Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: aws (9 articles)Clear

Attackers drive LLM agent for post-exploitation after Marimo CVE-2026-39987 RCE - AWS Secrets Manager to PostgreSQL exfil in minutes

Sysdig has documented a real-world intrusion in which a threat actor used an LLM agent to drive post-exploitation after compromising an internet-reachable Marimo notebook via CVE-2026-39987, a pre-authentication RCE affecting all Marimo versions up to 0.20.4 (fixed in 0.23.0). The attacker extracted two cloud credentials from the host, replayed them through a fanned-out egress pool to pull an SSH private key from AWS Secrets Manager, then used it to open eight short SSH sessions against a downstream bastion. The bastion phase exfiltrated the full schema and contents of an internal PostgreSQL database in under two minutes. The May 10 incident shows attackers operationalizing AI agents for hands-on-keyboard work.

Check
Inventory Marimo notebook deployments and confirm version is 0.23.0 or later. Check whether any are internet-reachable. Audit AWS Secrets Manager access logs and bastion SSH sessions since early May.
Affected
All Marimo versions up to and including 0.20.4 (pre-auth RCE, fixed in 0.23.0). Internet-reachable notebooks with access to cloud credentials and SSH keys are at highest risk.
Fix
Upgrade Marimo to 0.23.0+. Remove notebooks from public internet exposure. Rotate cloud credentials and SSH keys reachable from compromised hosts. Tighten Secrets Manager IAM scoping and add anomaly alerts.

CISA contractor leaked AWS GovCloud admin keys and dozens of plaintext passwords on public GitHub

A contractor with administrative access at CISA, the US agency that tells everyone else how to do cybersecurity, ran a public GitHub repository called Private-CISA that exposed administrative AWS GovCloud keys, plaintext passwords in CSVs for internal CISA systems, and credentials to the agency's internal artifactory. The owner had even disabled GitHub's default secret-scanning protections. Researcher Philippe Caturegli of Seralys validated that the AWS keys still worked against three high-privilege GovCloud accounts and could have given an attacker a launchpad to deploy backdoors into CISA's internal build pipelines. CISA says it is investigating and has seen no evidence of compromise.

Check
Search your GitHub org for repos named after internal projects, scan public-fork history with TruffleHog or GitGuardian, and verify GitHub push-protection is enabled at the org level.
Affected
Any organization where individual administrators can publish secrets to public GitHub repositories and override the default push-protection settings. CISA itself was the named victim.
Fix
Enforce GitHub Advanced Security push-protection and secret scanning at the org level. Rotate any AWS keys whose hashes appear in public commits. Treat developer GitHub accounts as Tier-0 identities.

Public Amazon S3 bucket leaks 1M+ passports, IDs, and selfies from Japanese hotel check-in platform Tabiq

An Amazon S3 bucket simply named 'tabiq' was left open to anyone who knew the name, exposing over a million passports, driver's licenses, and identity-verification selfies submitted by hotel guests worldwide. The platform, run by Japanese operator Reqrea, handles digital check-in. Researcher Anurag Sen found the bucket and notified TechCrunch and JPCERT; the bucket has since been locked down. Reqrea says the exposed files date from early 2020 through May 2026 and that it does not yet know how the bucket became public. The company is still reviewing access logs to determine whether anyone else accessed the data.

Check
Inventory your S3 buckets for public ACLs or 'AllUsers' policies. If your employees used Tabiq or Reqrea-operated check-in for corporate travel, identify travelers since 2020.
Affected
Hotel guests who checked in through the Reqrea Tabiq platform between early 2020 and May 2026. Exposed data includes passports, driver's licenses, and biometric selfies.
Fix
Enable S3 Block Public Access at the account level. For affected travelers, monitor identity-document fraud alerts and consider passport reissuance for high-risk staff. Watch for phishing referencing real travel history.

New 'PCPJack' worm hunts down and removes competing malware before stealing cloud credentials - exploits five different vulnerabilities to spread

BleepingComputer and The Hacker News disclosed a new credential-stealing worm called PCPJack that hunts and removes the well-established TeamPCP malware family before installing itself - the first observed case of one cybercrime operation systematically displacing another at scale. PCPJack exploits five separate vulnerabilities to spread worm-like across cloud and Linux environments, then steals SSH keys, AWS credentials, GitHub tokens, and other secrets. Operators replace TeamPCP files in place rather than just disabling them, suggesting an attempt to inherit TeamPCP's existing victim base. The pattern signals a maturing cybercrime market.

Check
Search EDR and cloud logs for sudden disappearance of TeamPCP indicators on hosts that previously had them - that is the likely PCPJack handover signature. Hunt for outbound credential-theft traffic patterns matching the five CVEs PCPJack exploits.
Affected
Linux servers, cloud workloads (AWS, GCP, Azure), and CI/CD runners that previously had TeamPCP cryptominer infections. Any host running unpatched versions of the five CVEs PCPJack exploits is in scope. Cloud accounts where SSH keys, IAM access keys, or GitHub tokens are stored on compromised workloads face credential-theft escalation.
Fix
Patch all five CVEs PCPJack exploits per the Wiz and Datadog IoC publications. Rotate cloud credentials, SSH keys, and GitHub tokens on any host that may have had TeamPCP - do not assume TeamPCP cleanup means safety. Block PCPJack C2 domains at egress. Shift to short-lived IAM credentials via OIDC and remove static keys from VMs entirely.

