Focal Security

@FocalSecurity

Finding and disclosing 0-days in the cloud, protecting organizations in sensitive industries from nation state actors

Tham gia Ocak 2026

2 Đang theo dõi37 Người theo dõi

Focal Security đã retweet

OmerAF@omer_asfu·20 Nis

I achieved a cross-tenant #RCE in #GoogleCloud simply by abusing predictable bucket names. 🪣 In my latest research for @FocalSecurity, I look into "Bucket Squatting" - a cross-tenant attack that landed me 3 critical vulnerabilities in GCP. Here is how it works:

English

212

23.8K

Focal Security@FocalSecurity·26 Mar

We found 𝗚𝗮𝘁𝗲𝘄𝗮𝘆𝗧𝗼𝗛𝗲𝗮𝘃𝗲𝗻 (𝗖𝗩𝗘-𝟮𝟬𝟮𝟱-𝟭𝟯𝟮𝟵𝟮)—a critical cross-tenant flaw in Google Cloud's Apigee—but what if a malicious actor found it first? Check out our article explaining how to preemptively mitigate such vulnerabilities: focalsecurity.io/blog/mitigatin…

English

406

Focal Security@FocalSecurity·26 Mar

Check out our article showcasing how we found GatewayToHeaven (CVE-2025-13292), a cross-tenant vulnerability in GCP's Apigee: focalsecurity.io/blog/gatewayto…

English

211

Khám phá

@elonmusk @BarackObama @taylorswift13 @cristiano @BillGates @NASA @nikifrancismediavine @katyperry