The seams between cloud platforms, development pipelines, and AI tooling continue to widen—and attackers are paying attention.
🔓 Wiz Discovers Critical Azure Access Bypass
Wiz uncovered a privilege escalation flaw in Azure Service Tags allowing attackers to bypass firewall protections and potentially access restricted services. The bug highlights how assumed trust zones in cloud architectures can become blind spots when misconfigured.
🔗 https://thehackernews.com/2025/07/wiz-uncovers-critical-access-bypass.html
🧬 Base44’s Vibe Coding Platform Exposed Thousands of Apps
Base44’s development framework was found vulnerable to a serialization flaw, putting thousands of Vibe-based apps at risk. Think less CVE and more misapplied trust in the base layer of app generation. The root issue: foundational logic becoming attack surface.
🔗 https://www.darkreading.com/application-security/critical-flaw-vibe-coding-base44-exposed-apps
🧠 Promptfoo Raises $18.4M to Secure Prompt-Based AI Systems
Promptfoo, a startup focused on AI agent and prompt security, just secured major backing. The funding round signals real concern among enterprises that language models aren’t just hallucinating—they’re leaking. Expect this space to grow fast as tools try to control prompt injection, shadow memory, and agent impersonation.
🔗 https://www.securityweek.com/promptfoo-raises-18-4-million-for-ai-security-platform/
🧠⚠️ UNC3944’s Voice Phishing Campaigns Detailed by Google
Google’s threat intel team released a breakdown of UNC3944, an active group using voice phishing, SIM swapping, and helpdesk impersonation to hijack admin accounts across U.S. sectors. These are multi-layered attacks, blending human and technical exploits.
🔗 https://industrialcyber.co/threat-landscape/google-details-unc3944-ransomware-campaign-across-us-sectors-using-voice-phishing-admin-hijack-tactics/
🌨️ Scattered Spider Targeting Snowflake for Mass Data Access
Scattered Spider continues pushing the limits of cloud-native data theft. Their latest campaigns target Snowflake environments, looking for misconfigured instances or credential leaks to perform bulk data exfiltration—quietly and effectively.
🔗 https://therecord.media/scattered-spider-targeting-snowflake-access-data-exfiltration
🧯 Quick Note: Identity Fraud on the Rise in Job Market
An uptick in fraudulent cyber job applications has caught the attention of major security recruiters. Some use real names with fake credentials; others leverage stolen resumes. This suggests attackers are not just targeting orgs—they’re blending into them.
🔗 http://www.securitymagazine.com/articles/101795
Signals from the Noise
Cloud misconfigurations are today’s shadow vulnerabilities—hard to detect, easy to exploit. Voice phishing and identity compromise are scaling in scope and tech sophistication. The AI security space is crystallizing fast—tools to defend against synthetic misuse are getting serious investment.