Cloud Security

AI security threats

How Cybercriminals Are Weaponizing Misconfigured AI Systems

Ravi Jain
"Securing AI: A Guide to Protecting Artificial Intelligence Systems," explores the escalating threats posed by cybercriminals targeting misconfigured AI systems. It details how attackers exploit vulnerabilities in AI infrastructure, such as exposed Jupyter notebooks and weak authentication, to launch sophisticated, AI-powered attacks like prompt injection and model poisoning. The guide outlines various attack vectors across Linux and Windows environments and emphasizes the long-term impact of compromised AI models. Finally, it presents comprehensive detection and prevention strategies, including infrastructure hardening, AI-specific security measures, and enterprise security frameworks, along with services offered by Technijian to address these critical security challenges. ... Read More
Hackers Target SSRF Bugs in EC2-Hosted Sites to Steal AWS Credentials

Hackers Target SSRF Bugs in EC2-Hosted Sites to Steal AWS Credentials

Ravi Jain
Recent cyberattacks exploited a weakness in Amazon EC2 configurations. Hackers targeted Server-Side Request Forgery (SSRF) vulnerabilities in websites hosted on EC2. This allowed them to access the internal EC2 metadata service and steal AWS Identity and Access Management (IAM) credentials. The campaign, observed in March 2025, leveraged older, less secure metadata services. Organizations are urged to upgrade to newer, more secure versions and implement other security measures. A cybersecurity firm, F5 Labs, detailed these attacks and recommends specific defenses, which are also offered as services by Technijian. ... Read More
Oracle Hit by Second Cyberattack

Oracle Hit by Second Cyberattack in a Month: FBI Investigates Stolen Login Data

Ravi Jain
Oracle experienced its second cybersecurity incident within a month, this time involving the theft of customer login credentials, including usernames, encrypted passwords, and passkeys from a legacy system. The FBI has initiated an investigation into this breach, which predominantly affected clients in the healthcare and enterprise sectors using older systems. While Oracle is conducting an internal audit and coordinating with law enforcement, cybersecurity experts have raised concerns about the company's security practices due to the repeated attacks. Affected users are advised to reset passwords and enable multi-factor authentication, as this incident highlights the increasing pressure on tech companies to fortify their digital defenses. The provided text also introduces Technijian, a cybersecurity firm offering services to help organizations protect themselves from such threats. ... Read More
Oracle Data Breach Allegations 2025

Oracle Denies Shocking Data Breach Claims: Hacker Alleges Theft of 6 Million Records

Ravi Jain
A hacker known as "rose87168" is claiming to have breached Oracle Cloud, alleging the theft of six million sensitive records and offering this data for sale. Oracle has strongly refuted these claims, asserting that their cloud services were not compromised and no customer data was lost. Despite Oracle's denial, cybersecurity experts are advising users to take precautionary measures like monitoring access logs and rotating credentials. The alleged breach purportedly exploited a vulnerability in a software package used by Oracle, with the hacker claiming to have provided proof of access. The cybersecurity community is currently divided on the validity of these claims. Technijian, a cybersecurity firm, recommends proactive security measures for Oracle Cloud users, regardless of the breach's confirmation. ... Read More
SSRF vulnerabilities

Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack

Ravi Jain
A coordinated cyberattack involving over 400 IP addresses is exploiting multiple Server-Side Request Forgery (SSRF) vulnerabilities across various platforms, including critical infrastructure and cloud services. This sophisticated campaign, detected by GreyNoise, aims to map internal networks, steal cloud credentials, and gain unauthorized access. The attacks leverage known CVEs and unlisted vulnerabilities in software like DotNetNuke, Zimbra, VMware, and GitLab. Organizations are advised to apply security patches, implement network controls, secure cloud metadata, monitor for suspicious activity, and validate user inputs to mitigate these significant risks. ... Read More