A tag to rule them all: Using AWS tags to enumerate cloud resources by Bleon Proko

Did you know you could just list all the tag keys used in an AWS account? I thought the fact you could use the aws:ResourceTag policy condition to enumerate tag values was wild. The AWS resource tagging API and service-based tag APIs are straight up unhinged. This is a brilliant write-up of how those APIs can be abused within an account to identify tags, their values, and identifiers associated with them. It even comes with an open-source tool that makes the work trivial.

Bedrock’s New API Keys: Convenience at a Hidden Security Cost by Sergio Garcia

Sergio's write-up is very similar to Adan's post highlighted in issue 219. The difference is that Sergio digs deeper into the hidden risks of long-term API keys creating their own IAM identities, while Adan focuses more on explaining how the feature works. Sergio also points out that short-term keys can inherit overly broad permissions from the creator, which makes them harder to spot in normal IAM reviews.

Datadog threat roundup: Top insights for Q2 2025 by Greg Foss, Andy Giron, Matt Muir

I love a good threat roundup. It's obviously marketing, but the DD ones don't read like marketing. The details about actors using Amazon API Gateway and AWS Lambda functions to maintain stealthy access are fun. Here's a dead-simple example from 2016 of the AWS CLI running in Lambda as a backdoor.