Tag: aws
12 articles

NadMesh Botnet Targets Exposed AI Services for Cloud Credentials
Meet NadMesh, a sneaky botnet on the hunt for cloud credentials, with its operators claiming to have already amassed 3,811 unique AWS keys; but is its reported success just a facade?

Unpatched Shark Vacuum Flaw Exposes Regional Control Risk
A security flaw in Shark vacuums could put regional control at risk, as demonstrated by researcher tokay0, who exploited the vulnerability to run root commands on hundreds of thousands of devices in a single AWS region. This alarming weakness was discovered through a clever hack that allowed tokay0 to harvest serial numbers and execute commands remotely.

CISA Leak Exposes Gaps in Incident Response, Key Management
A staggering 844 MB of sensitive CISA data was left exposed in a public GitHub repository for almost six months, revealing critical gaps in incident response and key management. The leak included admin credentials and plaintext passwords for internal CISA systems, raising serious concerns about security protocols.

AWS Launches Secret Cloud for Classified Workloads
AWS has launched a game-changing cloud solution, AWS Secret Cloud, designed to empower America's defense industrial base with top-secret capabilities, enabling them to accelerate mission-critical work like never before. This innovative platform allows contractors to run classified workloads securely in the cloud, slashing provisioning time from months to just days.

Anduril and AWS Merge Tech to Deploy Edge Computing on Frontlines
Imagine being able to make critical decisions in the field, in real-time - that's the power of edge computing, brought to the frontlines through the game-changing partnership between Anduril and AWS. With Anduril's ruggedized Menace-I system and AWS' cutting-edge tech, troops can access and act on vital information in a matter of minutes.

AWS Unveils AI-Powered Platform to Streamline Vulnerability Management
Discover and remediate code vulnerabilities with ease using AWS Continuum, a game-changing platform that streamlines vulnerability management with AI-powered recommendations and automated remediation. With Continuum, you can gain confidence in your security posture and automate fixes based on your own risk profiles and priorities.

Military AI Tested in Desert E-Bike Race
Imagine a high-stakes, thousand-mile e-bike race through the harsh Baja Desert - that's where a cutting-edge military AI platform is being put to the test. This innovative technology, developed by GDIT and AWS, is designed to revolutionize energy management in challenging environments.

Malicious npm Packages Target Cloud Credentials
Malicious actors are targeting cloud credentials by publishing fake npm packages that mimic popular projects, allowing them to infiltrate developer environments and gain access to sensitive AWS and Elastic credentials. In just four hours, a single attacker published 14 malicious packages using cleverly disguised names.

GitHub Repos Targeted in 5,500+ Malicious Commits
A shocking new campaign, dubbed Megalodon, has injected malware into over 5,500 GitHub repositories, putting sensitive credentials and tokens at risk of being stolen. This alarming attack highlights the growing threat of supply chain attacks, with experts warning that this could be just the beginning.

Identity Exposures Form Highways for Cyber Attacks
A single compromised identity can become a superhighway for cyber attacks, giving hackers access to nearly every critical workload a business relies on - as seen in a recent incident where a cached AWS access key on one Windows machine put 98% of the company's cloud environment at risk. Identity has become the ultimate attack path, carrying with it a multitude of permissions just waiting to be exploited.

AWS Discloses Flaw in Quick Access Control
AWS swiftly addressed a security flaw in Quick Access, discovered by Fog Security, which could have allowed unauthorized users to bypass access controls, and fortunately, no customer data was compromised. The issue was resolved in March 2026, with no action required from customers.

Attackers Exploit Amazon SES to Bypass Email Security in Phishing Campaigns
Phishing campaigns are now using Amazon's Simple Email Service to make malicious messages look legit, bypassing standard email security checks and putting victims at risk of revealing sensitive data. By exploiting Amazon SES's trusted reputation and authentication features, attackers are making it harder to spot phishing emails.