PyPI module 'ctx' that gets downloaded over 20,000 times a week has been compromised in a software supply chain attack with malicious versions stealing the developer's environment variables. The ...

Multiple malicious Python packages available on the PyPI repository were caught stealing sensitive information like AWS credentials and transmitting it to publicly exposed endpoints accessible by ...

The TeamPCP hacking group has been using credentials stolen in the recent OSS campaign to enumerate and compromise AWS ...

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes ...

Attackers have been using compromised AWS Identity and Access Management (IAM) credentials to target cloud services in a sprawling cryptomining campaign that can deploy unauthorized miners 10 minutes ...

Supply chain attacks feel like they're becoming more and more common.

Vulnerabilities and misconfiguration in a huge number of public-facing websites allowed the attackers to gain access to sensitive customer data used in AWS services. Terabytes of data belonging to ...

On Monday, Intezer malware analyst Nicole Fishbein and cybersecurity researcher Ryan Robinson said the instances, vulnerable to data theft, belong to industries including IT, cybersecurity, health, ...

Amazon Web Services has launched CloudShell, its browser-based shell for command-line access to run scripts and access various AWS resources. The developer web-based shell is for developers who prefer ...