Dark Reading

Attackers Use Stolen AWS Credentials in Cryptomining Campaign

Attackers have been using compromised AWS Identity and Access Management (IAM) credentials to target cloud services in a sprawling cryptomining campaign that can deploy unauthorized miners 10 minutes ...
Krebs on Security

CISA Admin Leaked AWS GovCloud Keys on Github

Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public ...

CISA Contractor Exposed Sensitive Credentials in Public GitHub Repository

CISA is investigating after a contractor’s public GitHub repository exposed AWS GovCloud credentials, internal files, and ...
Biometric Update

GitHub leak exposed CISA, DHS GovCloud keys, internal credentials

The exposure represents a major operational security failure at the federal agency responsible for helping defend critical ...
CRN

AWS’ EKS Kubernetes ‘Critical Security’ Flaw Exposes Credentials, Says Trend Micro

AWS said in a statement to CRN that it completed an investigation into the security flaw and determined that it ‘is not a security issue, but rather expected behavior that falls within the trust ...
Dark Reading

Cybercrime Gangs Abscond With Thousands of Orgs' AWS Credentials

Cybercriminal gangs have exploited vulnerabilities in public websites to steal Amazon Web Services (AWS) cloud credentials and other data from thousands of organizations, in a mass cyber operation ...
Bleeping Computer

Hackers target SSRF bugs in EC2-hosted sites to steal AWS credentials

A targeted campaign exploited Server-Side Request Forgery (SSRF) vulnerabilities in websites hosted on AWS EC2 instances to extract EC2 Metadata, which could include Identity and Access Management ...
Morning Overview on MSN

TeamPCP compromised the CI/CD pipelines behind Trivy, Checkmarx, and LiteLLM — stealing AWS keys from build servers worldwide

Sometime on March 19, 2026, a poisoned version of the open-source security scanner Trivy slipped into automated build ...
Infosecurity-magazine.com

Hackers Exploit Misconfigurations in Public Websites With Improperly Exposed AWS Credentials

A significant cyber operation exploiting vulnerabilities in improperly configured public websites has been linked to the Nemesis and ShinyHunters hacking groups, exposing sensitive data, including ...
CSOonline

From credentials to cloud admin in 8 minutes: AI supercharges AWS attack chain

AI-assisted attackers weaponized exposed credentials and permissive roles to move from initial access to full AWS admin control in minutes. Threat actors tore through an Amazon Web Services ...
CRN

Hackers Target AWS IMDS And EC2 To Steal Credentials: Wiz Report

‘We uncovered exploitation in the wild of a previously unknown zero-day vulnerability in a popular web service stemming from insecure use of Pandoc,’ said Wiz researchers in a new report.
Bleeping Computer

Ransomware abuses Amazon AWS feature to encrypt S3 buckets

A new ransomware campaign encrypts Amazon S3 buckets using AWS's Server-Side Encryption with Customer Provided Keys (SSE-C) known only to the threat actor, demanding ransoms to receive the decryption ...