Safeguard
Topic

Cloud Security

In-depth guides and analysis on cloud security from the Safeguard engineering team.

237 articles

Cloud Security

AWS IAM policy misconfiguration vulnerability patterns

Wildcard policies, PassRole chains, and trust-policy gaps drive most AWS IAM breaches. Here's how these misconfiguration patterns actually get exploited.

Nov 4, 20257 min read
Cloud Security

Azure storage account misconfiguration report

A breakdown of what drives Azure storage misconfiguration reports, from the 2023 Wiz-disclosed 38TB leak to SAS token and public access risks in 2025.

Nov 4, 20256 min read
Cloud Security

GCP IAM privilege escalation paths explained

Attackers escalate GCP privilege using IAM actAs chains, default Editor service accounts, and Cloud Build tokens -- no exploit code required.

Nov 3, 20257 min read
Cloud Security

Kubernetes secrets management vulnerability guide

Kubernetes Secrets are base64, not encrypted. Real CVEs and the Tesla breach show how attackers exploit that gap — and how to close it.

Nov 3, 20257 min read
Cloud Security

CI/CD pipeline security vulnerability trends

CI/CD pipelines now hold the keys attackers want most. Here's what tj-actions, Ultralytics, and Jenkins CVE-2024-23897 reveal about the trend.

Nov 3, 20257 min read
Cloud Security

GitHub Actions workflow injection vulnerabilities

How GitHub Actions workflow injection lets attackers hijack CI pipelines via untrusted input, real CVEs like CVE-2025-30066, and how to detect it.

Nov 3, 20257 min read
Cloud Security

Jenkins plugin vulnerability trends report

Jenkins plugin CVEs keep piling up—missing permission checks, CSRF gaps, and a critical CVE-2024-23897 that attackers scanned for within days.

Nov 2, 20256 min read
Cloud Security

Container runtime security (containerd/CRI-O) vulnerability roundup

Container runtime CVEs like the runc Leaky Vessels flaw and CRI-O's cr8escape show how containerd and CRI-O bugs turn into full host takeovers.

Nov 2, 20257 min read
Cloud Security

OpenTofu and Terraform provider supply chain risk

Terraform and OpenTofu providers run unsandboxed with full pipeline credentials. Here's where the provider supply chain actually breaks down.

Nov 1, 20257 min read
Cloud Security

AWS TEAM CVE-2025-1969: Spoofed Approvals in IAM Identity Center

AWS Security Bulletin AWS-2025-004 disclosed an input validation flaw in Temporary Elevated Access Management that let users forge approvals. Here's what changed and how to harden TEAM 1.2.2.

Oct 2, 20256 min read
Cloud Security

Pandoc CVE-2025-51591: SSRF Against EC2 Metadata in the Wild

Wiz documented active exploitation of Pandoc CVE-2025-51591 to reach the AWS IMDS through iframe rendering. Here is the kill chain and the production controls that contained it.

Sep 30, 20256 min read
Cloud Security

AWS-2025-021: The IMDS Impersonation Bulletin Few Teams Read Carefully

AWS published Security Bulletin AWS-2025-021 warning that EC2 instances may interact with unexpected AWS accounts through the Instance Metadata Service. Here is the technical impact and the IMDSv2 enforcement plan.

Sep 22, 20256 min read
Cloud Security (Page 16) — Supply Chain Security Blog | Safeguard