cloud-storage

3 articles
sort: new top best
clear filter
bug-bounty448 google354 microsoft311 facebook262 xss238 apple179 malware174 rce149 exploit124 bragging-post101 cve99 account-takeover93 phishing83 csrf79 privilege-escalation77 supply-chain65 stored-xss65 authentication-bypass63 dos60 browser57 reflected-xss57 react50 cloudflare49 cross-site-scripting48 reverse-engineering48 input-validation48 access-control47 aws45 docker45 smart-contract45 node44 sql-injection43 ethereum43 web343 defi42 web-security42 web-application41 ssrf38 burp-suite35 idor34 vulnerability-disclosure34 info-disclosure33 race-condition33 html-injection33 cloud32 writeup32 oauth32 buffer-overflow32 smart-contract-vulnerability32 information-disclosure30
0 5/10
Bucketsquatting is (finally) dead
news

AWS has introduced a new S3 bucket namespace pattern (prefix-accountid-region-an) that prevents bucketsquatting attacks by binding bucket names to specific AWS accounts and regions. This recommended protection addresses a decade-long vulnerability where predictable bucket naming allowed attackers to register deleted buckets and access sensitive data.

bucketsquatting s3 aws cloud-security namespace-protection bucket-naming account-isolation cloud-storage google-cloud-storage azure-blob-storage access-control predictable-names
AWS S3 Google Cloud Storage Azure Blob Storage InvalidBucketNamespace
onecloudplease.com · boyter · 12 hours ago · details · hn
0 2/10
Hugging Face Storage Buckets Storage Bucket
tool

Hugging Face introduces Storage Buckets, an AI-native object storage service using Xet's content-defined chunking for deduplication, offering per-TB pricing with built-in CDN and designed to streamline ML workflows without Git overhead.

cloud-storage object-storage data-management machine-learning deduplication cdn hugging-face ai-infrastructure pricing
Hugging Face Xet AWS S3 Backblaze Overdrive GCP AWS
huggingface.co · tamnd · 16 hours ago · details · hn
0 7/10
Subdomain takeover via unsecured s3 bucket
bug-bounty

Researcher discovered a subdomain takeover technique by exploiting an improperly configured S3 bucket that allowed unauthenticated write access via AWS CLI. By uploading a malicious _redirect.html file with proper ACL permissions, the attacker could execute arbitrary content on the victim subdomain without exploiting a traditional subdomain takeover vulnerability.

s3-bucket-misconfiguration subdomain-takeover aws-security cloud-storage access-control file-upload aws-cli bucket-policy bug-bounty
AWS Amazon S3 MuhammadKhizerJaved HackerOne Bugcrowd
blog.securitybreached.org · devanshbatham/Awesome-Bugbounty-Writeups · 20 hours ago · details