New Linux malware called 'Quasar Linux' targets developer laptops to steal credentials for npm, GitHub, AWS, and Docker - barely detected by antivirus

Trend Micro disclosed Quasar Linux (QLNX), a previously undocumented Linux remote access trojan designed for developer workstations and DevOps environments. The malware harvests credentials for npm, PyPI, GitHub, AWS, Docker, and Kubernetes - then uses them to publish trojanized packages to public registries. QLNX runs entirely fileless and in-memory, dynamically compiling its rootkit and PAM backdoor on the target host using gcc, then loading them via /etc/ld.so.preload for system-wide interception. Capabilities include a 58-command RAT, dual-layer rootkit, keylogging, SSH lateral movement, and peer-to-peer mesh networking. Only four security tools detect the binary as malicious.

Check
Hunt Linux developer machines and CI runners for /etc/ld.so.preload entries you didn't put there, /tmp/.X*-lock files outside legitimate X server use, and gcc invocations on hosts that don't normally compile code.
Affected
Linux developer workstations and DevOps environments with credential access to npm, PyPI, GitHub, AWS, Docker, or Kubernetes. Acute risk for organizations with developers running root-capable Linux desktops, particularly those whose CI/CD pipelines pull dependencies from public registries. Compromised credentials enable supply-chain attacks against the organization's own published packages.
Fix
Deploy Linux EDR with eBPF visibility on every developer machine and CI runner - QLNX hides from userland tools but eBPF-aware sensors detect the kernel-level rootkit. Restrict /etc/ld.so.preload modifications via auditd alerts. For high-risk developers: use ephemeral build environments (containers, VMs) that don't carry persistent credentials. Trend Micro published IoCs.

766+ Next.js hosts breached in automated React2Shell credential theft campaign (CVE-2025-55182)

Cisco Talos uncovered a large-scale automated campaign by threat cluster UAT-10608 that exploits React2Shell - a CVSS 10.0 pre-auth RCE flaw in React Server Components used by Next.js. One crafted HTTP request is all it takes to get code execution, no credentials needed. The attackers scan with Shodan and Censys, breach Next.js apps, then deploy the NEXUS Listener framework to harvest database credentials, SSH keys, AWS tokens, Stripe API keys, Kubernetes secrets, and GitHub tokens at scale. At least 766 hosts across multiple cloud providers were compromised within 24 hours.

Check
Check if you run any Next.js applications using React Server Components, especially internet-facing deployments on AWS, GCP, or Azure.
Affected
React Server Components packages versions 19.0, 19.1.0, 19.1.1, and 19.2.0. Any Next.js application using the App Router with these React versions is vulnerable.
Fix
Update React Server Components to a patched version immediately. Rotate all credentials on any server running a vulnerable Next.js deployment - database passwords, SSH keys, AWS keys, Stripe keys, GitHub tokens. Enforce AWS IMDSv2 to prevent cloud metadata credential theft. Enable secret scanning in your repos. Monitor for outbound connections to NEXUS Listener C2 infrastructure.

CERT-EU confirms TeamPCP breached European Commission via Trivy - 30 EU entities exposed, 340GB leaked

The European Commission cloud hack we first reported on March 29 is far worse than initially disclosed. CERT-EU now confirms TeamPCP used an AWS API key stolen through the Trivy supply chain attack to breach the Commission's Amazon cloud environment on March 10 - five days before anyone noticed. The stolen data includes personal information, usernames, and 52,000 email files across 71 hosted clients: 42 internal Commission departments and at least 29 other EU entities. ShinyHunters published the full 340GB dataset on their leak site.

Check
If your organization interacted with any Europa.eu hosted service, assume your contact data may be in the leaked dataset.
Affected
42 internal European Commission clients and at least 29 other EU entities using the Europa.eu web hosting service. Any organization that exchanged emails with these entities may have data in the leak.
Fix
Monitor for credential exposure from the leaked dataset. If you used Trivy in CI/CD pipelines, rotate all AWS keys and pipeline secrets immediately. Block scan.aquasecurtiy[.]org and 45.148.10.212. Pin Trivy to v0.69.3, trivy-action to v0.35.0, setup-trivy to v0.2.6.

Cisco breached through Trivy supply chain attack - source code and AWS keys stolen

The TeamPCP supply chain campaign has claimed its biggest victim yet. Attackers used credentials stolen from the Trivy vulnerability scanner compromise to breach Cisco's internal development environment, stealing source code belonging to both Cisco and its customers. Multiple AWS keys were also taken and used for unauthorized activity across Cisco's cloud accounts. The company expects continued fallout from the follow-on LiteLLM and Checkmarx compromises in the same campaign.

Check
If your CI/CD pipelines used Trivy, LiteLLM, or Checkmarx KICS between March 19-27, audit for unauthorized access immediately.
Affected
Any organization that ran compromised versions of Trivy (v0.69.4+), LiteLLM (1.82.7-1.82.8), or Checkmarx KICS GitHub Actions during the exposure windows.
Fix
Pin Trivy to v0.69.3, trivy-action to v0.35.0, setup-trivy to v0.2.6. Rotate all pipeline secrets, AWS keys, SSH keys, and tokens. Block scan.aquasecurtiy[.]org and 45.148.10.212. Search GitHub orgs for repositories named tpcp-docs - their presence means data was exfiltrated.

European Commission breached through AWS cloud account - 350GB of data reportedly stolen

Hackers broke into the European Commission's Amazon Web Services account and reportedly stole over 350GB of data, including databases and employee information. The breach was discovered on March 24 and affected the cloud infrastructure hosting Europa.eu websites. The Commission says its internal systems weren't impacted. The attacker isn't demanding ransom - they plan to publish the data instead.

Check
Review your organization's AWS account security, especially IAM policies and access keys.
Affected
Any AWS account using static credentials, weak IAM policies, or missing MFA on privileged accounts.
Fix
Enforce MFA on all AWS accounts. Rotate access keys regularly. Audit IAM permissions for least-privilege. Enable CloudTrail for all regions.