InfoQ Homepage Cloud Security Content on InfoQ
-
Cloudflare Scales Infrastructure as Code with Shift-Left Security Practices
Cloudflare has eliminated manual configuration errors across hundreds of production accounts by implementing Infrastructure as Code with automated policy enforcement, processing approximately 30 merge requests daily while catching security violations before deployment rather than after incidents occur.
-
AWS Introduces VPC Encryption Controls to Enforce Encryption in Transit
AWS has recently introduced VPC Encryption Controls, allowing customers to validate whether traffic within and between VPCs is encrypted and to require encryption where supported. The feature provides visibility into unencrypted traffic, supports enforcement using compatible Nitro-based infrastructure, and allows exclusions for resources that cannot encrypt traffic.
-
MongoBleed Vulnerability Allows Attackers to Read Data from MongoDB's Heap Memory
MongoDB recently patched CVE-2025-14847, a vulnerability affecting multiple supported and legacy MongoDB Server versions. According to the disclosure, the flaw can be exploited remotely by unauthenticated attackers with low complexity, potentially leading to the exfiltration of sensitive data and credentials.
-
Docker Makes Hardened Images Free in Container Security Shift
Docker has made its catalogue of more than 1,000 hardened container images freely available under an open source licence. Docker Hardened Images were previously a commercial offering launched in May 2025, but are now accessible to all developers under an Apache 2.0 licence with no restrictions on use or distribution.
-
AWS and Google Cloud Preview Secure Multicloud Networking
In a surprising move, AWS and Google Cloud have recently partnered to simplify multicloud networking, introducing a common standard and leveraging "AWS Interconnect - Multicloud" and "Google Cloud's Cross-Cloud Interconnect". The new option makes it easier for organizations to manage and secure workloads across both clouds, with Azure expected to join in 2026.
-
Azure API Management Premium v2 GA: Simplified Private Networking and VNet Injection
Microsoft has launched API Management Premium v2, redefining security and ease-of-use in cloud API gateways. This new architecture enhances private networking by eliminating management traffic from customer VNets. With features like Inbound Private Link, availability zone support, and custom CA certificates, users gain unmatched networking flexibility, resilience, and significant cost savings.
-
GitHub Rolls out Post-Quantum SSH Security to Protect Code from Future Threats
GitHub has deployed a hybrid post-quantum key-exchange algorithm for SSH access, strengthening protection against future quantum decryption threats. The rollout, now live across most regions, pairs classical and quantum-resistant methods to counter “store now, decrypt later” attacks and marks a major step toward quantum-safe software development.
-
Layered Defences are Key to Combating AI-Driven Cyber Threats, CNCF Report Finds
The Cloud Native Computing Foundation has published an analysis of modern cybersecurity practices, finding that attacks using Artificial Intelligence are now a significant threat. The report highlights the criticality for organisations to adopt multi-layered defense strategies as artificial intelligence transforms both the threat landscape and the protective measures available to businesses.
-
Google Cloud KMS Launches Post-Quantum KEM Support to Combat "Harvest Now, Decrypt Later" Threat
Google Cloud's Key Management Service now supports post-quantum Key Encapsulation Mechanisms (KEMs), addressing future threats from quantum computing. This update empowers organizations to prepare against "Harvest Now, Decrypt Later" attacks while ensuring long-term data confidentiality.
-
Google Cloud Outlines Key Strategies for Securing Remote MCP Servers
Google Cloud published a guide that lays out strategies for securing remote Model Context Protocol (MCP) server deployments, particularly in contexts where AI systems depend on external tools, databases, and APIs.
-
Bring Your Own Key (BYOK): AWS IAM Identity Center Adopts CMKs to Meet Enterprise Compliance Needs
AWS IAM Identity Center now supports customer-managed KMS keys (CMKs) for encrypting identity data at rest. This enhancement offers organizations complete control over their encryption keys, ensuring granular access management, robust auditing via AWS CloudTrail, and improved compliance for regulated industries. It’s a key evolution for data sovereignty in the cloud.
-
Slack Security: inside the New Anomaly Event Response Architecture
Slack has launched Anomaly Event Response (AER), a real-time security system that autonomously detects suspicious activity, terminates risky sessions, and reduces response time from days to minutes. The system’s architecture includes a detection engine, decision framework, and response orchestrator to help organizations prevent breaches efficiently.
-
New DNS Armor Service Helps Google Cloud Workloads Preemptively Block Cyber Threats
Google Cloud's DNS Armor, in partnership with Infoblox, offers a vital layer of security against DNS-based threats for Google Cloud workloads. Utilizing advanced threat detection and machine learning, it identifies and mitigates risks like malware and data exfiltration, ensuring robust protection without impacting performance. Deployable as a managed service providing seamless control for users.
-
Linux Security Tools Bypassed by io_uring Rootkit Technique, ARMO Research Reveals
Security researchers at ARMO have uncovered a significant vulnerability in Linux runtime security tools that stems from the io_uring interface, an asynchronous I/O mechanism that can completely bypass traditional system call monitoring. The research demonstrates how attackers can exploit this blind spot to operate undetected by most existing security solutions.
-
Agentic AI Expands into SecOps to Ease Human Workloads
Agentic AI is beginning to reshape malware detection and broader security operations. These systems are being used not to replace humans, but to take on the lower value jobs that have historically tied up analysts — from triaging alerts to reverse-engineering suspicious files.