Security Hub Extended Plan reaches GA with 14+ partners on day one, the launch most enterprises have been waiting for. LexisNexis loses 2 GB via a misconfigured AWS environment. Three AWS-LC crypto library CVEs land in one drop. VPC Encryption Controls move from preview to paid.
$ tail -f /var/log/aws-security.logAWS launches the Security Hub Extended Plan, offering curated partner solutions from CrowdStrike, Okta, SailPoint, Splunk, Zscaler, Noma, Proofpoint, and others. Pay-as-you-go or flat-rate pricing, single billing, consolidated support. Security Hub is evolving from a finding aggregator into a full security operations platform.
Threat actor FulcrumSec exploited a React2Shell vulnerability in an unpatched React frontend to breach LexisNexis AWS infrastructure. Exfiltrated approximately 2.04 GB including 536 Redshift tables, 53 plaintext Secrets Manager secrets, 3.9M database records, and 21K customer accounts. Data was primarily legacy/deprecated pre-2020 information. Root cause: an overprivileged ECS task role with access to secrets and databases.
VPC Encryption Controls transitioned from free preview to paid feature at $0.15/hour per non-empty VPC in us-east-1 (varies by region). Supports monitor mode (detect unencrypted traffic) and enforce mode (prevent it). Budget carefully before enabling org-wide.
$ cat /var/reports/CVE_REPORT.txtPKCS7_verify in AWS-LC (v1.41.0 - v1.69.0) fails to properly validate certificate chains, allowing specially crafted certificates to bypass verification. Fixed in AWS-LC v1.69.0 / aws-lc-sys v0.38.0.
AES-CCM implementation in AWS-LC (v1.21.0+, including FIPS versions) is vulnerable to a timing side-channel attack. Workaround available; avoid AES-CCM if possible, prefer AES-GCM.
PKCS7_verify signature validation bypass in AWS-LC. Companion vulnerability to CVE-2026-3336. Fixed in AWS-LC v1.69.0.
$ aws securityhub get-findings --query 'ServiceUpdates'Noma's AI security platform (AI-SPM, Red Teaming, Runtime Protection) is now available through Security Hub Extended for Amazon Bedrock, SageMaker, and third-party AI workloads.
SailPoint's identity security platform integrated with Security Hub Extended for centralized identity governance alongside security operations.
AWS WAF launches an AI Activity Dashboard that provides visibility into AI-generated traffic hitting your applications. The dashboard covers 650+ AI bot signatures and helps distinguish between beneficial AI crawlers (like search indexers) and malicious scraping bots. Available in the WAF console under the Bot Control tab.
$ cat WEEKLY_SUMMARY.mdThis was the most eventful week of Q1. The LexisNexis breach is a textbook example of why least-privilege matters - a single overprivileged ECS task role gave attackers access to Redshift, Secrets Manager, and databases. The three AWS-LC CVEs should be patched immediately if you use the library directly. And Security Hub Extended signals AWS's ambition to be the single pane of glass for enterprise security.
These weekly digests are a starting point. Contact us for tailored threat briefings, security assessments, and architectural guidance for your AWS environment.