Security News > 2025 > February > whoAMI attacks give hackers code execution on Amazon EC2 instances

whoAMI attacks give hackers code execution on Amazon EC2 instances

2025-02-13 23:35

Security researchers discovered a name confusion attack that allows access to an Amazon Web Services account to anyone that publishes an Amazon Machine Image (AMI) with a specific name. [...]

News URL

https://www.bleepingcomputer.com/news/security/whoami-attacks-give-hackers-code-execution-on-amazon-ec2-instances/

#amazon #attack #codeexecution #EC2 #hacker

Related news

Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal (source)
Hackers target SSRF bugs in EC2-hosted sites to steal AWS credentials (source)
Russian hackers attack Western military mission using malicious drive (source)
Cisco Webex bug lets hackers gain code execution via meeting links (source)
Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
Hackers abuse Zoom remote control feature for crypto-theft attacks (source)
DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)
Lazarus hackers breach six companies in watering hole attacks (source)
Chinese Hackers Abuse IPv6 SLAAC for AitM Attacks via Spellbinder Lateral Movement Tool (source)
Chinese hackers behind attacks targeting SAP NetWeaver servers (source)

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Amazon		59	4	39	61	15	119

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.