Find notable cyber news and cases, enriched with sources, timelines, and signals.

Publicly exposed training apps as recurring cloud-entry risk across security vendors

Trend
First reported
Last updated
Happening score
H score 17
1 unique sources, 1 articles

Summary

Hide ▲

Cybersecurity training apps left exposed on the public Internet are creating a recurring cloud-entry risk for security vendors and enterprise users. A scan identified 1,926 active instances spread across public servers, with a subset overpermissioned enough to enable lateral movement inside cloud accounts. The pattern matters because tools meant for practice can become production footholds when they are deployed with live credentials and broad IAM roles.

Related Happenings

AWS Continuum launches AI-powered vulnerability management lifecycle platform

Security Tool/Service
H score14 First: 19.06.2026 14:00 Last: 19.06.2026 14:00 Sources 1

About this happening: **AWS Continuum** launched in **gated preview** as a new **AI-powered vulnerability management platform** for AWS environments, expanding security teams’ ability to manage code fl...

Zealot autonomous AI cloud intrusion proof of concept

Technical Analysis
H score28 First: 23.04.2026 13:09 Last: 23.04.2026 13:09 Sources 1

About this happening: **Palo Alto Networks Unit 42** built **Zealot**, an autonomous AI agent that successfully attacked an isolated **Google Cloud Platform** environment, showing that machine-speed ad...

Unit 42 Zealot proves autonomous cloud attack chaining in GCP

Technical Analysis
H score28 First: 23.04.2026 13:00 Last: 23.04.2026 13:00 Sources 1

About this happening: **Unit 42's Zealot PoC** shows autonomous AI can chain cloud attack stages in a live **Google Cloud Platform** environment, shrinking defender reaction time to minutes. The system...

Cloud environments third-party flaw exploitation wave

Exploitation Wave
H score37 First: 09.03.2026 23:45 Last: 09.03.2026 23:45 Sources 1

About this happening: **Threat actors** are rapidly weaponizing **newly disclosed third-party vulnerabilities** to reach **cloud environments**, compressing the exploitation window from weeks to days a...

Elastic Cloud SIEM stolen-data campaign

Campaign
H score41 First: 09.03.2026 17:45 Last: 09.03.2026 17:45 Sources 1

About this happening: The **Elastic Cloud SIEM** abuse campaign has been uncovered across **dozens of organizations**, turning a legitimate security platform into a stolen-data hub and increasing opera...

Timeline

  1. 21.01.2026 16:00 2 articles · 5mo ago

    Pentera report finds exposed training apps can open cloud environments

    Initial Disclosure

    Security research showed that training applications such as Hackazon, DVWA, OWASP Juice Shop, and bWAPP were exposed on the public Internet and, in some cases, deployed in production on Amazon Web Services (AWS) Elastic Compute Cloud (EC2) with attached IAM roles. The scan found more than 10,000 instances, verified 1,926 active internet-accessible deployments across 1,626 servers, and identified 974 running on AWS, Google Cloud (GCP), or Microsoft Azure; 165 of those had IAM roles and 109 were overpermissioned enough to support lateral movement. The findings also connected exposed training-app deployments to major security vendors including F5, Cloudflare, and Palo Alto Networks, and noted that 20% of 616 DVWA servers contained cyberattack artifacts and some were used to run XMRig.

    Show sources