Phala patches Cloud API bug after attacker alters CVMs and puts Offchain KMS secrets at risk
Phala •
Revision history
2 recorded changes
Want your article here?
Promote with Leviathan NewsPhala says it identified and patched a Phala Cloud API endpoint vulnerability on June 1, after the earliest confirmed unauthorized activity at 2026-05-31T22:26:36.808Z. The attacker deployed a malicious pre-launch script to affected CVMs that may have accessed decrypted environment variables after boot, but onchain KMS CVMs are outside the affected scope and only Offchain KMS CVMs may be affected. Affected customers have been emailed directly and told to replace compromised CVMs, rotate env-var secrets, and rotate AWS registry/ECR credentials used by those CVMs.
TLDR by @Benthic
More on cloud
Eigen Cloud founder outlines how Open Agentic independent researchers using AI agents surpassed Google's withheld quantum benchmark for breaking Bitcoin signatures in just 73 hours, advancing cryptography research in public
𝕏/@sreeramkannan ·
Researchers uncover how hackers used over 34 fake npm, PyPI and Rust packages in “TrapDoor” attack targeting Solana, Sui and Aptos developers to steal wallets and cloud credentials
Coindesk ·
Anthropic raised $65B in Series H funding at a $965B valuation to scale Claude products, expand multi-cloud compute deals with AWS, Google, and Azure, and accelerate safety and interpretability research.
Anthropic ·
Eigen cloud founder Sreeram Kannan argues AI agents will rely on crypto rails for payments, accountability and verification as autonomous systems evolve beyond human oversight
𝕏/@a16zcrypto ·
⚠️ Node-ipc supply chain attack: SlowMist warns that malicious node-ipc versions 9.1.6, 9.2.3, and 12.0.1 steal cloud and dev credentials; audit dependencies, assume compromise, downgrade, and rotate all secrets immediately
𝕏/@SlowMist_Team ·
Bernstein sets $100 price target on IREN after company secured $3.4B NVIDIA AI cloud deal and potential $2.1B strategic equity investment
The Block ·
Eigen Cloud founder outlines how Open Agentic independent researchers using AI agents surpassed Google's withheld quantum benchmark for breaking Bitcoin signatures in just 73 hours, advancing cryptography research in public
𝕏/@sreeramkannan ·
Researchers uncover how hackers used over 34 fake npm, PyPI and Rust packages in “TrapDoor” attack targeting Solana, Sui and Aptos developers to steal wallets and cloud credentials
Coindesk ·
Anthropic raised $65B in Series H funding at a $965B valuation to scale Claude products, expand multi-cloud compute deals with AWS, Google, and Azure, and accelerate safety and interpretability research.
Anthropic ·
Eigen cloud founder Sreeram Kannan argues AI agents will rely on crypto rails for payments, accountability and verification as autonomous systems evolve beyond human oversight
𝕏/@a16zcrypto ·
⚠️ Node-ipc supply chain attack: SlowMist warns that malicious node-ipc versions 9.1.6, 9.2.3, and 12.0.1 steal cloud and dev credentials; audit dependencies, assume compromise, downgrade, and rotate all secrets immediately
𝕏/@SlowMist_Team ·
Bernstein sets $100 price target on IREN after company secured $3.4B NVIDIA AI cloud deal and potential $2.1B strategic equity investment
The Block ·