Skip to main content

Tag: amazon

9 articles

A dimly lit office interior with a single wooden desk and chair, papers and folders scattered on the surface, illuminated…

Amazon Fined $2.25M for Withholding Fraud Evidence

Amazon has been fined $2.25 million for allegedly blocking identity-theft victims from accessing records of fraudulent transactions, violating the Fair Credit Reporting Act. The company reportedly told some consumers that they couldn't access the requested records, adding to the frustration of those trying to recover from scams.

Analyst 207
Developer workstation with laptop, terminal, and papers on a clean desk.

Amazon AI Coding Tool Exposes Cloud Credentials to Malicious Git Repos

A security vulnerability in Amazon's AI coding assistant, tracked as CVE-2026-12957, allowed malicious Git repositories to access sensitive cloud credentials, raising concerns about informed consent and user security. The flaw enabled automatic execution of commands with no user prompt required.

Analyst 207
Person in a modern office setting with colleagues, using a laptop or tablet.

Big Tech Reconsiders Human-in-the-Loop AI Governance

Big tech giants like Amazon are rethinking the role of human oversight in AI governance, as experts question whether humans are truly the reliable safety net they're assumed to be. Human inconsistency and unpredictability are sparking a reassessment of the "human-in-the-loop" approach to managing advanced AI tools.

Analyst 207
Person in hoodie sits before laptop with cityscape, robotic arm emerges from shadows to automate tasks.

AI Boosts Pentesting Efficiency by 40% at Amazon

Amazon's security team has achieved a game-changing 40% boost in pentesting efficiency by harnessing the power of artificial intelligence, significantly speeding up the process of identifying vulnerabilities and keeping the internet more secure. This innovative approach is a major win for productivity and a strong indicator of AI's growing role in cybersecurity.

Analyst 207
Pandoc CVE-2025-51591 Critical: Must-Patch Risk

Pandoc CVE-2025-51591 Critical: Must-Patch Risk

A newly spotted SSRF flaw in Pandoc (CVE-2025-51591) is being abused to trick EC2 instances into handing over AWS IMDS tokens and temporary credentials, letting attackers steal keys and pivot across cloud accounts. If you run Pandoc in build pipelines or servers, inventory instances, patch or block metadata access, and enable IMDSv2 now to stop casual credential theft.

Analyst 207
watering-hole technique: Exclusive Risky Exposed

watering-hole technique: Exclusive Risky Exposed

When nation‑state actors like APT29 weaponize familiar conveniences — such as “Sign in with Microsoft” flows and popular websites — a routine visit can hand over credentials and session tokens at scale. Amazon’s disclosure shows watering‑hole attacks have evolved, so teams and users should treat federated logins and consent prompts with fresh skepticism and stronger protections.

Analyst 207
Cozy Bear Exposed: Risky OAuth Attack — Must-Have Alert

Cozy Bear Exposed: Risky OAuth Attack — Must-Have Alert

AWS says it disrupted a Cozy Bear (APT29) campaign that used fake websites and OAuth consent tricks to coax Microsoft users into granting access to mail, calendars and other data. The episode is a reminder that convenient features like single sign‑on can be repurposed for stealthy espionage — and why cloud providers are increasingly acting as front‑line defenders.

Analyst 207
Electronics supply chains Must-Have Shield: Best Defense

Electronics supply chains Must-Have Shield: Best Defense

When a specialist like Data I/O is knocked offline by ransomware, production lines and device launches can grind to a halt—reminding tech companies to tighten supplier security, demand transparency, and build redundancy before the next outage.

Analyst 207
Amazon Q Developer Must-Have Fix for Risky RCE

Amazon Q Developer Must-Have Fix for Risky RCE

Amazon quietly patched serious flaws in its Q Developer VS Code extension that could let attackers inject prompts to steal local secrets like API keys or even run remote code. It’s a wake-up call to treat AI-powered IDE tools as high‑risk and lock down privileges.

Analyst 207