A CVSS 8.4 command injection in AWS's new Kiro IDE lets a crafted project execute code the moment you open it. Client VPN gets simplified onboarding. AWS is named ISG Leader for Sovereign Cloud for the third year running.
$ tail -f /var/log/aws-security.logAWS simplified Client VPN onboarding to require only three inputs: IPv4 CIDR, server certificate ARN, and subnet selection. Available at no additional cost in all supported regions. Dramatically lowers the barrier for secure remote access.
For the third consecutive year, AWS was named a Leader in the ISG Provider Lens Quadrant report for Sovereign Cloud Infrastructure Services (EU). This validates AWS's investment in data sovereignty controls.
Security and critical updates released for all Corretto LTS versions: 25.0.2, 21.0.10, 17.0.18, 11.0.30, and 8u482. Patch immediately if running Java workloads on AWS.
$ cat /var/reports/CVE_REPORT.txtOpening a maliciously crafted workspace in Kiro IDE triggers arbitrary command execution via the GitLab Merge Request Helper. High severity (CVSS 8.4). Fixed in Kiro v0.6.18. Update immediately if using Kiro IDE.
$ cat WEEKLY_SUMMARY.mdThe Kiro IDE CVE is worth immediate attention - CVSS 8.4 command injection via malicious workspaces. If your team uses Kiro, ensure v0.6.18 or later is deployed. The Client VPN quickstart is a nice quality-of-life improvement for teams struggling with VPN setup complexity.
These weekly digests are a starting point. Contact us for tailored threat briefings, security assessments, and architectural guidance for your AWS environment.