Blog

TL;DR: A recently disclosed Kubernetes authorization bypass allows attackers with nodes/proxy GET permissions to execute commands in any Pod across the cluster - and standard Kubernetes audit logging won't capture it. Here's what you need to know and how to detect it.

For years, SIEMs have been positioned as the “source of truth” for security operations. They ingest everything, correlate endlessly, and alert loudly. And yet, they consistently miss the most critical signal in modern cloud attacks: configuration change impact.This blog walks through how Stream.Security closes the gaps and turns config changes into impact-aware detections. ‍

If you don’t know your cloud, you can’t secure it. Alerts and AI don’t help much without real context. “Know Your Cloud” (KYC) is about understanding what you actually have, who and what can access it, and what could go wrong. Get that right, and detection makes sense, AI gets smarter, and response gets better.

Stream.Security now supports native ingestion of MongoDB Atlas audit logs, extending real-time threat detection and response to the database layer. Security teams gain immediate visibility into suspicious database activity, including unauthorized access, privilege escalation, data exfiltration, and configuration changes correlated with full cloud context across AWS, Azure, and GCP. The integration is agentless, easy to enable, and delivers out-of-the-box detections so teams can investigate and respond faster, all from a unified cloud security platform.

Shai-Hulud 2.0 is rapidly backdooring npm packages, spawning tens of thousands of malicious repos, and stealing developer creds. In this blog, we detonate an infected package and show how Stream Security instantly detects and investigates the threat with behavioral analytics + AI Triage (with real Stream platform images included).

Stream’s red-team tests have uncovered a way to manipulate the AI triage process by injecting misleading information into cloud metadata.

Stream now integrates with Microsoft 365 to cover Entra ID, DLP, SharePoint, Teams, Outlook, and OneDrive for unified, SaaS-aware threat detection.Get real-time visibility across identity, chat, files, and mail and detect token abuse, malicious OAuth apps, Teams-based phishing, and abnormal file activity from a single view.

AI tools are only as effective as the data they learn from. For the first time, the industry has tools to make this data accessible and meaningful. Let's look at how the industry sees AI SOC agents and how to maximize the use of their data sources.

Stream.Security just launched a new AI Triage feature to assist analysts in addressing the growing volume of alerts in the cloud and SaaS. The AI Triage agent brings human-like intelligence and decision making to SOC analysts. With Stream’s real-time CloudTwin model, the triage digests updated risk-based data that factors in asset criticality, exposure, and blast radius to prioritize alerts that truly matter.

Stream delivers cloud-native detection engines, from rules and anomalies to canaries, as part of our Cloud Detection & Response (CDR) platform.Traditional canaries are siloed, making them hard to scale, hard to manage, and often ignored. Stream takes canaries further by embedding them into the CloudTwin™ fabric.