Hello cyber pros! It's been a week of critical reminders about cloud security, diligent patching, and the evolving nature of warfare. Let's dive into the latest:

Salesforce Cloud Misconfigurations Under Attack ⚠️
- Threat actors are actively exploiting "overly permissive" guest user configurations in Salesforce Experience Cloud to steal sensitive data.
- This isn't a Salesforce platform vulnerability, but rather a customer misconfiguration. Attackers are using modified Aura Inspector tools to scan and extract data from public-facing sites.
- Actionable advice: audit guest user profiles, set company-wide defaults to "private", disable public APIs, restrict visibility, disable self-registration if not needed, and regularly review event monitoring logs.

👁️ Dark Reading | https://www.darkreading.com/application-security/overly-permissive-salesforce-cloud-configs-crosshairs

Microsoft's March Patch Tuesday 🛡️
- Microsoft released patches for 83 CVEs this month, with six identified as "more likely to exploit" and eight critical severity.
- A notable critical RCE (CVE-2027-21536, CVSS 9.8) in the Microsoft Devices Pricing Program was already patched and mitigated, uniquely identified by an AI agent.
- Two publicly known (zero-day) flaws, CVE-2026-26127 (.NET DoS) and CVE-2026-21262 (SQL Server EoP), are considered low threat despite public disclosure.
- Key EoP vulnerabilities include three in the Windows kernel (CVE-2026-24289, CVE-2026-26132, CVE-2026-24287) and others in SMB Server (CVE-2026-24294) and Microsoft Graphics Component (CVE-2026-23668), all with higher exploit likelihood.
- Two RCEs in Microsoft Office (CVE-2026-26113, CVE-2026-26110, CVSS 8.4) can be exploited via the Preview Pane without opening malicious files. Mitigate by disabling Preview Pane and restricting untrusted Office files.

👁️ Dark Reading | https://www.darkreading.com/application-security/microsoft-patches-83-cves-march-update

Cloud Resilience in Modern Warfare ☁️
- Recent Middle East conflicts saw physical attacks, including drone strikes, on AWS facilities in the UAE and Bahrain, causing significant structural damage and service disruptions.
- This highlights a critical shift: hyper-scale cloud data centres are now "Tier 1 strategic targets" in modern warfare, as militaries and governments increasingly rely on cloud infrastructure.
- Traditional cloud resilience strategies, designed for natural disasters, are insufficient against kinetic attacks that can permanently destroy hardware or sever physical connectivity.
- Organisations must rethink disaster recovery and data governance, especially for real-time, low-latency workloads. The concept of "Allied Data Sovereignty" may emerge, advocating for data backups in allied nations to ensure survival during crises.

👁️ Dark Reading | https://www.darkreading.com/cyber-risk/middle-east-conflict-highlights-cloud-resilience-gaps

#CyberSecurity #ThreatIntelligence #CloudSecurity #Salesforce #Misconfiguration #PatchTuesday #Microsoft #Vulnerabilities #RCE #EoP #CyberWarfare #CloudResilience #InfoSec

Middle East tensions are exposing gaps in cloud resilience - geopolitics now tests digital infrastructure. Availability is a strategic asset. 🌍☁️ #CloudResilience #GeopoliticalRisk

https://www.darkreading.com/cyber-risk/middle-east-conflict-highlights-cloud-resilience-gaps

Downtime costs money—and reputation. Whether caused by natural disasters, hardware failures, or cyberattacks, outages can cripple operations.

Business continuity is no longer optional — it is a core requirement for any organization operating in the cloud. Service outages, cyber incidents, and regional failures are not a question of if, but when. #asr #AzureSiteRecovery #BCDR #CloudResilience

https://azuretracks.com/?p=2934

AISuru botnet sets a new record with a 314 Tbps DDoS attack — sheer scale is becoming the weapon. Defending availability now means planning for the unimaginable. 🌊⚡️ #DDoS #CloudResilience

https://www.bleepingcomputer.com/news/security/aisuru-botnet-sets-new-record-with-314-tbps-ddos-attack/

Building Infrastructure Resilience on AWS: Lessons from Real-World Outages

https://www.infoq.com/news/2025/12/infrastructure-resilience-aws/

#AWS
#CloudResilience
#InfrastructureReliability
#SiteReliabilityEngineering
#DistributedSystems
#SoftwareArchitecture