Find notable cyber news and cases, enriched with sources, timelines, and signals.

Exposed security-training web apps exploitation wave

Exploitation Wave
First reported
Last updated
Happening score
H score 41
2 unique sources, 2 articles

Summary

Hide ▲

DVWA, OWASP Juice Shop, Hackazon, and bWAPP instances exposed in cloud environments are being actively exploited, putting Fortune 500 companies and security vendors at risk of cloud takeover, miner deployment, and webshell persistence. Pentera found 1,926 live vulnerable applications on AWS, GCP, and Azure, with many tied to overly privileged IAM roles and default credentials. Several affected organizations, including Cloudflare, F5, and Palo Alto Networks, have since remediated the exposed instances.

Related Happenings

AWS environment hit by data theft breach

Incident
H score26 First: 08.07.2026 15:30 Last: 08.07.2026 15:30 Sources 1

About this happening: An **AWS environment** was **compromised** in an **AI-assisted intrusion** that enabled **extortion**, creating immediate risk of data theft and operational disruption. The actor...

Amazon Q Developer MCP trust flaw (CVE-2026-12957)

Vulnerability
H score32 First: 26.06.2026 16:53 Last: 26.06.2026 16:53 Sources 1

About this happening: **Amazon Q Developer** had a **high-severity** trust-boundary flaw in **MCP server** handling that could let a malicious repository trigger commands on a developer machine and ste...

Google Cloud Vertex AI SDK Python predictable bucket squatting security flaw

Vulnerability
H score1 First: 16.06.2026 22:05 Last: 16.06.2026 22:05 Sources 1

About this happening: **Google Cloud Vertex AI SDK for Python** had a **predictable temporary bucket** flaw that let an attacker hijack model uploads and reach **code execution** inside Google's servin...

AWS exposed-key hardening guidance for Amazon SES phishing abuse

Defensive Guidance
H score14 First: 04.05.2026 23:03 Last: 04.05.2026 23:03 Sources 1

About this happening: **Kaspersky** urged organizations to harden **AWS IAM** and credential handling after **exposed access keys** were linked to phishing delivery through **Amazon SES**, reducing the...

Zealot autonomous AI cloud intrusion proof of concept

Technical Analysis
H score28 First: 23.04.2026 13:09 Last: 23.04.2026 13:09 Sources 1

About this happening: **Palo Alto Networks Unit 42** built **Zealot**, an autonomous AI agent that successfully attacked an isolated **Google Cloud Platform** environment, showing that machine-speed ad...

Timeline

  1. 21.01.2026 16:00 3 articles · 5mo ago

    Pentera reports active exploitation of exposed security-training web apps in cloud environments

    Initial Disclosure

    Pentera reports active abuse of misconfigured security-training and internal pentest web apps such as DVWA, OWASP Juice Shop, Hackazon, and bWAPP that were exposed on AWS, GCP, and Azure and often tied to overly privileged IAM (Identity and Access Management) roles and default credentials. The findings cover 1,926 live vulnerable applications and indicate attacker activity including XMRig Monero mining, webshell deployment, persistence mechanisms, and access paths into cloud resources such as S3 buckets, GCS, Azure Blob Storage, Secrets Manager, and container registries; Cloudflare, F5, and Palo Alto Networks received the findings and fixed exposed instances.

    Show sources