Security News > 2025 > February > New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution
2025-02-14 18:42
Cybersecurity researchers have disclosed a new type of name confusion attack called whoAMI that allows anyone who publishes an Amazon Machine Image (AMI) with a specific name to gain code execution within the Amazon Web Services (AWS) account. "If executed at scale, this attack could be used to gain access to thousands of accounts," Datadog Security Labs researcher Seth Art said in a report
News URL
https://thehackernews.com/2025/02/new-whoami-attack-exploits-aws-ami-name.html
Related news
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution (source)
- New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits (source)
- New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks (source)
- Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant' (source)
- Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access (source)
- New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack (source)
- Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks (source)
- whoAMI attacks give hackers code execution on Amazon EC2 instances (source)
- SonicWall firewall bug leveraged in attacks after PoC exploit release (source)