A misconfigured server tied to the carding marketplace Jerry’s Store exposed 345,000 stolen credit cards after an #AI coding error.

Read: https://hackread.com/misconfigured-server-hackers-leak-stolen-credit-cards/

#CyberSecurity #CyberCrime #DataLeak #Misconfiguration #JerrysStore

Misconfiguration Exposes Azure AI Agent to Unauthorized Access

A single misconfiguration in Microsoft's Azure SRE Agent turned a troubleshooting tool into a live wiretap, potentially allowing outsiders to intercept sensitive conversations, commands, and credentials from other companies in real time. This alarming security flaw may have left organizations vulnerable to unauthorized access,…

https://osintsights.com/misconfiguration-exposes-azure-ai-agent-to-unauthorized-access?utm_source=mastodon&utm_medium=social

#CloudSecurity #Azure #Misconfiguration #UnauthorizedAccess #EmergingThreats

McGraw Hill Data Leak Exposes 13.5M Records After Salesforce Misconfiguration

McGraw Hill, a leading publisher of educational materials, recently suffered a significant data leak, exposing a staggering 13.5 million records due to a misconfigured Salesforce-hosted page. This alarming breach highlights the importance of robust data security measures, even for companies with a traditional focus like textbook…

https://osintsights.com/mcgraw-hill-data-leak-exposes-135m-records-after-salesforce-misconfiguration?utm_source=mastodon&utm_medium=social

#DataLeak #McgrawHill #Salesforce #Misconfiguration #Education

⚙️ Technical Spotlight: New Session at BSides Luxembourg 2026

☁️💥 𝗖𝗟𝗢𝗨𝗗 𝗠𝗜𝗦𝗖𝗢𝗡𝗙𝗜𝗚𝗨𝗥𝗔𝗧𝗜𝗢𝗡𝗦: 𝗣𝗢𝗞𝗘 𝗣𝗢𝗞𝗘, 𝗕𝗥𝗘𝗔𝗖𝗛 – Kat Fitzgerald ( @rnbwkat ) 🔐☁️

Cloud breaches aren’t going away—they’re evolving.

Forget the classic “public bucket” mistakes. In 2026, real-world breaches are driven by over-privileged identities, risky SaaS integrations, forgotten environments, and insecure defaults in AI and Kubernetes. These aren’t obvious missteps—they’re systemic risks hiding in plain sight.

This talk breaks down the modern hierarchy of cloud misconfigurations based on recent breach data, then shifts the focus from reacting to preventing. Using Policy as Code (PaC), security becomes proactive—blocking risky deployments before they ever reach production.

You’ll also explore the Toxic Trilogy: assets that are publicly exposed, highly privileged, and critically vulnerable. When these overlap, breaches aren’t just possible—they’re predictable.

Kat Fitzgerald ( @rnbwkat )is a Chicago-based cybersecurity professional with a passion for cloud security, OSS, and creative defensive strategies. Known for blending technical depth with a unique personality (and a certain opinionated flamingo), Kat brings real-world insights into modern cloud risks and how to stop them before they start.

📱 Want to easily navigate all talks, villages, and stages?
Check out the official schedule on Hacker Tracker:
https://hackertracker.app/schedule?conf=BSIDESLUX2026

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/

#BSidesLuxembourg2026 #CloudSecurity #Misconfiguration #Kubernetes #PolicyAsCode #DevSecOps #CyberSecurity

Hello cyber pros! It's been a week of critical reminders about cloud security, diligent patching, and the evolving nature of warfare. Let's dive into the latest:

Salesforce Cloud Misconfigurations Under Attack ⚠️
- Threat actors are actively exploiting "overly permissive" guest user configurations in Salesforce Experience Cloud to steal sensitive data.
- This isn't a Salesforce platform vulnerability, but rather a customer misconfiguration. Attackers are using modified Aura Inspector tools to scan and extract data from public-facing sites.
- Actionable advice: audit guest user profiles, set company-wide defaults to "private", disable public APIs, restrict visibility, disable self-registration if not needed, and regularly review event monitoring logs.

