HotHardware

Severe Amazon ECR Public Gallery Flaw Could Have Facilitated Massive Supply Chain Attack

A researcher at the cloud security company Lightspin recently discovered a flaw in the Amazon Web Services (AWS) Elastic Container Registry (ECR) Public Gallery that threat actors could have exploited ...
Bleeping Computer

Malicious PyPI package with 37,000 downloads steals AWS keys

A malicious Python package named 'fabrice' has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web Services credentials from unsuspecting developers. According to ...
ZDNet

AWS's AI code reviewer now spots Log4Shell-like bugs in Java and Python code

Amazon Web Services (AWS) has updated the 'detectors' in its CodeGuru Reviewer tool to seek out log injection flaws like the recently disclosed Log4Shell bug in the popular Java logging library Log4J.