OWASP Top 10: cloud security risks
Operational guide to the OWASP Top 10 applied to corporate cloud environments: where people fail in production, early signals, real examples, and concrete actions to reduce exposure without slowing teams down.
Can AI attack Cloud environments? Real scenarios, signals, and actionable defenses
Yes: AI can accelerate and scale attacks in Cloud, not “hack magically”. The real risk lies in automating reconnaissance, exploiting misconfigured identities, and abusing control planes, with autonomous loops that iterate until they achieve access or impact.
Cloud credential harvesting: how it happens, how to detect it, and how to break the chain before impact
Cloud credential harvesting is not “just phishing”: it combines large-scale collection of credentials, tokens, and API keys with IAM abuse and automation to move fast inside cloud accounts. This article lands operational signals, frequent scenarios, and practical controls that reduce the blast radius in corporate environments.
Identity and tokens dominate cloud compromises: the weak point is non-human identities
The most repeated pattern in cloud incidents is no longer “exploiting a vulnerability”, but “using valid credentials”. The focus shifts to non-human identities (APIs, automation and SaaS integrations) and how tokens are issued, stored and reused in real operations.
Starkiller: phishing intercepting sessions in real time
Starkiller is a phishing service that acts as a proxy between the user and the real login, capturing credentials, cookies, and session tokens in the moment. This article explains how real-time interception works, what signals it leaves in a company, and how to run practical defenses without falling into cosmetic measures.
BloodHound expands capabilities to Okta and GitHub: mapping identity attack paths outside Microsoft
BloodHound Enterprise expands its reach beyond Microsoft to map identity attack paths that traverse Okta and GitHub. In companies where identity is the new perimeter, this expansion makes it possible to see (and prioritize) real chaining between SSO, repositories, and privileges.
The false sense of security in serverless architectures
Serverless removes servers to manage, it does not remove risk. We debunk common myths and get practical: excessive permissions, exposed endpoints, event injection, vulnerable dependencies, and poorly managed secrets in AWS Lambda, Azure Functions, and GCP Cloud Functions, as well as how attackers pivot from a compromised function and which quick wins to apply in production.
How to detect identity abuse before it’s too late
Identity abuse almost never starts with “root compromised”: it starts with valid credentials used out of context. This article walks through actionable signals (anomalous tokens, pattern changes, unusual API calls, unexpected geolocation) and how to instrument logs in AWS/Azure/GCP to detect it before the impact is irreversible.
Cloud architectures that seem secure… until you review the logs
Many cloud architectures pass design audits and “look secure” in diagrams. The problem appears when you have to reconstruct an incident and the logs don’t exist, don’t cover what’s critical, or aren’t trustworthy. This article walks through what usually fails in CloudTrail/Activity Logs, how it gets detected too late, and what to validate in practice to avoid a false sense of control.
Postmortem: a cloud account compromised by forgotten credentials
A realistic postmortem on how a cloud account ended up compromised by old keys associated with service accounts: what went wrong, why the signals arrived late, how the incident was contained, and what controls prevent it from happening again.