The Hacker News

Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign

Amazon reports a new AWS crypto mining campaign abusing IAM credentials, ECS, EC2, and termination protection for persistence ...
Virtualization Review

Creating an IAM Role for the AWS Fault Injection Simulator

Brien walks through the process of creating an IAM role for the AWS Fault Injection Simulator in order to find out what happens when an EC2 spot instance is interrupted. I recently wrote a blog post ...
CSOonline

ECScape: New AWS ECS flaw lets containers hijack IAM roles without breaking out

Naor Haziz’s discovery shows how a compromised container on EC2-backed ECS tasks can impersonate the ECS agent and steal IAM credentials from other tasks—without host access. At Black Hat USA 2025, ...
InfoQ

AWS Adds Automated Detection of Unused IAM Roles, Users, and Permissions

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
CSOonline

AWS environments compromised through exposed .env files

Attackers collected Amazon Web Services keys and access tokens to various cloud services from environment variables insecurely stored in tens of thousands of web applications. A data extortion ...
Dark Reading

Privilege Escalation Issue in Amazon ECS Leads to IAM Hijacking

BLACK HAT USA – Las Vegas – Thursday, Aug. 7 — A privilege escalation issue in Amazon's Elastic Container Service (ECS) could be used by an attacker to steal credentials and access other cloud ...
TheServerSide

Top 5 AWS root account best practices

Community driven content discussing all aspects of software development from DevOps to design patterns. Keeping your Amazon account secure is a major concern for every AWS user and admin. Here are the ...