#aws

A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the same MD5 hash. This issue can cause integrity problems within the pipeline, potentially leading to erroneous processing outcomes.

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOL_SCRAPE_WEBSITE_CONTENT endpoint. This vulnerability allows an attacker to read files, access AWS metadata, and interact with local services on the system.

Today, ensuring the security and integrity of your software supply chain is more critical than ever. Red Hat Advanced Cluster Security for Kubernetes is focused on providing users the tools to tackle the greatest security challenges.One essential tool in this effort is the software bill of materials (SBOM), which provides a comprehensive list of all components and libraries used within a software product. With the growing importance of SBOMs for supply chain security—especially in light of the NIST Executive Order—Red Hat Advanced Cluster Security 4.7 introduces new features for generating

$32B Wiz acquisition: Google ramps up cloud security. Following Mandiant, this deal signals major GCP defense upgrade.

A shocking amount of iOS apps in Apple's App Store contained hard-coded secrets. Secrets that could lead criminals to user data.

## Description The LocalS3 project, an S3-compatible storage service, is vulnerable to XML External Entity (XXE) injection through its bucket tagging API. The vulnerability exists because the application processes XML input without properly disabling external entity resolution. When processing XML data for bucket tagging operations, the application allows the definition and resolution of external entities. This vulnerability allows an attacker to read arbitrary files from the server's filesystem by defining an external entity that references local files. The vulnerability is particularly severe because it allows direct access to sensitive files on the server's filesystem, bypassing any intended access controls. The XXE vulnerability can be exploited to read any file that the application process has access to, potentially exposing sensitive configuration files, credentials, or other confidential information. ## Steps to Reproduce 1. Create a bucket in the LocalS3 service using any S3...

Veriti Research reveals 40% of networks allow ‘any/any’ cloud access, exposing critical vulnerabilities. Learn how malware like XWorm…

Unit 42 uncovers JavaGhost’s evolving AWS attacks. Learn how this threat actor uses phishing, IAM abuse, and advanced…

Threat actors are targeting Amazon Web Services (AWS) environments to push out phishing campaigns to unsuspecting targets, according to findings from Palo Alto Networks Unit 42. The cybersecurity company is tracking the activity cluster under the name TGR-UNK-0011 (short for a threat group with unknown motivation), which it said overlaps with a group known as JavaGhost. TGR-UNK-0011 is known to

Three more stalkerware apps have been found to leak data of both victims and customers alike: Spyzie, Cocospy, and Spyic