Redis Security Flaws Expose Servers to Remote Code Execution Risks
Redis has disclosed and patched five security vulnerabilities, including four rated High severity, that could allow authenticated attackers to achieve remote...
Amazon
20 articles
Critical vm2 Node.js Library Flaws Enable Arbitrary Code Execution Attacks
Multiple critical sandbox-escape vulnerabilities have been disclosed in vm2, one of the most widely used Node.js sandboxing libraries, allowing attackers to ...
New compliance guide available: ISO/IEC 42001:2023 on AWS
We have released our latest compliance guide, ISO/IEC 42001:2023 on AWS, which provides practical guidance for organizations designing and operating an Artif...
Apache fixes critical HTTP/2 double-free flaw CVE-2026-23918 enabling RCE
Apache fixed several flaws in HTTP Server, including CVE-2026-23918 (CVSS score of 8.8), a double-free bug in HTTP/2 that could allow remote code execution.
CISA mulls new three-day remediation deadline for critical flaws
Experts have mixed reactions to a report that the US Cybersecurity and Infrastructure Security Agency (CISA) is considering reducing the timeline in which go...
Introducing AI traffic analysis dashboards for AWS WAF
As AI agents, bots, and programmatic access become an increasingly significant portion of web traffic, organizations need better tools to understand, analyze...
Five ways to use Kiro and Amazon Q to strengthen your security posture
A Monday morning security alert flags unauthorized access attempts, security group misconfigurations, and AWS Identity and Access Management (IAM) policy vio...
Securing open proxies in your AWS environment
This article shows you how to identify and secure open proxies in your AWS environment to prevent abuse, protect your IP address reputation, and control cost...
Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication by...
“Legitimate” phishing: how attackers weaponize Amazon SES to bypass email security
Kaspersky expert breaks down a new phishing scheme that uses the Amazon SES cloud email service. Let's look at some examples to see how you can tell a phishi...
Security posture improvement in the AI era
It’s only been a few weeks since Anthropic announced the Claude Mythos Preview model and launched Project Glasswing with AWS and other leading organizations....
Announcing the ISO 31000:2018 Risk Management on AWS Compliance Guide
AWS Security Assurance Services is announcing the release of our latest compliance guide, ISO 31000:2018 Risk Management on AWS, which provides practical gui...
ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories
The internet is noisy this week. We are seeing some wild new tactics, like people using fake cell towers to send scam texts, while some developers are accide...
Designing trust and safety into Amazon Bedrock powered applications
Generative AI brings promising innovation, transforming how individuals and organizations approach everything from customer service to content creation and m...
What the March 2026 Threat Technique Catalog update means for your AWS environment
The AWS Customer Incident Response Team (AWS CIRT) regularly encounters patterns that repeat across their engagements when helping customers respond to secur...
Access control with IAM Identity Center session tags
As organizations expand their Amazon Web Services (AWS) footprint, managing secure, scalable, and cost-efficient access across multiple accounts becomes incr...
Optimize security operations through an AWS Security Hub POC
April 27, 2026: This post was first published in September 2025 when the enhanced AWS Security Hub was in public preview. It has since been updated to reflec...
Can I do that with policy? Understanding the AWS Service Authorization Reference
Understanding what AWS Identity and Access Management (IAM) policies can control helps you build better security controls and avoid spending time on approach...
Protecting your secrets from tomorrow’s quantum risks
As outlined in the AWS post-quantum cryptography (PQC) migration plan, addressing the risk of harvest now, decrypt later (HNDL) attack is an important part o...
A technical walkthrough of multicloud full-stack security using AWS Security Hub Extended
Building on our recent announcement of AWS Security Hub Extended —our full-stack enterprise security offering — we want to show you how we’re simplifying sec...