https://tocconsulting.fr/weekly-news Weekly AWS security digest: CVEs, service updates, breach analysis, and threat intelligence. Curated by Toc Consulting for cloud security professionals. en-us Sun, 24 May 2026 12:00:00 GMT scripts/generate-rss.mjs https://tocconsulting.fr/logos/og-image.png https://tocconsulting.fr/weekly-news https://tocconsulting.fr/weekly-news/2026-W21 https://tocconsulting.fr/weekly-news/2026-W21 Sun, 24 May 2026 12:00:00 GMT Security Hub learns to find identity risk that no one is using: unused IAM permissions, roles, and credentials, measured against 90 days of real activity. The Extended plan grows to 21 partners across 9 categories. Secrets Manager Agent picks up pre-fetching and cross-account role assumption, and Amazon Inspector Classic reaches end of support. https://tocconsulting.fr/weekly-news/2026-W20 https://tocconsulting.fr/weekly-news/2026-W20 Sun, 17 May 2026 12:00:00 GMT AWS publishes bulletin 2026-030-AWS, a single rolling document for the Copy.fail / DirtyFrag Linux kernel privilege-escalation class. If you run Amazon Linux, Bottlerocket, ECS, EKS, EMR, Fargate, or SageMaker, this is the bulletin you bookmark. Security Agent meanwhile learns to read whole repositories. https://tocconsulting.fr/weekly-news/2026-W19 https://tocconsulting.fr/weekly-news/2026-W19 Mon, 11 May 2026 12:00:00 GMT AWS opens what will become the defining CVE story of May: a Linux kernel privilege escalation tracked across half a dozen services. JDBC Wrapper ships column-level client-side encryption via KMS. AgentCore previews agent-to-agent payments via Coinbase and Stripe. AWS MCP Server reaches GA. WorkSpaces for AI Agents enters preview. https://tocconsulting.fr/weekly-news/2026-W18 https://tocconsulting.fr/weekly-news/2026-W18 Mon, 04 May 2026 12:00:00 GMT Heavy patch week if you ship IoT on FreeRTOS or run Windows containers: five FreeRTOS CVEs across three bulletins, an ECS Agent command injection to SYSTEM, a WorkSpaces local-privilege escalation. AWS CIRT publishes the March 2026 attacker-technique catalog with three notable new entries. Audit Manager officially closes to new customers. The What's Next with AWS 2026 event lands with the OpenAI partnership. https://tocconsulting.fr/weekly-news/2026-W17 https://tocconsulting.fr/weekly-news/2026-W17 Mon, 27 Apr 2026 12:00:00 GMT Secrets Manager rolls out hybrid post-quantum TLS using ML-KEM, baked into the agent, the Lambda extension, and the CSI driver. Three CVE bulletins land in the same week (QnABot, Ops Wheel, tough/tuftool). AWS finally gives the IAM Service Authorization Reference the deep-dive treatment. https://tocconsulting.fr/weekly-news/2026-W16 https://tocconsulting.fr/weekly-news/2026-W16 Mon, 20 Apr 2026 12:00:00 GMT A Vercel employee had OAuth-trusted Context.ai with their corporate Google account. Lumma Stealer hit Context.ai. The attacker walked from Google Workspace into Vercel and read non-sensitive environment variables. Also this week: Vect ransomware lists Trivy/LiteLLM victims, AWS patches EFS CSI and Encryption SDK for Python. https://tocconsulting.fr/weekly-news/2026-W15 https://tocconsulting.fr/weekly-news/2026-W15 Mon, 13 Apr 2026 12:00:00 GMT A CVSS 9.9 in Axios chains prototype pollution into IMDSv2 credential theft. Node.js already blocks the technique at the runtime layer, so production Node apps are mostly safe. Browser apps and other runtimes are not. AWS also ships Project Glasswing with Anthropic and patches a Firecracker virtio-pci out-of-bounds write. https://tocconsulting.fr/weekly-news/2026-W14 https://tocconsulting.fr/weekly-news/2026-W14 Mon, 06 Apr 2026 12:00:00 GMT Security Agent and DevOps Agent both ship to general availability after their re:Invent 2025 preview. S3 finally rolls out the SSE-C default-off across 37 Regions, the kill announced back in January. Audit Manager stops onboarding new customers as of April 30. https://tocconsulting.fr/weekly-news/2026-W13 https://tocconsulting.fr/weekly-news/2026-W13 Mon, 30 Mar 2026 12:00:00 GMT Over 350 GB stolen from the European Commission's AWS environment, confirmed publicly March 27. AWS clarifies its services were not breached, this is shared-responsibility 101 played out at the highest level of EU government. LiteLLM packages get backdoored to steal IMDS credentials. RSAC 2026 happens in San Francisco. https://tocconsulting.fr/weekly-news/2026-W12 