Bleeping Computer

Popular Python and PHP libraries hijacked to steal AWS keys

PyPI module 'ctx' that gets downloaded over 20,000 times a week has been compromised in a software supply chain attack with malicious versions stealing the developer's environment variables. The ...
Bleeping Computer

PyPi python packages caught sending stolen AWS keys to unsecured sites

Multiple malicious Python packages available on the PyPI repository were caught stealing sensitive information like AWS credentials and transmitting it to publicly exposed endpoints accessible by ...
InfoQ

AWS Lambda Now Supports Environment Variables

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Traditional caching fails to stop "thundering ...
Dark Reading

'TruffleNet' Attack Wields Stolen Credentials Against AWS

Attackers are abusing Amazon Web Services' (AWS) Simple Email Service (SES) via legitimate open source tools to steal credentials and infiltrate organizations to execute network reconnaissance. In ...
Dark Reading

8-Minute Access: AI Accelerates Breach of AWS Environment

Attackers used a combination of found credentials and artificial intelligence (AI) to gain administrative access to an Amazon Web Services (AWS) environment in less than 10 minutes. The incident ...
Infosecurity-magazine.com

LeakyCLI Flaw Exposes AWS and Google Cloud Credentials

Security researchers have discovered a new vulnerability affecting command-line tools used in cloud environments. Dubbed “LeakyCLI” by the Orca Security team, the flaw exposes sensitive credentials in ...