whoAMI attack could allow remote code execution within AWS account

Researchers warn that the whoAMI attack lets attackers publish an AMI with a specific name to execute code in an AWS account. Cybersecurity researchers at Datadog Security Labs devised a new name confusion attack technique, called whoAMI, that allows threat actors to execute arbitrary code execution within the Amazon Web Services (AWS) account by publishing […]

whoAMI attacks give hackers code execution on Amazon EC2 instances

bleepingcomputer.com - 13/Feb 23:35

Security researchers discovered a name confusion attack that allows access to an Amazon Web Services account to anyone that publishes an Amazon...

whoAMI Attack Exploiting AWS EC2 Instances

thecyberthrone.in - 18/Feb 01:26

The “whoAMI” attack is a sophisticated name confusion attack that targets Amazon Web Services (AWS) accounts, particularly those using EC2...

Critical Ivanti CSA Vulnerability Allows Attackers Remote Code Execution to Gain Restricted Access

itsecuritynews.info - 12/Feb 06:11

A critical vulnerability has been discovered in the Ivanti Cloud Services Application (CSA), potentially allowing attackers to execute remote code and...

Critical Microsoft Bing Vulnerability Enabled Remote Code Execution Attacks

itsecuritynews.info - 05:32

A critical security flaw in Microsoft Bing tracked as CVE-2025-21355, allowed unauthorized attackers to execute arbitrary code remotely, posing severe...

30,000 WordPress Sites Exposed to Exploitation via File Upload Vulnerability

itsecuritynews.info - 13/Feb 13:05

A critical security vulnerability in the “Security & Malware scan by CleanTalk” plugin has left over 30,000 WordPress websites exposed to...

CVE-2025-1240 impacts WinZip with a RCE

thecyberthrone.in - 15/Feb 11:57

CVE-2025-1240 is a critical security vulnerability affecting the popular file compression software WinZip. This vulnerability presents significant...

Hackers Exploited 3,000+ ASP.NET Keys To Execute Code on IIS Server Remotely

itsecuritynews.info - 07/Feb 07:32

A recent security incident has revealed that over 3,000 publicly disclosed ASP.NET machine keys were exploited by hackers to execute remote code on...

PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution

itsecuritynews.info - 14/Feb 08:32

Researchers have uncovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting PostgreSQL’s interactive terminal tool, psql. ...

Attackers used a public ASP.NET machine to conduct ViewState code injection attacks

securityaffairs.co - 07/Feb 09:31

Microsoft researchers warn that threat actors are delivering the Godzilla framework using a static ASP.NET machine. In December 2024, Microsoft Threat...

AMD Ryzen DLL Hijacking Vulnerability Let Attackers Execute Arbitrary Code

itsecuritynews.info - 14/Feb 08:31

A high-severity security vulnerability, identified as CVE-2024-21966, has been discovered in the AMD Ryzen™ Master Utility, a software tool designed...

Rubriques :