https://tocconsulting.fr/weekly-news/2026-W12 Sun, 22 Mar 2026 12:00:00 GMT AWS issues four security bulletins in a single week, signaling fresh scrutiny on developer tooling and cryptographic libraries. Trivy CI/CD pipelines get backdoored by TeamPCP. Amazon publishes 36-day-old honeypot intel on Interlock ransomware exploiting Cisco Firewall Management Center. https://tocconsulting.fr/weekly-news/2026-W11 https://tocconsulting.fr/weekly-news/2026-W11 Sun, 15 Mar 2026 12:00:00 GMT Security Hub Extended officially expands to AWS, Azure, GCP, OCI, and Kubernetes, the long-anticipated cross-cloud play. European Sovereign Cloud completes SOC 2 Type 2 and BSI C5 audits. IAM Roles Anywhere ships post-quantum signing via ML-DSA. Inspector Classic gets a May 2026 EOL date. https://tocconsulting.fr/weekly-news/2026-W10 https://tocconsulting.fr/weekly-news/2026-W10 Mon, 09 Mar 2026 12:00:00 GMT Bedrock AgentCore Policy hits GA, mixing LLM authorship with Cedar policy-as-code, the first AWS service to do that at scale. IAM gets a simplified role-creation flow with inline panels. AWS adds DESC 2026 certification for the UAE. https://tocconsulting.fr/weekly-news/2026-W09 https://tocconsulting.fr/weekly-news/2026-W09 Mon, 02 Mar 2026 12:00:00 GMT Security Hub Extended Plan reaches GA with 14+ partners on day one, the launch most enterprises have been waiting for. LexisNexis loses 2 GB via a misconfigured AWS environment. Three AWS-LC crypto library CVEs land in one drop. VPC Encryption Controls move from preview to paid. https://tocconsulting.fr/weekly-news/2026-W08 https://tocconsulting.fr/weekly-news/2026-W08 Mon, 23 Feb 2026 12:00:00 GMT Amazon publishes the full picture of the AI-augmented FortiGate campaign tracked since Week 5: 600+ devices compromised across 55 countries, with LLM-generated tooling automating reconnaissance through lateral movement. AWS development tools get the agent-plugin treatment. Kiro IDE expands to GovCloud. https://tocconsulting.fr/weekly-news/2026-W07 https://tocconsulting.fr/weekly-news/2026-W07 Mon, 16 Feb 2026 12:00:00 GMT New Aurora clusters get encryption at rest with zero opt-in, closing a gap that has caused too many "we forgot to enable encryption" audit findings. AWS Backup adds PrivateLink for SAP HANA workloads. Elastic Beanstalk patches a Windows Server vulnerability. https://tocconsulting.fr/weekly-news/2026-W06 https://tocconsulting.fr/weekly-news/2026-W06 Mon, 09 Feb 2026 12:00:00 GMT Security Groups finally show a "Related Resources" tab listing every dependent resource, a quality-of-life win years overdue. Security Agent now scopes shared VPCs. Claude Opus 4.6 lands in Amazon Bedrock. https://tocconsulting.fr/weekly-news/2026-W05 https://tocconsulting.fr/weekly-news/2026-W05 Mon, 02 Feb 2026 12:00:00 GMT Amazon Threat Intelligence begins tracking an AI-augmented campaign compromising FortiGate enterprise firewalls at scale. STS OIDC federation enhancements ship. SageMaker quietly tightens its public endpoint defaults. https://tocconsulting.fr/weekly-news/2026-W04 https://tocconsulting.fr/weekly-news/2026-W04 Mon, 26 Jan 2026 12:00:00 GMT Security Agent extends preview support to GitHub Enterprise Cloud, so your code, IaC, and supply chain now sit on the same scanning surface. Network Firewall picks up GenAI traffic classification. S3 lets you change a bucket's encryption type without re-uploading objects. https://tocconsulting.fr/weekly-news/2026-W03 https://tocconsulting.fr/weekly-news/2026-W03 Mon, 19 Jan 2026 12:00:00 GMT AWS European Sovereign Cloud goes live in Brandenburg, run by EU residents under German law, physically and logically isolated from other Regions. The Sovereign Reference Framework establishes how it is governed. https://tocconsulting.fr/weekly-news/2026-W02 https://tocconsulting.fr/weekly-news/2026-W02 Mon, 12 Jan 2026 12:00:00 GMT A CVSS 8.4 command injection in AWS's new Kiro IDE lets a crafted project execute code the moment you open it. Client VPN gets simplified onboarding. AWS is named ISG Leader for Sovereign Cloud for the third year running. https://tocconsulting.fr/weekly-news/2026-W01 https://tocconsulting.fr/weekly-news/2026-W01 Mon, 05 Jan 2026 12:00:00 GMT AWS announces SSE-C will be disabled by default on new general-purpose S3 buckets starting April 2026, closing the Codefinger ransomware vector. Security Hub and Security Agent updates from re:Invent 2025 keep rolling out.