AI agent finds 18-year-old remote code execution flaw in Nginx
Researchers have found a critical vulnerability in the widely used Nginx web server that can potentially lead to remote code execution under certain conditio...
Amazon
20 articles
Regional routing for AWS access portals: Implementing custom vanity domains for IAM Identity Center
AWS IAM Identity Center provides a web-based access portal that gives your workforce a single place to view their AWS accounts and applications.
Automating post-quantum cryptography readiness using AWS Config
Migrating your TLS endpoints to Post-quantum cryptography (PQC) starts with understanding your current TLS endpoint inventory and posture. This post introduc...
170 npm Packages Hijacked to Steal GitHub, AWS & Kubernetes Secrets
Hackers have launched a large-scale supply chain attack by compromising more than 170 npm packages and two PyPI libraries, collectively downloaded over 200 m...
Amazon Quick Security Flaw Allowed Restricted Users to Access AI Chat Agents
A newly disclosed security flaw in Amazon’s AI-powered business intelligence platform has revealed how restricted users could quietly bypass controls and int...
GitLab Security Flaw Allows Cross-Site Scripting and Unauthenticated DoS
GitLab has issued an urgent security update to neutralize a massive wave of vulnerabilities. Threat actors could exploit these newly disclosed flaws to silen...
Langflow CVE-2026-33017 Exploited to Steal AWS Keys, Deploy NATS Worker
Langflow instances left unpatched against CVE-2026-33017 are now being actively abused not just for remote code execution, but as launchpads to steal AWS key...
Detecting and preventing crypto mining in your AWS environment
This article guides you on how to use Amazon GuardDuty to identify and mitigate cryptocurrency mining threats in your Amazon Web Services (AWS) environment. ...
Fortinet fixes two critical RCE flaws in FortiAuthenticator and FortiSandbox
Fortinet released a batch of patches across its products on Patch Tuesday, including two critical vulnerabilities that can lead to remote code execution. For...
PCI PIN and P2PE compliance packages for AWS Payment Cryptography are now available
Amazon Web Services (AWS) is pleased to announce the successful completion of Payment Card Industry Personal Identification Number (PCI PIN) and PCI Point-to...
Avada Builder Flaws Expose One Million WordPress Sites
Avada Builder flaws allowed file read and SQL injection on one million WordPress sites
[Webinar] Why Your AppSec Tools Miss the "Lethal Path" (and How to Fix It)
TL;DR: Stop chasing thousands of "toast" alerts. Join experts from Wiz and Okta/GitLab to learn how hackers connect tiny flaws to build a "Lethal Chain" to y...
Fortinet, Ivanti Patch Critical Vulnerabilities
Successful exploitation of these flaws could lead to arbitrary code execution and information disclosure. The post Fortinet, Ivanti Patch Critical Vulnerabil...
Critical Fortinet vulnerabilities fixed in FortiSandbox and FortiAuthenticator
Fortinet patched critical flaws in FortiSandbox and FortiAuthenticator that could let attackers remotely execute code on unpatched systems. Fortinet addresse...
AWS Security Agent full repository code scanning feature now available in preview
Today, we’re excited to announce the preview release of full repository code review, a new capability in AWS Security Agent that performs deep, context-aware...
Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator
Fortinet has released security patches for two critical vulnerabilities in FortiSandbox and FortiAuthenticator that could enable attackers to run commands or...
Adobe Patches 52 Vulnerabilities in 10 Products
While none of the flaws have been exploited in the wild, many of them could lead to arbitrary code execution. The post Adobe Patches 52 Vulnerabilities in 10...
Enabling AI sovereignty on AWS
Cloud and AI are transforming industries and societies at unprecedented speed, from accelerating research and enhancing customer experiences to optimizing bu...
Amazon Quick authorization bypass let users reach blocked AI chat agents
Enterprises running Amazon Quick, the AWS business intelligence and agentic AI service, rely on a feature called custom permissions to restrict who inside an...
SAP Releases Patch for Critical SQL Injection Flaw in S/4HANA
A severe vulnerability has struck the heart of enterprise resource planning systems this month, threatening organizations worldwide with potential data breac...