🛎️ AWS Security Digest 227 is out! 1️⃣ Comparing CSP-Managed Machine Identities by Kat Traxler 2️⃣ Profiling Sea Turtle: Tactics, History & Defenses by Invictus awssecuritydigest.com/past-issues/aw…

➕ Cloud Heavy, Hybrid Ready: Lessons from BlackBasta and Scattered Spider ✍️ Author: Unknown Two of the most prolific threat groups—BlackBasta and Scattered Spider—are changing the playbook on hybrid and cloud compromise. This write-up from Invictus IR breaks down how they

➕ How I Fell in Love With Cloud Security (And Why You Should Care) ✍️ Sena Yakut This is not just another origin story. Sena Yakut takes you on a reflective but highly practical journey into the layered, fast-evolving world of cloud security—from curiosity to career calling.

⭐ Cloud Threats on the Rise: Alert Trends Show Intensified Attacker Focus on IAM, Exfiltration ✍️ Nathaniel Quist Palo Alto Networks' Unit 42 dives deep into 2025 cloud security telemetry—and the findings should set off alarms. Nathaniel Quist breaks down threat trends across

⭐ Cloud Threats on the Rise: Alert Trends Show Intensified Attacker Focus on IAM, Exfiltration ✍️ Nathaniel Quist Based on 43 billion cloud security events, Unit 42’s latest report exposes how threat actors are evolving—and what security teams are missing. 🔍 Some standout

🛎️ AWS Security Digest 228 is out! 1️⃣ Creating an OpenSearch Service cluster and configuring authentication and authorization by Arseny Zinchenko 2️⃣ A Candid Perspective on the Cloud Threat Landscape: A Recap from fwd:cloudsec EU by Invictus 3️⃣ Is GDLockerSec Really Targeting

⭐ Invoking Misconfigured API Gateways from Any External AWS Accounts ✍️ Eduard Agavriloae Misconfigured API Gateway policies can quietly open the door to unauthorized external access—and Eduard Agavriloae walks through exactly how and why. This post breaks down a powerful

🧨 The Complexity of Detecting Amazon S3 and KMS Ransomware ✍️ Jason Kao Ransomware in the cloud isn't just about encrypting files—it’s about leveraging your own services against you. Jason Kao dives deep into the under-discussed nuances of detecting S3 and KMS-based ransomware,

🚨 Path Traversal Vulnerability in AWS SSM Agent's Plugin ID Validation ✍️ Elad Beber Elad Beber uncovers a subtle but serious path traversal vulnerability in the AWS SSM Agent, tied to its handling of plugin IDs—offering attackers a route to execute unintended binaries via a

🔓 Gaining Long-Term AWS Access with CodeBuild and GitHub ✍️ Adan Alvarez Adan Alvarez drops a sharp, hands-on walkthrough of how an attacker can pivot from a GitHub Actions leak to persistent AWS access via CodeBuild — and it’s a must-read for defenders and red teamers alike.

🛎️ AWS Security Digest 229 is out! 1️⃣ Using RCP in OpenSearch: Odd fit or a glimpse of the future? by Hafsa Hafeez 2️⃣ Adding Determinism and Safety to Uber IAM Policy Changes by Avinash Srivenkatesh, Zi Wen, Zakir Akram 3️⃣ IMDS Abused: Hunting Rare Behaviors to Uncover

Handling Network Throttling with AWS EC2 at Pinterest By: Jia Zhan & Sachin Holla Pinterest engineering shares a deep dive into how they tackled mysterious EC2 network throttling that impacted critical services—and how they engineered their way out of it. 🧠 What makes this

dAWShund – Framework to Put a Leash on Naughty AWS Permissions By: Nikolas Mantas Struggling to wrangle excessive or dangerous AWS permissions? dAWShund is a new open-source framework built to detect, analyze, and mitigate IAM risks across large environments—without depending on

📊 Datadog Threat Roundup: Top Insights for Q1 2025 By: Matt Muir, Frederic Baguelin, Nathaniel Beckstead, Greg Foss, Adrian Korn What happens when threat actors move faster than your detection pipeline? This Q1 2025 roundup from Datadog Security Labs reveals the speed,

🔍 Introducing a New Way to Track AWS Documentation Changes By: Liad Eliyahu Keeping up with AWS documentation updates can feel like chasing a moving target. Liad Eliyahu presents a purpose-built solution that gives developers and security teams actual visibility into what’s

🧨 Overwriting a File in S3 Does Not Require DeleteObject Permissions By Rob De Jager Think DeleteObject is needed to overwrite files in S3? Think again. Rob De Jager dives into a subtle but critical IAM behavior that many miss — and attackers could exploit. 🧠 Key takeaways:

🛎️ AWS Security Digest 230 is out! 1️⃣ Weaponizing AWS X-Ray for Command & Control by Dhiraj Mishra 2️⃣ Analysis of AWS CloudControl API as an attack tool by Bleon Proko 3️⃣ Introducing tokenex: an open source Go library for fetching and refreshing cloud credentials by Toader

clusterfuck: attack sims on k8s clusters By Bilal S If you're running Kubernetes in production, this one’s for you. Bilal S dives into a gritty, no-fluff walkthrough of attack simulations against real-world K8s clusters — using live misconfigs and open-source tools to replicate

🛡️ Threat Modelling Cloud Service Providers in 2025 By Chris Farris Chris Farris breaks down how cloud threats have evolved — and why your old models won't cut it in 2025. Key insights include: ✅ New threat actors targeting cloud credentials first ✅ Growing risks from supply

🔍 Secret Enumeration in Elastic Beanstalk By Tyler Ramsbey Tyler Ramsbey introduces a new Pacu module that targets AWS Elastic Beanstalk for secret discovery — and the results are eye-opening. Highlights: 🔹 Identifying environment variables that leak sensitive data 🔹 How