#amazon

To reduce the number of harmful apps targeting Android users, Google is making some changes.

Fake Gmail security alerts are tricking users into inadvertently handing over control of their accounts to scammers. Here's what to look for.

**Summary** [Amazon Elastic Container Service (Amazon ECS)](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html) is a fully managed container orchestration service that enables customers to deploy, manage, and scale containerized applications. Amazon ECS container agent provides an [introspection API](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/introspection-diag.html) that provides information about the overall state of the Amazon ECS agent and the container instances. We identified CVE-2025-9039, an issue in the Amazon ECS agent. **Impact** Under certain conditions, this issue could allow an introspection server to be accessed off-host by another instance if the instances are in the same security group or if their security groups allow incoming connections that include the port where the server is hosted. This issue does not affect instances where the option to allow off-host access to the introspection server is set to 'false'. Impacted vers...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Third-Party Components in SINEC OS Vulnerabilities: Improper Input Validation, Use After Free, Out-of-bounds Read, Incorrect Check of Function Return Value, Incorrect Comparison, Improper Control of Resource Identifiers ('Resource Injection'), Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'), NULL Pointer Dereference, Excessive Platform Resource Consumption within a Loop, Allocation of Resources Without Limits or Throttling, Improper Restriction of Operations within the Bounds of a Memory Buffer, Buffer Copy with...

Fake Minecraft clone Eaglercraft 1.12 Offline spreads NjRat spyware stealing passwords, spying via webcam and microphone, warns Point…

Scammers are using the age old tactic of scaring victims into clicking by sending out fake product recall messages from Amazon.

A carmaker has been found to be open to leaking vehicle data and customer information through their dealership portal.

A software developer discovered a way to abuse an undocumented protocol in Amazon's Elastic Container Service to escalate privileges, cross boundaries and gain access to other cloud resources.

Cybersecurity researchers have demonstrated an "end-to-end privilege escalation chain" in Amazon Elastic Container Service (ECS) that could be exploited by an attacker to conduct lateral movement, access sensitive data, and seize control of the cloud environment. The attack technique has been codenamed ECScape by Sweet Security researcher Naor Haziz, who presented the findings today at the

Everest ransomware claims Mailchimp breach, leaks 943,000 lines of data. While limited in size, it adds to a spike in global ransomware activity this July.