CVE-2026-22039:Kyverno授权绕过漏洞深度剖析
注:本文翻译自 minimus 的文章《CVE-2026-22039: Kyverno Authorization Bypass - Minimus》[1],可点击文末“阅读原文”按钮查看英文原文。
阅读全文Azure DevOps代理通信劫持:从RCE到云权限提升
注:本文翻译自 Critical Thinking - Diyan Apostolov 的文章《Azure DevOps Agent Interception》[1],可点击文末“阅读原文”按钮查看
阅读全文CVSS 10.0!Rancher漏洞致K3s集群面临容器逃逸风险
注:本文翻译自 ORCA Security 的文章《Path Traversal in Rancher Local Path Provisioner Enables Host Filesystem
阅读全文GCP Apigee跨租户读写漏洞剖析
注:本文翻译自 Omer Amiad[1] 的文章《GatewayToHeaven: Finding a Cross-Tenant Vulnerability in GCP's Apigee》[2]
阅读全文蠕虫式云攻击:揭秘TeamPCP新兴云原生勒索组织
注:本文翻译自 Flare - Assaf Morag 的文章《Threat Alert: TeamPCP, An Emerging Force in the Cloud Native and Ra
阅读全文Docker AI助手漏洞:一个标签即可导致RCE与数据窃取
注:本文翻译自 NOMA Security 的文章《DockerDash: Two Attack Paths, One AI Supply Chain Crisis》[1],可点击文末“阅读原文”按
阅读全文深入剖析GCP Looker漏洞:从RCE到跨租户数据泄露
注:本文翻译自Tenable的文章《LookOut: Discovering RCE and Internal Access on Looker (Google Cloud & On-Prem)》[
阅读全文AI辅助入侵AWS:8分钟获取管理员权限
注:本文翻译自Sysdig的文章《AI-assisted cloud intrusion achieves admin access in 8 minutes》[1],可点击文末“阅读原文”按钮查看
阅读全文CI/CD安全案例:从PR评论到RCE、AWS管理员密钥泄露
注:本文翻译自 Kudelski Security - Nils Amiet 的文章《How We Exploited Qodo: From a PR Comment to RCE and an A
阅读全文ConsentFix授权码钓鱼攻击解析:从检测到缓解的实战策略
注:本文翻译自 NVISO Lab - Stamatis Chatzimangou[1] 的文章《ConsentFix (a.k.a. AuthCodeFix): Detecting OAuth2
阅读全文CNCF推荐的K8s学习指南
注:本文翻译自 CNCF - Nick Haven, Fairwinds 的文章《Top 28 Kubernetes resources for 2026: Learn and stay up-to
阅读全文绕过SES沙箱:通过AWS WorkMail发起钓鱼攻击的新手法
注:本文翻译自 Rapid7 的文章《Threat Actors Using AWS WorkMail in Phishing Campaigns》[1],可点击文末“阅读原文”按钮查看英文原文。全
阅读全文仓库抢注:Docker Desktop官方仓库成恶意软件分发渠道
注:本文翻译自 GMO Cybersecurity 的文章《Revisiting GPUGate: Repo Squatting and OpenCL Deception to Deliver Hi
阅读全文K8s RCE 0-day漏洞剖析:仅需nodes/proxy GET权限即可接管集群
注:本文翻译自GRAHAM HELTON[1]的文章《Kubernetes Remote Code Execution Via Nodes/Proxy GET Permission》[2],可点击文
阅读全文Pwn2Own:VMware Workstation虚拟机逃逸技术剖析
注:本文翻译自 Synacktiv 的文章《On the clock: Escaping VMware Workstation at Pwn2Own Berlin 2025》[1],可点击文末“阅读
阅读全文由静到动:云孪生如何升级云检测与响应体系
注:本文翻译自 Software Analyst Cyber Research - Aqsa Taylor[1] 的文章《Case Study: Closing the State Gap in C
阅读全文Azure私有端点DoS风险:DNS配置不当引发的服务中断
注:本文翻译自 Unit42 的文章《DNS OverDoS: Are Private Endpoints Too Private?》[1],可点击文末“阅读原文”按钮查看英文原文。全文如下:摘要我
阅读全文可访问全球任意主机:Cloudflare WAF 0-day漏洞剖析
注:本文翻译自 FearsOff 的文章《Cloudflare Zero-day: Accessing Any Host Globally Or, when .well‑known went wel
阅读全文Azure RCE漏洞剖析:单一VM沦陷可致整个租户失守
注:本文翻译自Cymulate的文章《CVE-2026-20965: Cymulate Research Labs Discovers Token Validation Flaw that Lead
阅读全文接管AWS核心代码库:供应链劫持漏洞CodeBreach剖析
注:本文翻译自Wiz的文章《CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Reposi
阅读全文基于Github任务流的开源AI代码审计框架
注:本文翻译自 GitHub Security Lab - Kevin Backhouse[1] 的文章《Community-powered security with AI: an open so
阅读全文从Shai-Hulud蠕虫看自托管GitHub Actions runner的后门风险
注:本文翻译自 Sysdig 的文章《How threat actors are using self-hosted GitHub Actions runners as backdoors》[1],
阅读全文VoidLink:隐秘的云原生Linux恶意软件框架剖析
注:本文翻译自 Check Point 的文章《Unveiling VoidLink – A Stealthy, Cloud-Native Linux Malware Framework》[1],可
阅读全文nOAuth攻击剖析:Entra跨租户SaaS应用面临账户完全劫持风险
注1:本文翻译自 Semperis - Eric Woodruff 的文章《nOAuth Abuse Alert: Full Account Takeover of Entra Cross-Tena
阅读全文nOAuth风险追踪:漏洞或致Microsoft 365沦陷
注:本文翻译自 Semperis - Eric Woodruff 的文章《nOAuth Abuse Update: Potential Pivot into Microsoft 365》[1],可点
阅读全文在野ESXi虚拟机逃逸攻击深度解析
注:本文翻译自Huntress的文章《The Great VM Escape: ESXi Exploitation in the Wild》[1],可点击文末“阅读原文”按钮查看英文原文。全文如下:
阅读全文面向JD学习AWS云安全1:IAM加固
注:本文翻译自 LaTerral Williams[1] 的文章《Beginner’s Guide to AWS IAM Hardening》[2],可点击文末“阅读原文”按钮查看英文原文。全文如下
阅读全文面向JD学习AWS云安全2:迷你CSPM搭建
注:本文翻译自 LaTerral Williams[1] 的文章《🛡️ Building a Mini Cloud Security Posture Management (CSPM) Lab Us
阅读全文面向JD学习AWS云安全3:基于GuardDuty的轻量级CASB监控
注:本文翻译自 LaTerral Williams[1] 的文章《🛡️ Building a CASB‑Like Threat Monitoring Lab in AWS (Beginner Fri
阅读全文面向JD学习AWS云安全4:配置漂移检测
注:本文翻译自 LaTerral Williams[1] 的文章《🛡️ AWS Config Drift Detection Lab - Beginner-Friendly Guide》[2],可点
阅读全文