🥖 Palette Cleanser

On 15 January AWS launched the very independent-sounding European Sovereign Cloud. It's physically and logically separate from other AWS regions, with EU-only operations, dedicated IAM, etc.

I'm no lawyer, but apparently, despite technical isolation, the CLOUD Act and FISA still allow U.S. authorities to request data regardless of infrastructure location. AWS remains a U.S.-headquartered company subject to U.S. jurisdiction. The Cloud Security Alliance has a detailed Q&A for worried souls.

First they gave us the aws partition, and we assumed it was universal. Then they gave us aws-us-gov, and we called it an exception. We ignored aws-cn. Now they give us aws-eusc, and it's time we found some silly partition confusion vulnerabilities. That's my dramatic reading of Scott Piper's prediction anyway. I may or may not have registered one or two popular s3 bucket names.

There wasn't much AWS-specific security content this week, but plenty that applies to many cloud providers, including AWS. If that's not your style, you can skip Chef's Selections.

Have feedback about AWS Security Digest? Tell us here. This issue is also available to share online.

📋 Chef's selections

• How Public Container Registries Have Become a Silent Risk Multiplier in a Modern Supply Chain by Amit Gadhave

  Amit scanned 34,000 Docker Hub images and found 2,500 confirmed malicious ones. Seventy percent were cryptominers, mostly typosquatted versions of nginx, ubuntu, and drupal that immediately fire up XMRig to mine Monero. The tells seem to be pretty simple: non-pronounceable usernames, pull counts under 1,000, and base image names that look right but aren’t.

• VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun by Check Point

  Researchers found a malware framework written almost entirely by AI under one developer's direction. Using “Spec Driven Development,” they fed an AI assistant project requirements and sprint schedules, producing 88,000 lines of eBPF rootkits, cloud enumeration, and C2 code in under a week. Apparently, the developer's opsec sucked (planning docs left exposed), but the speed of AI-assisted malware development is the real headline.

🥗 AWS security blogs

• 📣 AWS expands Resource Control Policies support for Cognito and CloudWatch Logs
• 📣 AWS Security Agent now supports GitHub Enterprise Cloud
• 📣 AWS introduces additional policy details to access denied error messages
• Game development infrastructure simplified with AWS Game Dev Toolkit by Basim Siddiqui
• Updated PCI PIN compliance package for AWS Payment Cryptography now available by Tushar Jain
• AWS achieves 2025 C5 Type 2 attestation report with 183 services in scope by Tea Jioshvili
• AWS renews the GSMA SAS-SM certification for two AWS Regions and expands to cover four new Regions by Michael Murphy
• Exploring common centralized and decentralized approaches to secrets management by Brendan Paul
• Fall 2025 SOC 1, 2, and 3 reports are now available with 185 services in scope by Tushar Jain

🍛 Reddit threads on r/aws

• Configuring HTTPS on single-instance application

💸 Sponsor shoutout

Meet Pleri: your AI-powered cloud security teammate. She’s not a chatbot. Pleri proactively finds meaningful security work and fixes issues before they become problems.

Learn more about Pleri and see her in action.

🧁 IAM permission changes

• evs
• datazone
• launchwizard
• pca-connector-scep
• bedrock
• evs

🍪 API changes

• Amazon Connect Service
• Amazon DataZone
• Amazon Q Connect
• Auto Scaling
• AWS Budgets
• Amazon Elastic Compute Cloud
• Amazon GameLift
• Amazon GuardDuty
• Amazon Bedrock AgentCore
• AWS Config
• Amazon Elastic Compute Cloud
• Amazon QuickSight
• Auto Scaling
• Amazon Bedrock Runtime
• Amazon Keyspaces
• odb
• Amazon Verified Permissions
• Amazon Workspaces Instances

🍹 IAM managed policy changes

• AmazonSageMakerHyperPodGatedModelAccess
• SecurityAgentWebAppAPIPolicy
• AmazonECSServiceRolePolicy

