This week TLDR i.e. 1 minute version (For executives):

1. AWS Network Firewall introduces new flow management feature.

2. AWS Amplify Hosting announces Web Application Firewall Protection in general availability.

3. AWS Network Firewall adds pass action rule alerts and JA4 filtering.

4. AWS Identity and Access Management now supports dual-stack (IPv4 and IPv6) environments and AWS Resource Access Manager (RAM) now supports Internet Protocol Version 6 (IPv6).

Trending in Cloud & Cyber Security:

1. AWS Security Blogs & Bulletins:

   • Bulletin1: Issue with the AWS CDK CLI and custom credential plugins (CVE-2025-2598). Link.

   • Bulletin2: Issue with tough, versions prior to 0.20.0 (Multiple CVEs). Link.

   • Bulletin3: Issue with AWS SAM CLI (CVE-2025-3047, CVE-2025-3048). Link.

   • Bulletin4: Issues with Kubernetes ingress-nginx controller (Multiple CVEs). Link.

   • Effectively implementing resource control policies in a multi-account environment. Link.

   • Enhancing cloud security in AI/ML: The little pickle story. Link.

2. General security blogs, articles, reports & trending news/advisories:

   • How I Fell in Love With Cloud Security (And Why You Should Care) by Sena Yakut. Link.

   • Cloud Threats on the Rise: Alert Trends Show Intensified Attacker Focus on IAM, Exfiltration by Nathaniel Quist. Link.

   • Cloud Incident Readiness: Key logs for cloud incidents. Link.

   • Cyber chiefs unveil new roadmap for post-quantum cryptography migration

     New guidance from the NCSC. Link.

   • Operation FishMedley: ESET researchers detail a global espionage operation by FishMonger. Link.

   • Shedding light on the ABYSSWORKER driver: MEDUSA ransomware attack-chain to disable anti-malware tools. Link.

   • Protecting Remote Desktops at Scale with Cloudflare Access by Mike Borkenstein. Link.

   • GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the Widespread tj-actions/changed-files by Omer Gil, Aviad Hahami, Asi Greenholts and Yaron Avital. Link.

   • New Phishing Campaign Uses Browser-in-the-Browser Attacks to Target Video Gamers/Counter-Strike 2 Players. Link.

   • VMware Tools for Windows update addresses an authentication bypass vulnerability (CVE-2025-22230). Link.

   • Creating immutable users through a bug in Entra ID restricted administrative units by Katie Knowles. Link.

   • Qualys TRU Discovers Three Bypasses of Ubuntu Unprivileged User Namespace Restrictions by Saeed Abbasi. Link.

   • OpenAI: Security on the Path to AGI, increases reward. Link.

   • New in Gmail: Making end-to-end encrypted emails easy to use for all organizations. Link. Please note the date of the release.

   • Hacking AWS Lambda Functions - S3 File Upload Injection by Teemu. Link.

   • The 'IngressNightmare' vulnerabilities in the Kubernetes Ingress NGINX Controller: Overview, detection, and remediation by Christophe Tafani-Dereeper, Matt Muir, Frederic Baguelin, Frederic Baguelin, Andy Giron and Adrian Korn. Link.

   • How to use the new CloudTrail network activity events for AWS VPC Endpoints by Rami McCarthy, Scott Piper. Link.

   • Uncovering Hidden Threats: Hunting Non-Human Identities in GitHub by

     Idan Cohen , Ariel Szarf. Link.

     Setting Up AWS Firewall Manager Used For Auditing Security Groups in AWS Organization accounts by Joseph Ndambombi Honpah. Link.

This week Long i.e. 3-5 minutes version (For architects & engineers):

1. AWS introduced a new flow management feature for AWS Network Firewall, enabling you to monitor and control active network flows. This feature includes two key functions: Flow Capture, which provides point-in-time snapshots of active flows, and Flow Flush, which allows selective termination of specific connections. With these capabilities, you can now analyze and manage network flows based on parameters such as source/destination IP addresses, ports, and protocols, offering greater control over their network traffic. Link. Here’s my StartFlow Capture sample config:

   

2. AWS Amplify Hosting now offers Web Application Firewall (WAF) Protection in general availability. The integration provides full access to AWS WAF’s capabilities, including managed rules to defend against common web threats like SQL injection and cross-site scripting (XSS). You can also create custom rules, set up rate-based protections against DDoS attacks, and implement geo-blocking to restrict traffic from specific regions. Link. For example, here’s my WAF config:

   

3. AWS introduced new features for AWS Network Firewall, including alert generation for traffic matching pass action rules and JA4 fingerprinting support in firewall rules. The ability to generate alert log events for traffic matching pass action rules enhances network visibility without requiring an additional alert action rule before the pass rule. This helps detect anomalies or potential security threats in traffic that would otherwise be allowed without further inspection. Additionally, JA4 filtering rules enable AWS Network Firewall to analyze traffic using JA4 fingerprints, which identify client and server applications. Link. For example, here’s my config:

   

4. AWS Identity and Access Management now supports dual-stack (IPv4 and IPv6) environments and AWS Resource Access Manager (RAM) now supports Internet Protocol Version 6 (IPv6). Link1 and Link2.

   Subscribe

   Share