Bleeping Computer

Popular Python and PHP libraries hijacked to steal AWS keys

PyPI module 'ctx' that gets downloaded over 20,000 times a week has been compromised in a software supply chain attack with malicious versions stealing the developer's environment variables. The ...
Bleeping Computer

PyPi python packages caught sending stolen AWS keys to unsecured sites

Multiple malicious Python packages available on the PyPI repository were caught stealing sensitive information like AWS credentials and transmitting it to publicly exposed endpoints accessible by ...
SecurityWeek

TeamPCP Moves From OSS to AWS Environments

The TeamPCP hacking group has been using credentials stolen in the recent OSS campaign to enumerate and compromise AWS ...
CSO Online

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes ...
Dark Reading

Attackers Use Stolen AWS Credentials in Cryptomining Campaign

Attackers have been using compromised AWS Identity and Access Management (IAM) credentials to target cloud services in a sprawling cryptomining campaign that can deploy unauthorized miners 10 minutes ...
CSOonline

AWS customers face massive breach amid alleged ShinyHunters regroup

Vulnerabilities and misconfiguration in a huge number of public-facing websites allowed the attackers to gain access to sensitive customer data used in AWS services. Terabytes of data belonging to ...
TechRepublic

Androxgh0st Malware Botnet Steals AWS, Microsoft Credentials and More

The Androxgh0st malware botnet is used for victim identification and exploitation in targeted networks, as well as credentials collection. Read the FBI/CISA's tips for protecting against this malware ...