resistant logs that connect invocations to identities, requests, and downstream services. Provider controls still cover parts of the underlying infrastructure, but they do not secure insecure code, permissions, data flows, or deployment pipelines.
Weekly headline count for the current query.
GitBait phishing kit abuses GitHub Pages and the SheetBest API to steal Mexican banking credentials
The security landscape for cloud-native applications is undergoing a profound transformation. Containers, Kubernetes, and serverless technologies are now the default for modern enterprises, accelerating delivery but also expanding the attack surface in ways traditional security models can’t keep up with
Cloudflare's 'pages.dev' and 'workers.dev' domains, used for deploying web pages and facilitating serverless computing, are being increasingly abused by cybercriminals for phishing and other malicious activities. [...]
Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around two key components: log monitoring and static analysis of code or system configuration. But here is
A Latin America (LATAM)-based financially motivated actor codenamed FLUXROOT has been observed leveraging Google Cloud serverless projects to orchestrate credential phishing activity, highlighting the abuse of the cloud computing model for malicious purposes
Acquiring Baselime Will Give Developers Better Visibility Into Serverless PlatformsCloudflare purchased an observability startup founded by an aerospace dynamics expert to enhance the developer experience on serverless platforms. Baselime will allow developers to optimize performance, investigate bugs and regressions, and identify when a release needs to be rolled back.
Discover the power of serverless architecture design patterns for scalable and efficient application development. Explore EDA, pub-sub, fan-out/fan-in, strangler, and saga patterns. Learn how to select, implement, and optimize them for your needs.
Simulation uncovers hidden features and urges greater user awareness
Simulation uncovers hidden features and urges greater user awareness
Experts believe that the development of serverless technologies will further simplify the creation of botnets for DDoS attacks. Here's how Gcore can counter these threats. [...]
Learn how Lambda and IAM unlock the power and versatility of the cloud by implementing a serverless User API that can be expanded on as you grow and explore the many services on AWS.
Cloud security is constantly evolving and consistently different than defending on-premises assets. Denonia, a recently discovered serverless cryptominer drives home the point.
Security researchers have discovered the first malware specifically developed to target Amazon Web Services (AWS) Lambda cloud environments with cryptominers. [...]
A first-of-its-kind malware targeting Amazon Web Services' (AWS) Lambda serverless computing platform has been discovered in the wild
From serverless to server, yes! Cado Security says it has discovered a strain of malware specifically designed to run in AWS Lambda serverless environments and mine cryptocurrency.…
Discover how to easily enhance security of your container-based AWS serverless API to protect against known and unknown vulnerabilities.
ThreatMapper 1.3.0 features secret scanning and the ability to enumerate a software bill of materials (SBOM) at runtime to help secure serverless, Kubernetes, container and multi-cloud environments.
Is your app server serving more stress than function? Explore this walkthrough for configuring and deploying a serverless API and discover the vast benefits of letting cloud services manage your infrastructure.
Cloud workload protection delivers on the promise of zero trust for virtual machines, containers, and serverless architectures across the application life cycle.