#aws

Veriti Research reveals 40% of networks allow ‘any/any’ cloud access, exposing critical vulnerabilities. Learn how malware like XWorm…

Unit 42 uncovers JavaGhost’s evolving AWS attacks. Learn how this threat actor uses phishing, IAM abuse, and advanced…

Threat actors are targeting Amazon Web Services (AWS) environments to push out phishing campaigns to unsuspecting targets, according to findings from Palo Alto Networks Unit 42. The cybersecurity company is tracking the activity cluster under the name TGR-UNK-0011 (short for a threat group with unknown motivation), which it said overlaps with a group known as JavaGhost. TGR-UNK-0011 is known to

Three more stalkerware apps have been found to leak data of both victims and customers alike: Spyzie, Cocospy, and Spyic

A Dallas, Texas-based clinical research firm had its database exposed, containing sensitive personal healthcare records of over 1.6…

FBI and CISA warn of Ghost ransomware, a China-based cyber threat targeting businesses, schools, and healthcare worldwide by exploiting software vulnerabilities.

Hermes versions up to 0.4.0 improperly validated the JWT provided when using the AWS ALB authentication mode, potentially allowing for authentication bypass. This vulnerability, CVE-2025-1293, was fixed in Hermes 0.5.0.

Cybersecurity researchers have disclosed a new type of name confusion attack called whoAMI that allows anyone who publishes an Amazon Machine Image (AMI) with a specific name to gain code execution within the Amazon Web Services (AWS) account. "If executed at scale, this attack could be used to gain access to thousands of accounts," Datadog Security Labs researcher Seth Art said in a report

## Description Label Studio's S3 storage integration feature contains a Server-Side Request Forgery (SSRF) vulnerability in its endpoint configuration. When creating an S3 storage connection, the application allows users to specify a custom S3 endpoint URL via the s3_endpoint parameter. This endpoint URL is passed directly to the boto3 AWS SDK without proper validation or restrictions on the protocol or destination. The vulnerability allows an attacker to make the application send HTTP requests to arbitrary internal services by specifying them as the S3 endpoint. When the storage sync operation is triggered, the application attempts to make S3 API calls to the specified endpoint, effectively making HTTP requests to the target service and returning the response in error messages. This SSRF vulnerability enables attackers to bypass network segmentation and access internal services that should not be accessible from the external network. The vulnerability is particularly severe because ...

LLMjacking attacks target DeepSeek, racking up huge cloud costs. Sysdig reveals a black market for LLM access has…