Security news aggregator

Latest coverage for Amazon (company)

Amazon provides cloud and online services whose vulnerabilities, security advisories, and supply-chain risks can affect users and organizations.

3 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Amazon provides a large-scale cloud computing platform and an extensive e-commerce marketplace, both widely used across industries. Its cloud services offer infrastructure for hosting applications, storing data, and managing complex workflows, while its marketplace facilitates transactions between millions of buyers and sellers. These environments involve diverse user roles, APIs, and integrations with third-party services, creating multiple points of interaction and potential exposure.

Security risks include misconfigured cloud resources, such as storage buckets or access policies that unintentionally allow public or excessive permissions, leading to data exposure or unauthorized use. The e-commerce platform faces threats like account takeovers targeting customer or seller accounts, and fraud exploiting payment or order systems. Mitigating these risks requires strict identity and access management controls, continuous monitoring for unusual activity, and thorough validation of third-party components to prevent exploitation within Amazon’s complex ecosystem.

Volume over time

Weekly headline count for the current query.

Showing 3 most recent headlines Filtered view

A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale

Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that's exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software

Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web Services (AWS) Instance Metadata Service (IMDS)