Weekly AWS Security News
CVEs, service updates, breach analysis, and threat intelligence. Your curated weekly digest for cloud security professionals.
By Toc Consulting - AWS Security & Cloud Architecture
Security Hub Hunts Down Unused Access
Security Hub learns to find identity risk that no one is using: unused IAM permissions, roles, and credentials, measured against 90 days of real activity. The Extended plan grows to 21 partners across 9 categories. Secrets Manager Agent picks up pre-fetching and cross-account role assumption, and Amazon Inspector Classic reaches end of support.
DirtyFrag Hits Half of AWS
AWS publishes bulletin 2026-030-AWS, a single rolling document for the Copy.fail / DirtyFrag Linux kernel privilege-escalation class. If you run Amazon Linux, Bottlerocket, ECS, EKS, EMR, Fargate, or SageMaker, this is the bulletin you bookmark. Security Agent meanwhile learns to read whole repositories.
The DirtyFrag Bulletin Begins
AWS opens what will become the defining CVE story of May: a Linux kernel privilege escalation tracked across half a dozen services. JDBC Wrapper ships column-level client-side encryption via KMS. AgentCore previews agent-to-agent payments via Coinbase and Stripe. AWS MCP Server reaches GA. WorkSpaces for AI Agents enters preview.
Five FreeRTOS CVEs, One ECS RCE, One WorkSpaces LPE
Heavy patch week if you ship IoT on FreeRTOS or run Windows containers: five FreeRTOS CVEs across three bulletins, an ECS Agent command injection to SYSTEM, a WorkSpaces local-privilege escalation. AWS CIRT publishes the March 2026 attacker-technique catalog with three notable new entries. Audit Manager officially closes to new customers. The What's Next with AWS 2026 event lands with the OpenAI partnership.
AWS Picks a Fight with Quantum Decryption
Secrets Manager rolls out hybrid post-quantum TLS using ML-KEM, baked into the agent, the Lambda extension, and the CSI driver. Three CVE bulletins land in the same week (QnABot, Ops Wheel, tough/tuftool). AWS finally gives the IAM Service Authorization Reference the deep-dive treatment.
Vercel Got Pwned Through a Calendar App
A Vercel employee had OAuth-trusted Context.ai with their corporate Google account. Lumma Stealer hit Context.ai. The attacker walked from Google Workspace into Vercel and read non-sensitive environment variables. Also this week: Vect ransomware lists Trivy/LiteLLM victims, AWS patches EFS CSI and Encryption SDK for Python.
Axios CVE Looks Bad on Paper, Works Mostly Nowhere
A CVSS 9.9 in Axios chains prototype pollution into IMDSv2 credential theft. Node.js already blocks the technique at the runtime layer, so production Node apps are mostly safe. Browser apps and other runtimes are not. AWS also ships Project Glasswing with Anthropic and patches a Firecracker virtio-pci out-of-bounds write.
Two AWS Agents Reach GA the Same Day
Security Agent and DevOps Agent both ship to general availability after their re:Invent 2025 preview. S3 finally rolls out the SSE-C default-off across 37 Regions, the kill announced back in January. Audit Manager stops onboarding new customers as of April 30.
The European Commission Lost Its AWS Account
Over 350 GB stolen from the European Commission's AWS environment, confirmed publicly March 27. AWS clarifies its services were not breached, this is shared-responsibility 101 played out at the highest level of EU government. LiteLLM packages get backdoored to steal IMDS credentials. RSAC 2026 happens in San Francisco.
Four CVEs, One Cisco Zero-Day, One Trivy Compromise
AWS issues four security bulletins in a single week, signaling fresh scrutiny on developer tooling and cryptographic libraries. Trivy CI/CD pipelines get backdoored by TeamPCP. Amazon publishes 36-day-old honeypot intel on Interlock ransomware exploiting Cisco Firewall Management Center.
Security Hub Goes Multicloud, Sovereign Cloud Gets SOC 2
Security Hub Extended officially expands to AWS, Azure, GCP, OCI, and Kubernetes, the long-anticipated cross-cloud play. European Sovereign Cloud completes SOC 2 Type 2 and BSI C5 audits. IAM Roles Anywhere ships post-quantum signing via ML-DSA. Inspector Classic gets a May 2026 EOL date.
AgentCore Picks Up Cedar Policies
Bedrock AgentCore Policy hits GA, mixing LLM authorship with Cedar policy-as-code, the first AWS service to do that at scale. IAM gets a simplified role-creation flow with inline panels. AWS adds DESC 2026 certification for the UAE.
The Heaviest Security Week of Q1
Security Hub Extended Plan reaches GA with 14+ partners on day one, the launch most enterprises have been waiting for. LexisNexis loses 2 GB via a misconfigured AWS environment. Three AWS-LC crypto library CVEs land in one drop. VPC Encryption Controls move from preview to paid.
600 FortiGate Boxes Compromised, 55 Countries
Amazon publishes the full picture of the AI-augmented FortiGate campaign tracked since Week 5: 600+ devices compromised across 55 countries, with LLM-generated tooling automating reconnaissance through lateral movement. AWS development tools get the agent-plugin treatment. Kiro IDE expands to GovCloud.
Aurora Now Encrypts by Default
New Aurora clusters get encryption at rest with zero opt-in, closing a gap that has caused too many "we forgot to enable encryption" audit findings. AWS Backup adds PrivateLink for SAP HANA workloads. Elastic Beanstalk patches a Windows Server vulnerability.
Security Groups Finally Tell You What Uses Them
Security Groups finally show a "Related Resources" tab listing every dependent resource, a quality-of-life win years overdue. Security Agent now scopes shared VPCs. Claude Opus 4.6 lands in Amazon Bedrock.
The FortiGate Campaign Starts Buzzing
Amazon Threat Intelligence begins tracking an AI-augmented campaign compromising FortiGate enterprise firewalls at scale. STS OIDC federation enhancements ship. SageMaker quietly tightens its public endpoint defaults.
Security Agent Reads Your GitHub
Security Agent extends preview support to GitHub Enterprise Cloud, so your code, IaC, and supply chain now sit on the same scanning surface. Network Firewall picks up GenAI traffic classification. S3 lets you change a bucket's encryption type without re-uploading objects.
The European Sovereign Cloud Goes Live
AWS European Sovereign Cloud goes live in Brandenburg, run by EU residents under German law, physically and logically isolated from other Regions. The Sovereign Reference Framework establishes how it is governed.
Kiro IDE Ships RCE in Its Welcome Mat
A CVSS 8.4 command injection in AWS's new Kiro IDE lets a crafted project execute code the moment you open it. Client VPN gets simplified onboarding. AWS is named ISG Leader for Sovereign Cloud for the third year running.
S3 SSE-C Encryption Gets the Boot
AWS announces SSE-C will be disabled by default on new general-purpose S3 buckets starting April 2026, closing the Codefinger ransomware vector. Security Hub and Security Agent updates from re:Invent 2025 keep rolling out.
Stay Ahead of AWS Security Changes
We publish a new digest every week covering the most impactful AWS security announcements, CVEs, and threat intelligence. Bookmark this page or contact us for custom briefings.
Get in Touch