👁️ Dark Reading | https://www.darkreading.com/application-security/overly-permissive-salesforce-cloud-configs-crosshairs

Microsoft's March Patch Tuesday 🛡️
- Microsoft released patches for 83 CVEs this month, with six identified as "more likely to exploit" and eight critical severity.
- A notable critical RCE (CVE-2027-21536, CVSS 9.8) in the Microsoft Devices Pricing Program was already patched and mitigated, uniquely identified by an AI agent.
- Two publicly known (zero-day) flaws, CVE-2026-26127 (.NET DoS) and CVE-2026-21262 (SQL Server EoP), are considered low threat despite public disclosure.
- Key EoP vulnerabilities include three in the Windows kernel (CVE-2026-24289, CVE-2026-26132, CVE-2026-24287) and others in SMB Server (CVE-2026-24294) and Microsoft Graphics Component (CVE-2026-23668), all with higher exploit likelihood.
- Two RCEs in Microsoft Office (CVE-2026-26113, CVE-2026-26110, CVSS 8.4) can be exploited via the Preview Pane without opening malicious files. Mitigate by disabling Preview Pane and restricting untrusted Office files.

👁️ Dark Reading | https://www.darkreading.com/application-security/microsoft-patches-83-cves-march-update

Cloud Resilience in Modern Warfare ☁️
- Recent Middle East conflicts saw physical attacks, including drone strikes, on AWS facilities in the UAE and Bahrain, causing significant structural damage and service disruptions.
- This highlights a critical shift: hyper-scale cloud data centres are now "Tier 1 strategic targets" in modern warfare, as militaries and governments increasingly rely on cloud infrastructure.
- Traditional cloud resilience strategies, designed for natural disasters, are insufficient against kinetic attacks that can permanently destroy hardware or sever physical connectivity.
- Organisations must rethink disaster recovery and data governance, especially for real-time, low-latency workloads. The concept of "Allied Data Sovereignty" may emerge, advocating for data backups in allied nations to ensure survival during crises.

👁️ Dark Reading | https://www.darkreading.com/cyber-risk/middle-east-conflict-highlights-cloud-resilience-gaps

#CyberSecurity #ThreatIntelligence #CloudSecurity #Salesforce #Misconfiguration #PatchTuesday #Microsoft #Vulnerabilities #RCE #EoP #CyberWarfare #CloudResilience #InfoSec

Lukasz Olejnik (@lukOlejnik)

OpenClaw 사용자가 브라우저를 인터넷(0.0.0.0)에 노출해 설정이 공개된 ATM처럼 동작, 신용카드가 지속 청구돼 한도 거의 초과된 사고 발생. 기본값 또는 잘못된 구성에서 OpenClaw 서비스가 모든 인터페이스에서 리스닝해 외부 접근 및 요금 피해에 취약하다는 보안 경고성 내용입니다.

https://x.com/lukOlejnik/status/2031673770448941252

#openclaw #security #devtools #misconfiguration

Cloudflare misconfiguration behind recent BGP route leak
https://www.bleepingcomputer.com/news/security/cloudflare-misconfiguration-behind-recent-bgp-route-leak/

#Infosec #Security #Cybersecurity #CeptBiro #Cloudflare #Misconfiguration #BGProuteLeak

📰 EY Leaks 4TB+ SQL Database Packed with Corporate Secrets via Cloud Misconfiguration

CRITICAL LEAK: Consulting giant EY exposed a 4TB+ unencrypted SQL database to the public internet. 😳 The backup file, found by researchers, contained API keys, passwords & other corporate secrets. #DataBreach #CloudSecurity #Misconfiguration

🔗 https://cyber.netsecops.io/articles/consulting-giant-ey-exposes-4tb-sql-database-to-internet/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

📰 Massive 70TB Data Leak at Tata Motors from Exposed AWS Keys

🚗 Massive 70TB data leak at Tata Motors! Exposed AWS keys on an e-commerce site led to the breach of customer PII, financial records & more. A stark reminder to secure cloud credentials. #DataBreach #AWS #CloudSecurity #Misconfiguration

🔗 https://cyber.netsecops.io/articles/tata-motors-exposes-70tb-of-data-via-misconfigured-aws-keys/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

Cuba: 63,564 AIS Remittances Clients' information was exposed on an unsecured server.

What did the unsecured server expose?

Customer affidavits, IDs, and debit cards.

The affidavits contained:

This affidavit contained client information, such as: name, mobile phone number, telephone number, email address, address, country, province, city, town, postal code, date of birth, country of birth, passport number, country of issue, and expiration date.

You may also notice that there was a section called "Beneficiaries," which included the beneficiary's name, their ID number, and the reason for the transfer, which in all cases was "family support."

I tried to notify the company, but their aisremesascuba email address was unavailable. I notified CIMEX S.A., and within a few days, access was blocked.

Those affected (Customers) by this breach may be at risk of scams because the server has been exposed since March 2025.

https://www.security-chu.com/2025/10/AIS-Remesas-Cuba-%20expone-145GB-en-servidor-sin-seguridad.html

#Cuba #cybersecurity #databreach #misconfiguration