Security News > 2025 > February > whoAMI attacks give hackers code execution on Amazon EC2 instances

whoAMI attacks give hackers code execution on Amazon EC2 instances

2025-02-13 23:35

Security researchers discovered a name confusion attack that allows access to an Amazon Web Services account to anyone that publishes an Amazon Machine Image (AMI) with a specific name. [...]

News URL

https://www.bleepingcomputer.com/news/security/whoami-attacks-give-hackers-code-execution-on-amazon-ec2-instances/

#amazon #attack #codeexecution #EC2 #hacker

Related news

Google says hackers abuse Gemini AI to empower their attacks (source)
New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack (source)
Hacker pleads guilty to SIM swap attack on US SEC X account (source)
New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution (source)
Microsoft: Hackers steal emails in device code phishing attacks (source)
Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Amazon		59	4	39	61	15	119

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.