Computing

Thousands of AWS credentials compromised via misconfigured websites

A major operation seeking exposed credentials of Amazon Web Services (AWS) customers has been discovered, with hackers scanning millions of websites and exfiltrating sensitive data from thousands of ...
Bleeping Computer

Cryptojacking worm steals AWS credentials from Docker systems

A cybercrime group known as TeamTNT is using a crypto-mining worm to steal plaintext AWS credentials and config files from compromised Docker and Kubernetes systems. TeamTNT's cryptocurrency mining ...
CRN

AWS’ EKS Kubernetes ‘Critical Security’ Flaw Exposes Credentials, Says Trend Micro

AWS said in a statement to CRN that it completed an investigation into the security flaw and determined that it ‘is not a security issue, but rather expected behavior that falls within the trust ...

CISA Contractor Exposed Sensitive Credentials in Public GitHub Repository

CISA is investigating after a contractor’s public GitHub repository exposed AWS GovCloud credentials, internal files, and passwords.
The Next Web

Researchers tricked an OpenClaw AI agent into leaking AWS keys and customer data with a phishing email

Varonis built an OpenClaw email agent and phished it. It handed over AWS credentials, database keys, and a CRM export for 247 customers without verifying who asked.

The Hidden Complexity In AI Infrastructure: Why Credentials Are The Real Attack Surface

The Weaviate incident in 2025 illustrated this clearly. A researcher discovered an exposed OpenAI API key in a public ...
Yahoo Finance

BigID Unveils Unified AWS Integrations for Credential Security, Governed GenAI, and Cloud Security Intelligence

The above button links to Coinbase. Yahoo Finance is not a broker-dealer or investment adviser and does not offer securities or cryptocurrencies for sale or facilitate trading. Coinbase pays us for ...
SiliconANGLE

AWS IAM credentials at risk: EleKtra-Leak operation revealed by Unit 42

A new report from Palo Alto Networks Inc.’s Unit 42 warns of a new active campaign targeting exposed Amazon Web Services Inc. identity and access management credentials within public GitHub ...