Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Publicly exposed training apps as recurring cloud-entry risk across security vendors

Target Trend
First reported
Last updated
Happening score
H score 37
1 unique sources, 1 articles

Summary

Hide ▲

Cybersecurity training apps left exposed on the public Internet are creating a recurring cloud-entry risk for security vendors and enterprise users. A scan identified 1,926 active instances spread across public servers, with a subset overpermissioned enough to enable lateral movement inside cloud accounts. The pattern matters because tools meant for practice can become production footholds when they are deployed with live credentials and broad IAM roles.

Related Happenings

Zealot autonomous AI cloud intrusion proof of concept

Technical Analysis
First: 23.04.2026 13:09 Last: 23.04.2026 13:09 Sources 1

About this happening: **Palo Alto Networks Unit 42** built **Zealot**, an autonomous AI agent that successfully attacked an isolated **Google Cloud Platform** environment, showing that machine-speed ad...

Open Happening

Unit 42 Zealot proves autonomous cloud attack chaining in GCP

Technical Analysis
First: 23.04.2026 13:00 Last: 23.04.2026 13:00 Sources 1

About this happening: **Unit 42's Zealot PoC** shows autonomous AI can chain cloud attack stages in a live **Google Cloud Platform** environment, shrinking defender reaction time to minutes. The system...

Open Happening

Cloud environments third-party flaw exploitation wave

Exploitation Wave
First: 09.03.2026 23:45 Last: 09.03.2026 23:45 Sources 1

About this happening: **Threat actors** are rapidly weaponizing **newly disclosed third-party vulnerabilities** to reach **cloud environments**, compressing the exploitation window from weeks to days a...

Open Happening

Elastic Cloud SIEM stolen-data campaign

Campaign
First: 09.03.2026 17:45 Last: 09.03.2026 17:45 Sources 1

About this happening: The **Elastic Cloud SIEM** abuse campaign has been uncovered across **dozens of organizations**, turning a legitimate security platform into a stolen-data hub and increasing opera...

Open Happening

Amazon Web Services Middle East drone-strike outage

Service Disruption
First: 03.03.2026 13:44 Last: 03.03.2026 13:44 Sources 1

About this happening: **Amazon Web Services** confirmed a **drone-strike** disruption that damaged infrastructure in its **Middle East regions** and caused an outage affecting **dozens of cloud service...

Open Happening

Timeline

  1. 21.01.2026 16:00 2 articles · 4mo ago

    Pentera report finds exposed training apps can open cloud environments

    Initial Disclosure

    Security research showed that training applications such as Hackazon, DVWA, OWASP Juice Shop, and bWAPP were exposed on the public Internet and, in some cases, deployed in production on Amazon Web Services (AWS) Elastic Compute Cloud (EC2) with attached IAM roles. The scan found more than 10,000 instances, verified 1,926 active internet-accessible deployments across 1,626 servers, and identified 974 running on AWS, Google Cloud (GCP), or Microsoft Azure; 165 of those had IAM roles and 109 were overpermissioned enough to support lateral movement. The findings also connected exposed training-app deployments to major security vendors including F5, Cloudflare, and Palo Alto Networks, and noted that 20% of 616 DVWA servers contained cyberattack artifacts and some were used to run XMRig.

    Show sources
    Open in new tab