The Silent Attackers: Exploiting VPC Endpoints to Expose AWS Accounts of S3 Buckets Without a Trace by Maya Parizer

In the latest round of "how to win AWS account IDs and influence Amazon into tacitly admitting account IDs are not not secret" (double not intended), Maya got network activity CloudTrail events to reveal account IDs of arbitrary S3 buckets. This was the simplest of all the techniques previously disclosed, which makes it even more impressive - so it's sad to see it "fixed." Previous research from Ben Bridts, Sam Cox, and myself.

Bedrock'n'role: Annoying trust relationships in Bedrock service roles by Daniel Grzelak

It me, playing with Bedrock. For certain resource types, the management console will generate execution roles with overly permissive trust policies. Oddly, some resources have fully scoped trusts and others use wildcards.

Datadog threat roundup: Top insights for Q3 2025 by Greg Foss, Christophe Tafani-Dereeper, Eslam Salem, and Tesnim Hamdouni

I look forward to each iteration of this cloud threaty-threats report. In case you weren't aware, long-term creds are still getting leaked and used in many breaches, disclosed and undisclosed. Also, attackers like AI as much or more than your manager. But my favorite part is that AI is being used to generate profiles for fake remote workers applying for remote jobs. The included screenshot is of a very attractive man, which finally gives me hope that being born horribly unattractive was actually a good thing and I'll start getting more job offers because I'm clearly not AI-generated.