Security
Headlines
HeadlinesLatestCVEs

Tag

#amazon

Trump’s Aggression Sours Europe on US Cloud Giants

Companies in the EU are starting to look for ways to ditch Amazon, Google, and Microsoft cloud services amid fears of rising security risks from the US. But cutting ties won’t be easy.

Wired
Open in Source
#web#google#microsoft#amazon#ddos#perl#aws#auth
GHSA-v63m-x9r9-8gqp: AWS CDK CLI prints AWS credentials retrieved by custom credential plugins

## Summary The AWS Cloud Development Kit (AWS CDK) [1] is an open-source software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. The AWS CDK CLI [2] is a command line tool for interacting with CDK applications. Customers can use the CDK CLI to create, manage, and deploy their AWS CDK projects. An issue exists in the AWS CDK CLI where, under certain conditions, AWS credentials may be returned in the console output. Plugins that return an `expiration `property in the credentials object are affected by this issue. Plugins that omit the `expiration` property are not affected. ## Impact When customers run AWS CDK CLI commands with credential plugins and configure those plugins to return temporary credentials by including an `expiration` property, the AWS credentials retrieved by the plugin may be returned in the console output. Any user with access where the CDK CLI was ran would have access to this output. The followi...

How to Avoid US-Based Digital Services—and Why You Might Want To

Amid growing concerns over Big Tech firms aligning with Trump administration policies, people are starting to move their digital lives to services based overseas. Here's what you need to know.

Google Acquires Wiz for Record $32 Billion

$32B Wiz acquisition: Google ramps up cloud security. Following Mandiant, this deal signals major GCP defense upgrade.

Amazon disables option to store Echo voice recordings on your device

Amazon informed Echo users in the US that the "Do not send voice recordings" feature will stop working on March 28, 2025.

Update your iPhone now: Apple patches vulnerability used in “extremely sophisticated attacks”

Apple has patched a vulnerability in iOS and iPadOS that was under active exploitation in extremely sophisticated attacks.

Hackers Exploit Cloud Misconfigurations to Spread Malware

Veriti Research reveals 40% of networks allow ‘any/any’ cloud access, exposing critical vulnerabilities. Learn how malware like XWorm…

JavaGhost Uses Amazon IAM Permissions to Phish Organizations

Unit 42 uncovers JavaGhost’s evolving AWS attacks. Learn how this threat actor uses phishing, IAM abuse, and advanced…

AI-powered SEO services: revolutionizing digital marketing

Artificial Intelligence is a tool that is currently changing how businesses approach digital marketing and SEO. Explore how your business can transform with AI-powered SEO services here.

Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail

Threat actors are targeting Amazon Web Services (AWS) environments to push out phishing campaigns to unsuspecting targets, according to findings from Palo Alto Networks Unit 42. The cybersecurity company is tracking the activity cluster under the name TGR-UNK-0011 (short for a threat group with unknown motivation), which it said overlaps with a group known as JavaGhost. TGR-UNK-0011 is known to