AI Firm Braintrust Prompts API Key Rotation After Data Breach
Hackers accessed one of the company’s AWS accounts and compromised AI provider secrets stored in Braintrust. The post AI Firm Braintrust Prompts API Key Rota...
Amazon
20 articles
Pen tests show AI security flaws far more severe than legacy software bugs
Penetration tests of AI-based systems are revealing a greater percentage of high-risk flaws than those discovered in legacy systems. Security consultancy Cob...
‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials
The malware framework targets web applications and cloud environments, including AWS, Docker, Kubernetes, and more. The post ‘PCPJack’ Worm Removes TeamPCP I...
423 Firefox Flaws Fixed as Browser Gains Support for Claude, Mythos, and More
Mozilla has successfully identified and patched 423 latent security vulnerabilities in Firefox using advanced artificial intelligence models, notably Claude ...
Multiple Critical Flaws Fixed in Next.js and React Server Components
Vercel has released Next.js v16.
ICYMI: April 2026 @AWS Security
Read all about the latest AWS security features, compliance updates, and hands-on resources in our new, monthly digest posts. You’ll find expert blog posts, ...
AWS achieves SNI 27017, SNI 27018, and SNI 9001 certifications for the AWS Asia Pacific (Jakarta) Region
Amazon Web Services (AWS) achieved three Standar Nasional Indonesia (SNI) certifications for the AWS Asia Pacific (Jakarta) Region: SNI ISO/IEC 27017:2015, S...
Cisco patches high-severity flaws enabling SSRF, code execution attacks
Cisco fixed several high‑severity flaws in its enterprise products, including SSRF bugs in Unity Connection that could enable code execution or service disru...
Cisco Patches High-Severity Vulnerabilities in Enterprise Products
Successful exploitation of the flaws could lead to code execution, server-side request forgery attacks, and denial-of-service conditions. The post Cisco Patc...
Redis Security Flaws Expose Servers to Remote Code Execution Risks
Redis has disclosed and patched five security vulnerabilities, including four rated High severity, that could allow authenticated attackers to achieve remote...
Critical vm2 Node.js Library Flaws Enable Arbitrary Code Execution Attacks
Multiple critical sandbox-escape vulnerabilities have been disclosed in vm2, one of the most widely used Node.js sandboxing libraries, allowing attackers to ...
New compliance guide available: ISO/IEC 42001:2023 on AWS
We have released our latest compliance guide, ISO/IEC 42001:2023 on AWS, which provides practical guidance for organizations designing and operating an Artif...
Apache fixes critical HTTP/2 double-free flaw CVE-2026-23918 enabling RCE
Apache fixed several flaws in HTTP Server, including CVE-2026-23918 (CVSS score of 8.8), a double-free bug in HTTP/2 that could allow remote code execution.
CISA mulls new three-day remediation deadline for critical flaws
Experts have mixed reactions to a report that the US Cybersecurity and Infrastructure Security Agency (CISA) is considering reducing the timeline in which go...
Introducing AI traffic analysis dashboards for AWS WAF
As AI agents, bots, and programmatic access become an increasingly significant portion of web traffic, organizations need better tools to understand, analyze...
Five ways to use Kiro and Amazon Q to strengthen your security posture
A Monday morning security alert flags unauthorized access attempts, security group misconfigurations, and AWS Identity and Access Management (IAM) policy vio...
Securing open proxies in your AWS environment
This article shows you how to identify and secure open proxies in your AWS environment to prevent abuse, protect your IP address reputation, and control cost...
Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication by...
“Legitimate” phishing: how attackers weaponize Amazon SES to bypass email security
Kaspersky expert breaks down a new phishing scheme that uses the Amazon SES cloud email service. Let's look at some examples to see how you can tell a phishi...
Security posture improvement in the AI era
It’s only been a few weeks since Anthropic announced the Claude Mythos Preview model and launched Project Glasswing with AWS and other leading organizations....