A misconfigured AWS CodeBuild webhook allowed bypass of actor ID checks, risking takeover of four AWS GitHub repositories before fixes in Sep 2025.

A critical misconfiguration in AWS's CodeBuild service allowed complete takeover of the cloud provider's own GitHub repositories and put every AWS environment in the world at risk, according to Wiz ...

Amazon’s AWS GuardDuty security team is warning of an ongoing crypto-mining campaign that targets its Elastic Compute Cloud (EC2) and Elastic Container Service (ECS) using compromised credentials for ...

Attackers have been using compromised AWS Identity and Access Management (IAM) credentials to target cloud services in a sprawling cryptomining campaign that can deploy unauthorized miners 10 minutes ...

An ongoing campaign discovered on November 2, 2025, targets AWS customers by exploiting compromised Identity and Access Management (IAM) credentials to conduct unauthorized cryptocurrency mining. The ...

The new markdown-based format aims to provide structured, natural language workflows for AI agents, addressing unpredictability and maintenance issues seen in earlier approaches. AWS is open-sourcing ...

Attackers are abusing Amazon Web Services' (AWS) Simple Email Service (SES) via legitimate open source tools to steal credentials and infiltrate organizations to execute network reconnaissance. In ...

Cloud security firm Wiz reported in-the-wild exploitation attempts against a vulnerability in the Linux utility Pandoc, aiming to breach the Amazon Web Services (AWS) Instance Metadata Service (IMDS).

The AWS SDK for JavaScript v3 is a rewrite of v2 with some great new features. As with version 2, it enables you to easily work with Amazon Web Services, but has a modular architecture with a separate ...

With more than 4 million weekly downloads, the Nx build platform became the first known supply chain breach where hackers weaponized AI assistants for data theft. Hackers stole thousands of ...

AWS power users often possess multiple IAM accounts with which they execute terminal commands and CLI operations. For example, an AWS developer might rely on separate accounts to manage Kubernetes ...