https://hackaws.cloud/blog Technical analysis of AWS security incidents, blast radius patterns, and cloud attack surface insights. en-us Mon, 06 Apr 2026 00:00:00 GMT https://hackaws.cloud/blog/aws-security-agent-vs-hackaws-cloud https://hackaws.cloud/blog/aws-security-agent-vs-hackaws-cloud Mon, 06 Apr 2026 00:00:00 GMT AWS launched its autonomous penetration testing agent. It finds XSS, SQLi, and application-layer vulnerabilities. It doesn't map your IAM blast radius. These are two different problems, and your environment probably has both. iam blast-radius aws-security comparison https://hackaws.cloud/blog/aws-credential-harvesting-industrialized https://hackaws.cloud/blog/aws-credential-harvesting-industrialized Fri, 03 Apr 2026 00:00:00 GMT 766 hosts compromised. 196 sets of AWS credentials stolen. One operator with a search engine for your secrets. The UAT-10608 campaign isn't an outlier. It's the new baseline for how attackers harvest cloud credentials at scale. blast-radius credential-access iam supply-chain https://hackaws.cloud/blog/litellm-teampcp-supply-chain-aws-footholds https://hackaws.cloud/blog/litellm-teampcp-supply-chain-aws-footholds Mon, 30 Mar 2026 00:00:00 GMT TeamPCP didn't attack AWS to steal AWS credentials. They compromised a CI pipeline and waited for the credentials to come to them. The campaign that hit Trivy, LiteLLM, and Checkmarx in 8 days reveals something important about where your AWS keys actually rest. blast-radius supply-chain credential-access lateral-movement https://hackaws.cloud/blog/aws-security-bulletins-trust-boundary-pattern https://hackaws.cloud/blog/aws-security-bulletins-trust-boundary-pattern Thu, 26 Mar 2026 00:00:00 GMT We read every AWS security bulletin from the last six months. The recurring theme isn't buffer overflows or cryptographic flaws. It's trust boundary failures that turn minor permissions into full privilege escalation. blast-radius iam privilege-escalation lateral-movement https://hackaws.cloud/blog/ssrf-credential-theft-blast-radius-hackerone https://hackaws.cloud/blog/ssrf-credential-theft-blast-radius-hackerone Mon, 16 Mar 2026 00:00:00 GMT We analyzed 1,169 AWS-related HackerOne reports. The dominant pattern: SSRF or leaked credentials become full infrastructure access because nobody measured the blast radius of the compromised identity. blast-radius ssrf iam credential-exposure https://hackaws.cloud/blog/aws-finally-gave-s3-buckets-their-own-rooms https://hackaws.cloud/blog/aws-finally-gave-s3-buckets-their-own-rooms Sat, 14 Mar 2026 00:00:00 GMT For years, predictable S3 bucket names let attackers squat resources and hijack AWS services. Account-regional namespaces, launched March 2026, eliminate the entire attack class. Here's what changed and what you need to do. s3 iam supply-chain shadow-resources https://hackaws.cloud/blog/blast-radius-lexisnexis-breach https://hackaws.cloud/blog/blast-radius-lexisnexis-breach Mon, 09 Mar 2026 00:00:00 GMT A single ECS task role with read access to every secret in the account. The LexisNexis breach is a textbook case of why blast radius validation matters. blast-radius iam secrets-manager breach-analysis https://hackaws.cloud/blog/capital-one-ssrf-imds-blast-radius https://hackaws.cloud/blog/capital-one-ssrf-imds-blast-radius Sat, 07 Mar 2026 00:00:00 GMT In 2019, a single SSRF vulnerability turned into 106 million stolen records. AWS shipped IMDSv2. Seven years later, half of EC2 instances still don't enforce it, and attackers have industrialized the technique. blast-radius ssrf iam imds breach-analysis