Latest news, insights and stories from Zerowl Cyber Security Magazine

Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments

Zerowl

February 11, 2026

Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments

For internal testing, security education, and product demonstrations, intentionally vulnerable training applications are frequently utilized. Because they are by default insecure, tools like OWASP Juice Shop, DVWA, Hackazon, and bWAPP are helpful for understanding how common attack methods operate in controlled settings. The way that apps are frequently deployed and maintained in actual cloud environments is the problem, not the apps themselves.

Pentera Labs looked at how training and demo apps are used across cloud infrastructures and discovered a common trend: apps meant for private lab use were often discovered running inside active cloud accounts, connected to cloud identities with more access than necessary, and exposed to the public internet.

Patterns of Deployment These applications were frequently deployed with default configurations, little isolation, and excessively permissive cloud roles, according to research conducted by Pentera Labs. For inquiries or conversations, reach out to labs@pentera.io.

Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments

Patterns of Deployment These applications were frequently deployed with default configurations, little isolation, and excessively permissive cloud roles, according to research conducted by Pentera Labs. For inquiries or conversations, reach out to labs@pentera.io.

Trending News

North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux

North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Anthropic Officially Terminates Claude Subscriptions Used by Tools Like OpenClaw

Anthropic Officially Terminates Claude Subscriptions Used by Tools Like OpenClaw

36 bad npm packages used Redis and PostgreSQL to install permanent implants.

36 bad npm packages used Redis and PostgreSQL to install permanent implants.

Six months of social engineering by the DPRK led to the $285 million Drift Hack.

Six months of social engineering by the DPRK led to the $285 million Drift Hack.

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Top 10 Best VPN For Chrome in 2026

Top 10 Best VPN For Chrome in 2026

Top 10 Best User Access Management Tools in 2026

Top 10 Best User Access Management Tools in 2026

Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments

Patterns of Deployment These applications were frequently deployed with default configurations, little isolation, and excessively permissive cloud roles, according to research conducted by Pentera Labs. For inquiries or conversations, reach out to labs@pentera.io.

Trending News

North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux

North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Anthropic Officially Terminates Claude Subscriptions Used by Tools Like OpenClaw

Anthropic Officially Terminates Claude Subscriptions Used by Tools Like OpenClaw

36 bad npm packages used Redis and PostgreSQL to install permanent implants.

36 bad npm packages used Redis and PostgreSQL to install permanent implants.

Six months of social engineering by the DPRK led to the $285 million Drift Hack.

Six months of social engineering by the DPRK led to the $285 million Drift Hack.

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Top 10 Best VPN For Chrome in 2026

Top 10 Best VPN For Chrome in 2026

Top 10 Best User Access Management Tools in 2026

Top 10 Best User Access Management Tools in 2026