Computer Weekly

Warning: AWS IAM behaves differently to directory services

Researchers from Israeli security firm Lightspin have identified an issue with configuring identity and access control services on Amazon Web Services (AWS) that could leave many organisations ...
TechRadar

AWS systems targeted by crypto mining scam using hijacked IAM credentials

Attackers used stolen high‑privilege IAM credentials to rapidly deploy large‑scale cryptomining on EC2 and ECS They launched GPU‑heavy auto‑scaling groups, malicious Fargate containers, new IAM users, ...
SiliconANGLE

AWS IAM credentials at risk: EleKtra-Leak operation revealed by Unit 42

A new report from Palo Alto Networks Inc.’s Unit 42 warns of a new active campaign targeting exposed Amazon Web Services Inc. identity and access management credentials within public GitHub ...
CSOonline

ECScape: New AWS ECS flaw lets containers hijack IAM roles without breaking out

Naor Haziz’s discovery shows how a compromised container on EC2-backed ECS tasks can impersonate the ECS agent and steal IAM credentials from other tasks—without host access. At Black Hat USA 2025, ...