Hacker Added Prompt to Amazon Q to Erase Files and Cloud Data
A hacker injected a malicious prompt into Amazon Q via GitHub, aiming to delete user files and wipe AWS data, exposing a major security flaw.
aws
Government Organizations Targeted via AWS Lambda URL Endpoint Exploits
Unit 42 researchers from Palo Alto Networks have been monitoring a sophisticated threat cluster designated CL-STA-1020, which has been systematically targeting governmental entities across Southeast Asia. This operation focuses on extracting sensitive …
Mis-scoped AWS Organizations Policy Allowed Hackers to Seize Full Control of AWS Environment
Security professionals have uncovered serious vulnerabilities in AWS Organizations in a ground-breaking study by Cymulate Research Labs that might allow attackers to switch between accounts, increase privileges, and take control the entire organization…
AWS launches new cloud security features
Amazon Web Services has announced new and improved security features at its annual AWS re:Inforce cloud security conference. The company has also introduced features aimed at speeding up backup recovery, and has announced the completion of its push to …
Hackers Upload Weaponized Packages to PyPI Repositories to Steal AWS Tokens and Sensitive Data
The JFrog Security Research team has uncovered a sophisticated malicious package named “chimera-sandbox-extensions” on the Python Package Index (PyPI), a widely used repository for Python software. Uploaded by a user identified as “ch…
Critical RCE Vulnerability in AWS Amplify Studio – PoC Now Public
In May 2025, AWS disclosed a critical remote code execution (RCE) vulnerability, CVE-2025-4318, in the @aws-amplify/codegen-ui package—a core dependency for AWS Amplify Studio’s UI code generation pipeline. The flaw, rated 9.5 on the CVSS scale, stemme…
Hazy Hawk Attack Spotted Targeting Abandoned Cloud Assets Since 2023
Infoblox reveals Hazy Hawk, a new threat exploiting abandoned cloud resources (S3, Azure) and DNS gaps since Dec…
Analyze resource-based policy dependencies across your AWS Organizations accounts
Managing multiple AWS accounts in an organization can get complicated, especially when trying to understand how services and permissions are connected. The Account Assessment for AWS Organizations open-source tool helps simplify this process by giving …
AWS Study: Generative AI Tops Corporate Budget Priorities, Surpassing Cybersecurity
A new AWS study finds generative AI has become the top budget priority for 2025, surpassing cybersecurity, as businesses accelerate adoption and face talent gaps.
The post AWS Study: Generative AI Tops Corporate Budget Priorities, Surpassing Cybersecurity appeared first on eSecurity Planet.
Researchers Simulate DPRK’s Largest Cryptocurrency Heist Through Compromised macOS Developer and AWS Pivoting
Security researchers at Elastic have recreated the intricate details of the February 21, 2025, ByBit cryptocurrency heist, where approximately 400,000 ETH-valued at over a billion dollars-was stolen. Attributed to North Korea’s elite cyber unit, Trader…