☕ CloudFormation resource changes

• AWS::MWAAServerless::Workflow

🎮 Amazon Linux vulnerabilities

• CVE-2026-24515: libexpat XML parser fails to copy encoding handler data
• CVE-2025-15059: GIMP PSP parser heap buffer overflow enables RCE (7.8)
• CVE-2026-23893: openCryptoki symlink-following privilege escalation
• CVE-2025-71176: pytest /tmp directory patterns enable DoS or privilege escalation
• CVE-2024-31884: Ceph Pybind improper SSL certificate checking (Not Affected)
• CVE-2026-23952: ImageMagick MSL parser null pointer dereference DoS
• CVE-2026-24049: python-wheel malicious package can modify system file permissions (7.1)
• CVE-2025-13878: BIND malformed records crash named (7.5, Not Affected)
• CVE-2025-12781: Python base64 accepts invalid chars with altchars parameter
• CVE-2025-15281: glibc wordexp may return uninitialized memory causing crash
• CVE-2026-21925: Java RMI unauthorized network data access
• CVE-2026-21964: MySQL/MariaDB thread pooling DoS
• CVE-2026-22770: ImageMagick BilateralBlurImage memory init flaw (Not Affected)
• CVE-2026-21952: MySQL Parser component DoS
• CVE-2026-21937: MySQL DDL component DoS
• CVE-2026-21948: MySQL Optimizer DoS (high priv required)
• CVE-2026-21965: MySQL Pluggable Auth partial DoS
• CVE-2026-23874: ImageMagick MSL infinite recursion stack overflow
• CVE-2026-21950: MySQL Optimizer DoS (low priv)
• CVE-2025-15367: Python poplib command injection via newlines (7.1)
• CVE-2025-33230: NVIDIA Nsight .run installer command injection (Not Affected)
• CVE-2025-15366: Python imaplib command injection via newlines (7.1)
• CVE-2026-0672: Python http.cookies HTTP header injection
• CVE-2025-56005: python-ply pickle deserialization RCE
• CVE-2026-23876: ImageMagick XBM decoder heap buffer overflow (8.1)
• CVE-2025-15282: Python urllib DataHandler HTTP header injection
• CVE-2026-21929: MySQL Parser DoS (low priv)
• CVE-2025-11468: Python email header folding enables injection
• CVE-2026-21941: MySQL Optimizer DoS (high priv)
• CVE-2026-21947: Java JavaFX unauthorized data modification (Not Affected)
• CVE-2025-33229: NVIDIA Nsight Monitor arbitrary code execution (Not Affected)
• CVE-2026-21933: Java Networking unauthorized data access
• CVE-2026-21932: Java AWT/JavaFX critical data modification (7.4)
• CVE-2025-33228: NVIDIA Nsight gfx_hotspot command injection (7.3)
• CVE-2026-21936: MySQL InnoDB DoS (high priv)
• CVE-2026-21945: Java SSRF in TLS handshake enables DoS (7.5)
• CVE-2026-21949: MySQL Optimizer DoS (low priv)
• CVE-2026-0865: Python HTTP header injection via newlines
• CVE-2026-21968: MySQL Optimizer DoS (low priv)
• CVE-2026-23950: node-tar race condition symlink poisoning (8.8)
• CVE-2025-33231: NVIDIA Nsight DLL loading vulnerability (Not Affected)

📺 AWS security bulletins

• CVE-2026-1386 - Arbitrary Host File Overwrite via Symlink in Firecracker Jailer

🚬 Security documentation changes

• Route 53 added 'noreply@emailverification.info' to domain verification email addresses
• Route 53 added new verification email address and updated load balancer terminology
• Athena added authentication examples for connecting self-managed clients to Athena Spark
• AWS CLI clarified MeterUsage auth requirements for EC2, EKS, ECS, and Bedrock deployments
• CloudHSM added security note about escaping special characters in CLI commands
• CloudHSM expanded cluster initialization with CA creation guidance and OpenSSL/AWS PCA examples
• CloudHSM client library's default certificate expires January 31, 2026 - action required
• Cognito added SAP ABAP SDK example for AdminInitiateAuth with SECRET_HASH handling
• Cognito added SAP ABAP SDK example for AdminRespondToAuthChallenge with MFA support
• Cognito added SAP ABAP SDK example for AssociateSoftwareToken with session validation
• Control Tower added guidance for updating Config Delivery Channel S3 buckets for landing zone 4.0 CloudTrail
• EKS clarified Argo CD permissions model for global vs project-scoped roles and sourceNamespaces
• EKS added new platform versions (1.34.2, 1.33.6) with security fixes
• Global Accelerator added warnings about security controls bypassed when client IP preservation is enabled
• GovCloud clarified FIPS 140-3 compliance requirements and added explicit encryption requirements for export data
• Lightsail removed step showing default password retrieval from documentation
• Managed Services added EC2 alarm condition requiring Systems Manager polling unresponsiveness
• Managed Services updated EC2 alarm conditions and Elastic Load Balancing terminology
• WAF added documentation for cross-account CloudTrail logging of specific API operations
• Wickr v6.60.05.78 includes authorization validation fix
• AWS CLI added browser extensions configuration with S3 storage requirements
• AWS CLI added --extensions parameter with security constraints for browser extension config
• AWS CLI added iamRoles field showing IAM service roles for Autonomous VM clusters
• Amazon Connect added Lex bot IAM permissions requirements for message streaming
• EC2 fixed syntax error in CLI example for security group ingress rules
• EC2 AMI version history updated to 2026 with January security updates
• KMS external key store quota changed from adjustable to non-adjustable
• KMS removed instructions for requesting external key store quota changes
• Lambda updated runtime deprecation timelines and announced Amazon Linux 2 EOL with security patch commitments
• Systems Manager added security warning about IAM bypass risk in AWS-RunDocument with mitigation strategies
• WorkSpaces expanded smart card documentation for Ubuntu 22.04, Rocky Linux, and RHEL with OCSP/certificate mapping