bitnewsbot

Pandoc CVE-2025-51591 Exploited to Target AWS IMDS Credentials

Cloud security firm Wiz reported in-the-wild exploitation attempts against a vulnerability in the Linux utility Pandoc, aiming to breach the Amazon Web Services (AWS) Instance Metadata Service (IMDS).
SecurityWeek

Hackers Target Popular Nx Build System in First AI-Weaponized Supply Chain Attack

With more than 4 million weekly downloads, the Nx build platform became the first known supply chain breach where hackers weaponized AI assistants for data theft. Hackers stole thousands of ...
GitHub

Configure AWS Credentials for GitHub Actions

Configure your AWS credentials and region environment variables for use in other GitHub Actions. This action implements the AWS JavaScript SDK credential resolution chain and exports session ...
SiliconANGLE

AWS open-sources Strands Agents SDK to ease AI agent development

Amazon Web Services Inc. today released Strands Agents SDK, an open-source toolkit for developing artificial intelligence agents. The project’s code is available on GitHub. AWS originally created ...
CSOonline

Hackers target SSRF flaws to steal AWS credentials

In a new campaign, threat actors have been trying to access EC2 Instance Metadata, which consists of sensitive virtual server information like IP address, instance ID, and security credentials by ...
Bleeping Computer

Hackers target SSRF bugs in EC2-hosted sites to steal AWS credentials

A targeted campaign exploited Server-Side Request Forgery (SSRF) vulnerabilities in websites hosted on AWS EC2 instances to extract EC2 Metadata, which could include Identity and Access Management ...
The Hacker News

12,000+ API Keys and Passwords Found in Public Datasets Used for LLM Training

A dataset used to train large language models (LLMs) has been found to contain nearly 12,000 live secrets, which allow for successful authentication. The findings once again highlight how hard-coded ...
Mobile ID News

Regula Adds Complete Digital Travel Credentials Support to Document Reader SDK

Regula has announced comprehensive support for Digital Travel Credentials (DTCs) in its latest Document Reader SDK update, implementing features that meet International Civil Aviation Organization ...
The Record

‘Codefinger’ hackers encrypting Amazon cloud storage buckets

Cybercriminals have begun to encrypt data held in Amazon storage tools used by thousands of organizations around the globe. Researchers with the cybersecurity firm Halcyon documented a recent trend of ...
CSOonline

Volkswagen massive data leak caused by a failure to secure AWS credentials

VW also failed to meet regulatory requirements for data security, and even violated its own terms of service, said analyst. A failure to properly protect access to ...
Yahoo

AWS customers hit by major cyberattack which then stored stolen credentials in plain sight

Misconfigured cloud instances have once again been abused to steal sensitive information such as login credentials, API keys, and more. This time around, the victims were countless Amazon Web Services ...