Security News > 2025 > April > Hackers target SSRF bugs in EC2-hosted sites to steal AWS credentials
2025-04-09 20:58
A targeted campaign exploited Server-Side Request Forgery (SSRF) vulnerabilities in websites hosted on AWS EC2 instances to extract EC2 Metadata, which could include Identity and Access Management (IAM) credentials from the IMDSv1 endpoint. [...]