Pen Test Partners

Compromising a multi-cloud environment from a single exposed secret

TL;DR Introduction In practice, it is still hard to keep secrets safe in the cloud. All major cloud service providers have ...
Bleeping Computer

Popular Python and PHP libraries hijacked to steal AWS keys

PyPI module 'ctx' that gets downloaded over 20,000 times a week has been compromised in a software supply chain attack with malicious versions stealing the developer's environment variables. The ...
Dark Reading

'TruffleNet' Attack Wields Stolen Credentials Against AWS

Attackers are abusing Amazon Web Services' (AWS) Simple Email Service (SES) via legitimate open source tools to steal credentials and infiltrate organizations to execute network reconnaissance. In ...