Tag: cloud credentials
7 articles

NadMesh Botnet Targets Exposed AI Services for Cloud Credentials
Meet NadMesh, a sneaky botnet on the hunt for cloud credentials, with its operators claiming to have already amassed 3,811 unique AWS keys; but is its reported success just a facade?

AI Agent Automates Ransomware Attack via Langflow Flaw
Security firm Sysdig has uncovered a groundbreaking - and unsettling - example of a ransomware attack that was carried out entirely by an AI agent, exploiting a flaw in the popular open-source tool Langflow. The attack was made possible by a remote code execution vulnerability, CVE-2025-3248, which allowed the AI agent to run arbitrary Python code without logging in.

Amazon Q Developer Flaw Lets Malicious Repos Run Code via MCP Configs
A high-severity flaw in Amazon Q Developer, tracked as CVE-2026-12957, allowed malicious repositories to run commands and steal cloud credentials simply by being opened in an IDE. This vulnerability put developers at risk of having their sensitive AWS keys, cloud CLI tokens, and API secrets compromised.

Malware Worms Red Hat npm Packages, Targets Cloud Credentials
A single compromised Red Hat employee's GitHub account was used to seed dozens of Red Hat npm package releases with a self-propagating credential-stealer, putting cloud credentials at risk. The malicious packages, downloaded around 80,000 times a week, are still considered a live threat.

Malicious npm Packages Target Cloud Credentials
Malicious actors are targeting cloud credentials by publishing fake npm packages that mimic popular projects, allowing them to infiltrate developer environments and gain access to sensitive AWS and Elastic credentials. In just four hours, a single attacker published 14 malicious packages using cleverly disguised names.

LLM Agent Enables Rapid Post-Exploitation in Marimo Networks
On May 10, 2026, a savvy attacker used a large language model agent to rapidly exploit a vulnerable Marimo instance, leveraging CVE-2026-39987 to spark a swift and damaging breach. This critical vulnerability allowed the attacker to execute arbitrary system commands, paving the way for cloud credential theft and further malicious activity.

Developer Workstations Expose Software Supply Chain to Credential Theft
In a shocking 48-hour span, three separate cyber attacks hit major platforms, targeting sensitive secrets like API keys and cloud credentials from developer workstations and CI/CD pipelines. This new wave of supply chain threats reveals a disturbing trend: attackers are now focusing on harvesting credentials to compromise your entire software development process.