iam
-
Crimson Collective targets AWS cloud instances to steal data and extort firms
Researchers at Rapid7 said the Crimson Collective has been exploiting exposed AWS credentials to create privileged IAM users, export database and storage snapshots for exfiltration, and issue extortion demands; AWS recommended using short‑term, least‑privileged credentials and provided remediation guidance.
-
Security firm flags in-the-wild exploitation of Pandoc flaw CVE-2025-51591 to target AWS IMDS
Security researchers at Wiz have observed in-the-wild exploitation of CVE-2025-51591, a Pandoc flaw that enables SSRF against AWS EC2 IMDS, with attackers attempting to exfiltrate data via crafted iframes. The activity underscores the importance of IMDSv2 and least-privilege IAM roles to mitigate cloud credential exposure.
