Issue 104
7 days of Cloud Security, recapped in 7 minutes or less!
This issue is sponsored by Plerion. Check out Plerion’s AWS security platform and cloud security teammate » HERE.
ANNOUNCEMENT: AWS Cloud Security Weekly is moving!
This is the second-last issue of AWS Cloud Security Weekly. Next week’s issue 105 will be the last, although the content archive will remain.
We are merging into AWS Security Digest (ASD), maintained by Daniel Grzelak. It’s awesome and I think you’ll love it. It covers much of the same content but includes a lot more detail, like API changes, IAM permission changes, managed policy updates, CloudFormation updates, Amazon Linux CVEs, and more.
If you haven’t seen it yet, check out this week’s issue to compare the content and see if it’s your vibe. After next week’s issue, all AWS Cloud Security Weekly subscribers will be automatically subscribed to ASD. So if it’s not for you, please unsubscribe over the next week.
Thank you for all of your support over the last couple of years. ♥️
This week TLDR i.e. 1 minute version (For executives):
There were no new security announcements this week from AWS but free tier did get a make over.
Trending in Cloud & Cyber Security:
AWS Security Blogs & Bulletins:
General security blogs, articles, reports & trending news/advisories:
Exploiting Public APP_KEY Leaks to Achieve RCE in Hundreds of Laravel Applications Link
Shift-Left Security with Amazon Inspector Code Security Link
Career Longevity & The Don't Fire Me Chart Link
Unmasking Lambda's Hidden Threat - When Your Bootstrap Becomes a Backdoor Link
Would you like an IDOR with that? Leaking 64 million McDonald’s job applications Link
Investigate Your Own AWS Attack with Athena Link
CVE-2025-48384: Git vulnerable to arbitrary file write on non-Windows systems Link Link
Bypassing Meta’s Llama Firewall: A Case Study in Prompt Injection Vulnerabilities Link