VulnHub

Real-time Cybersecurity News

Zeroday Cloud hacking event awards $320,0000 for 11 zero days

BleepingComputer
Critical

Overview

At the Zeroday Cloud hacking competition held in London, cybersecurity researchers were awarded a total of $320,000 for identifying 11 serious remote code execution vulnerabilities in cloud infrastructure components. These vulnerabilities could potentially allow attackers to execute malicious code on affected systems, posing significant risks to cloud service providers and their customers. The event showcased the importance of proactive security measures in cloud computing, as vulnerabilities like these can lead to data breaches and service disruptions. By encouraging the discovery of such flaws, the competition aims to strengthen the overall security of cloud environments. Companies relying on cloud infrastructure should stay vigilant and address any reported vulnerabilities promptly to safeguard their systems.

Key Takeaways

  • Affected Systems: Cloud infrastructure components, remote code execution systems
  • Action Required: Companies should apply security updates and patches as they become available for the affected components.
  • Timeline: Newly disclosed

Original Article Summary

The Zeroday Cloud hacking competition in London has awarded researchers $320,000 for demonstrating critical remote code execution vulnerabilities in components used in cloud infrastructure. [...]

Impact

Cloud infrastructure components, remote code execution systems

Exploitation Status

No active exploitation has been reported at this time. However, organizations should still apply patches promptly as proof-of-concept code may exist.

Timeline

Newly disclosed

Remediation

Companies should apply security updates and patches as they become available for the affected components.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Critical.

Read Original Article

Related Coverage

AI Rush is Reviving Old Cybersecurity Mistakes, Mandiant VP Warns

Infosecurity Magazine

Jurgen Kutscher, VP of Mandiant Consulting, expressed concerns that the rush to adopt AI tools is not only introducing new cybersecurity vulnerabilities but also bringing back old security issues that many organizations thought were resolved. Kutscher pointed out that as businesses integrate AI into their operations, they might overlook fundamental security practices that have historically led to breaches. This oversight could potentially expose companies to risks they believed they had already addressed. The warning serves as a reminder for organizations to remain vigilant and ensure that while they innovate with AI, they don’t neglect the basics of cybersecurity. Companies should reassess their security measures to mitigate the risks associated with both new and revived vulnerabilities.

Apr 24, 2026

US Federal Agency’s Cisco Firewall Infected With ‘Firestarter’ Backdoor

SecurityWeek

A U.S. federal agency has reported that a Cisco firewall has been compromised by a backdoor malware known as 'Firestarter'. This malware gives attackers remote access and control over the infected device and is designed to persist even after security patches are applied. The incident raises significant concerns about the security of federal networks, especially given the critical role firewalls play in protecting sensitive information. As agencies rely on these devices to safeguard their data, the presence of such malware could expose them to further attacks. Users and organizations using Cisco firewalls need to be vigilant and ensure their systems are updated and monitored for unusual activity.

Apr 24, 2026

Hiding Bluetooth Trackers in Mail

Schneier on Security

A Dutch journalist, Just Vervaart, successfully tracked a naval ship by mailing a postcard embedded with a Bluetooth tracker. Following guidelines from the Dutch government, the journalist monitored the ship's movements for about a day as it sailed from Heraklion, Crete, toward Cyprus. This incident raises significant security concerns, especially since the tracked vessel is part of a carrier strike group in the Mediterranean. The ability to track military assets in real-time poses risks not only to the specific ship but potentially to the entire fleet, highlighting vulnerabilities in military operational security. This situation underscores the need for better protective measures against unauthorized tracking of sensitive assets.

Apr 24, 2026

French Police Arrest HexDex Hacker Over Mass Data Theft and Leaks

Hackread – Cybersecurity News, Data Breaches, AI and More

French police have arrested a 20-year-old hacker known as HexDex, who is alleged to have stolen and leaked sensitive data from various targets, including government agencies, sports organizations, and private companies. The suspect is accused of orchestrating a series of cyberattacks that compromised a significant amount of confidential information. This incident raises concerns about the security measures in place at these institutions and the potential harm that could come from such data leaks. Authorities are investigating the full extent of the breaches and the impact on those affected. The case serves as a reminder of the ongoing risks posed by cybercriminals and the importance of robust cybersecurity practices.

Apr 24, 2026

Checkmarx supply chain attack impacts Bitwarden npm distribution path

Security Affairs

The Bitwarden command-line interface (CLI) version 2026.4.0 has been compromised as part of the Checkmarx supply chain attack, which introduced malicious code into the bw1.js file through a compromised GitHub Action. This incident raises concerns for users of Bitwarden, a popular password management tool, as the malicious code could potentially expose sensitive information. Researchers are warning that this breach is part of a larger ongoing campaign, which could impact other software and systems if not addressed. Users of the affected version should take immediate action to secure their systems and check for any unauthorized access. This incident serves as a reminder of the vulnerabilities present in software supply chains and the need for vigilance among developers and users alike.

Apr 24, 2026

Bitwarden NPM Package Hit in Supply Chain Attack

SecurityWeek

A recent supply chain attack has targeted the Bitwarden NPM package, linked to a group called TeamPCP. This incident draws parallels to the Shai-Hulud worm, indicating a significant threat to developers using the Bitwarden package for password management solutions. The attack raises concerns about the security of software dependencies, as malicious code can be injected into widely used packages. Developers and organizations relying on Bitwarden should be vigilant and assess their systems for any signs of compromise. The incident underscores the ongoing risks associated with supply chain attacks in the software development ecosystem.

Apr 24, 2026