Skip to main content

Tag: cloud credentials

7 articles

Dimly lit server room with rows of racked servers and networking gear.

NadMesh Botnet Targets Exposed AI Services for Cloud Credentials

Meet NadMesh, a sneaky botnet on the hunt for cloud credentials, with its operators claiming to have already amassed 3,811 unique AWS keys; but is its reported success just a facade?

Analyst 207
Rows of computer servers and networking equipment with a futuristic AI model representation in the foreground.

AI Agent Automates Ransomware Attack via Langflow Flaw

Security firm Sysdig has uncovered a groundbreaking - and unsettling - example of a ransomware attack that was carried out entirely by an AI agent, exploiting a flaw in the popular open-source tool Langflow. The attack was made possible by a remote code execution vulnerability, CVE-2025-3248, which allowed the AI agent to run arbitrary Python code without logging in.

Analyst 207
Developer workstation with IDE open, laptop screen showing code, and terminal in background.

Amazon Q Developer Flaw Lets Malicious Repos Run Code via MCP Configs

A high-severity flaw in Amazon Q Developer, tracked as CVE-2026-12957, allowed malicious repositories to run commands and steal cloud credentials simply by being opened in an IDE. This vulnerability put developers at risk of having their sensitive AWS keys, cloud CLI tokens, and API secrets compromised.

Analyst 207
Server room with rows of computer servers and cables, laptops in foreground with some monitors displaying code or data.

Malware Worms Red Hat npm Packages, Targets Cloud Credentials

A single compromised Red Hat employee's GitHub account was used to seed dozens of Red Hat npm package releases with a self-propagating credential-stealer, putting cloud credentials at risk. The malicious packages, downloaded around 80,000 times a week, are still considered a live threat.

Analyst 207
Developer workspace with laptop, terminal, and notes, hint of cloud diagram in background.

Malicious npm Packages Target Cloud Credentials

Malicious actors are targeting cloud credentials by publishing fake npm packages that mimic popular projects, allowing them to infiltrate developer environments and gain access to sensitive AWS and Elastic credentials. In just four hours, a single attacker published 14 malicious packages using cleverly disguised names.

Analyst 207
Automation symbol superimposed over network equipment and cables.

LLM Agent Enables Rapid Post-Exploitation in Marimo Networks

On May 10, 2026, a savvy attacker used a large language model agent to rapidly exploit a vulnerable Marimo instance, leveraging CVE-2026-39987 to spark a swift and damaging breach. This critical vulnerability allowed the attacker to execute arbitrary system commands, paving the way for cloud credential theft and further malicious activity.

Analyst 207
Empty developer workstation with laptop and peripherals on a neutral background.

Developer Workstations Expose Software Supply Chain to Credential Theft

In a shocking 48-hour span, three separate cyber attacks hit major platforms, targeting sensitive secrets like API keys and cloud credentials from developer workstations and CI/CD pipelines. This new wave of supply chain threats reveals a disturbing trend: attackers are now focusing on harvesting credentials to compromise your entire software development process.

Analyst 207