The Hacker News

AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks

A misconfigured AWS CodeBuild webhook allowed bypass of actor ID checks, risking takeover of four AWS GitHub repositories before fixes in Sep 2025.
The Register on MSN

A simple CodeBuild flaw put every AWS environment at risk – and pwned the central nervous ...

And it's 'not unique to AWS,' researcher tells The Reg A critical misconfiguration in AWS's CodeBuild service allowed ...
Bleeping Computer

Amazon: Ongoing cryptomining campaign uses hacked AWS accounts

Amazon’s AWS GuardDuty security team is warning of an ongoing crypto-mining campaign that targets its Elastic Compute Cloud (EC2) and Elastic Container Service (ECS) using compromised credentials for ...
Dark Reading

Attackers Use Stolen AWS Credentials in Cryptomining Campaign

Attackers have been using compromised AWS Identity and Access Management (IAM) credentials to target cloud services in a sprawling cryptomining campaign that can deploy unauthorized miners 10 minutes ...
The Hacker News

Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign

An ongoing campaign has been observed targeting Amazon Web Services (AWS) customers using compromised Identity and Access Management (IAM) credentials to enable cryptocurrency mining. The activity, ...
bitnewsbot

New Crypto Mining Campaign Targets AWS via Stolen IAM Credentials

An ongoing campaign discovered on November 2, 2025, targets AWS customers by exploiting compromised Identity and Access Management (IAM) credentials to conduct unauthorized cryptocurrency mining. The ...
InfoWorld

AWS open-sources Agent SOPs to simplify AI agent development

The new markdown-based format aims to provide structured, natural language workflows for AI agents, addressing unpredictability and maintenance issues seen in earlier approaches. AWS is open-sourcing ...
Dark Reading

'TruffleNet' Attack Wields Stolen Credentials Against AWS

Attackers are abusing Amazon Web Services' (AWS) Simple Email Service (SES) via legitimate open source tools to steal credentials and infiltrate organizations to execute network reconnaissance. In ...
bitnewsbot

Pandoc CVE-2025-51591 Exploited to Target AWS IMDS Credentials

Cloud security firm Wiz reported in-the-wild exploitation attempts against a vulnerability in the Linux utility Pandoc, aiming to breach the Amazon Web Services (AWS) Instance Metadata Service (IMDS).
GitHub

AWS SDK for JavaScript v3

The AWS SDK for JavaScript v3 is a rewrite of v2 with some great new features. As with version 2, it enables you to easily work with Amazon Web Services, but has a modular architecture with a separate ...
SecurityWeek

Hackers Target Popular Nx Build System in First AI-Weaponized Supply Chain Attack

With more than 4 million weekly downloads, the Nx build platform became the first known supply chain breach where hackers weaponized AI assistants for data theft. Hackers stole thousands of ...