🥖 Palette Cleanser

OpenSSL and AI-driven vulnerability discovery tried to set the internet on fire this week but failed. Just. CVE-2025-15467 is a high-severity stack buffer overflow in OpenSSL's encrypted message parsing that requires no keys, no authentication, and no user interaction to trigger. Apparently, modern compiler protections save the day by reducing what could have been remote code execution to "just" a crash, but exploit developers are clever, so patch ASAP.

If you are a fan of Well-Architected and AI, it's worth noting AWS added over 15 generative AI security best practices to the Well-Architected Framework this week, covering everything from IAM least privilege for AI services and separation of duties for model governance to AI-specific incident response procedures, ransomware protection for models and prompts, and autonomous agent management frameworks.

Otherwise, some solid content this week. Enjoy.

Have feedback about AWS Security Digest? Tell us here. This issue is also available to share online.

📋 Chef's selections

• Threat Actors Using AWS WorkMail in Phishing Campaigns by Jan Blazek

  Attackers with compromised AWS credentials quickly ran into the SES sandbox buzzkill (200 emails/day) and pivoted to WorkMail instead, which allows sending to far more external recipients with no sandbox restrictions. They registered phishing domains, verified them via SES, spun up WorkMail mailboxes, and sent campaigns that rode Amazon’s sender reputation. Bonus points: emails sent via SMTP don’t generate CloudTrail events, even with SES data events enabled, creating a nice little visibility blind spot for defenders.

• Bringing OSS runtime security to AWS: Falco integration with AWS Security Hub CSPM by Dan Belmonte

  The folks at Sysdig published a one-click AWS Marketplace solution that deploys the Cloud Native Computing Foundation (CNCF)-graduated Falco runtime security tool to EKS clusters and pipes eBPF-based detections into Security Hub CSPM via CloudWatch and Lambda. It's a corporate blog, so there’s a bit of self-promotion (Falco was originally a Sysdig project), but the integration itself is open source and the MITRE ATT&CK-aligned ruleset for catching shell spawns, privilege escalation, suspicious file access, and unusual network activity in containers is genuinely useful.

• Aren't AWS Cloud Investigations the same as On-Prem? - Part 2 (AWS S3) by Chester Le Bron

  I like Chester's posts because he always writes from his own experience. S3’s flat namespace, globally unique bucket names, and multi-tier logging model (CloudTrail management events, optional CloudTrail data events at cost, and best-effort server access logs) make investigations a different beast from on-prem NAS forensics. The post walks through how compromised credentials can skip a traditional “login” step, why exfiltration via S3 can slip past conventional data loss prevention (DLP), and how detecting anomalous GetObject calls at scale is both expensive and noisy unless logging and bucket policies are deliberately configured up front.

🥗 AWS security blogs

• 📣 AWS Lambda launches enhanced observability for Kafka event source mappings
• 📣 New Partner Revenue Measurement gives visibility into AWS service consumption
• 📣 Amazon Cognito introduces inbound federation Lambda triggers
• 📣 AWS Network Firewall now supports GenAI traffic visibility and enforcement with Web category-based filtering
• 📣 Amazon WorkSpaces Core announces monthly pricing for managed instances
• Create a customizable cross-company log lake, Part II: Build and add Amazon Bedrock by Colin Carson
• Secure Apache Spark writes to Amazon S3 on Amazon EMR with dynamic AWS KMS encryption by Pinxi Tai
• How to get started with security response automation on AWS by Cameron Worrell
• File integrity monitoring with AWS Systems Manager and Amazon Security Lake by Adam Nemeth
• IAM Identity Center now supports IPv6 by Suchintya Dandapat
• Updated PCI PIN compliance package for AWS CloudHSM now available by Tushar Jain

🍛 Reddit threads on r/aws

• Help with security groups

💸 Sponsor shoutout

Meet Pleri: your AI-powered cloud security teammate. She’s not a chatbot. Pleri proactively finds meaningful security work and fixes issues before they become problems.

Learn more about Pleri and see her in action.

🧁 IAM permission changes

• redshift-serverless
• redshift
• servicequotas
• transfer
• dynamodb
• s3
• securityagent
• sso
• arc-region-switch
• route53-recovery-control-config

🍪 API changes

• Amazon Connect Service
• Amazon Elastic Compute Cloud
• Amazon GameLift
• Amazon Cognito Identity Provider
• Amazon Connect Service
• Amazon Elastic Compute Cloud
• AWS Lambda
• AWS MediaConnect
• AWS Elemental MediaConvert
• Amazon Simple Storage Service
• AWS S3 Control
• Amazon Connect Service
• AWSDeadlineCloud
• Amazon Elastic Compute Cloud
• AWS Elemental MediaLive
• Amazon SageMaker Service
• Amazon Connect Cases
• Amazon Elastic Compute Cloud
• AWS Ground Station

🍹 IAM managed policy changes

• AWSSupportServiceRolePolicy
• AmazonSageMakerHyperPodInferenceAccess
• SageMakerStudioUserIAMDefaultExecutionPolicy
• SageMakerStudioProjectRoleMachineLearningPolicy
• SageMakerStudioProjectProvisioningRolePolicy
• SageMakerStudioAdminIAMDefaultExecutionPolicy
• AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy

☕ CloudFormation resource changes

No resource updates this week.

🎮 Amazon Linux vulnerabilities

• CVE-2026-24679: FreeRDP client-side vulnerability
• CVE-2026-24684: FreeRDP client-side vulnerability
• CVE-2026-24676: FreeRDP client-side vulnerability
• CVE-2026-24678: FreeRDP client-side vulnerability
• CVE-2026-24491: FreeRDP client-side vulnerability
• CVE-2026-25210: libexpat integer overflow in tag buffer reallocation (CVSS 6.9)
• CVE-2026-24681: FreeRDP client-side vulnerability
• CVE-2026-24675: FreeRDP client-side vulnerability
• CVE-2026-24680: FreeRDP client-side vulnerability
• CVE-2026-24683: FreeRDP client-side vulnerability
• CVE-2026-24677: FreeRDP client-side vulnerability
• CVE-2026-24682: FreeRDP client-side vulnerability
• CVE-2020-37011: GNOME Font Viewer heap corruption via crafted TTF font
• CVE-2026-25068: alsa-lib heap buffer overflow in topology mixer control decoder
• CVE-2026-1539: libsoup leaks proxy auth credentials on redirect to different host
• CVE-2025-33220: NVIDIA vGPU Manager heap use-after-free enables code execution (CVSS 7.8)
• CVE-2026-1536: libsoup CRLF injection in Content-Disposition enables HTTP response splitting
• CVE-2025-33217: NVIDIA Display Driver use-after-free enables privilege escalation (CVSS 7.8)
• CVE-2025-33219: NVIDIA Linux kernel module integer overflow enables code execution (CVSS 7.8)
• CVE-2026-0818: Thunderbird CSS-based exfiltration of partially encrypted email content
• CVE-2026-23014: Linux kernel perf subsystem hrtimer not properly destroyed
• CVE-2025-33218: NVIDIA Windows kernel mode layer integer overflow (CVSS 7.8)
• CVE-2026-24842: node-tar path traversal via hardlink validation bypass (CVSS 7.4)
• CVE-2025-28164: libpng buffer overflow in png_create_read_struct causes DoS
• CVE-2025-28162: libpng memory leak via malicious PNG leads to DoS
• CVE-2025-66199: OpenSSL TLS 1.3 certificate compression allocates oversized buffer for DoS
• CVE-2025-69420: OpenSSL type confusion in TimeStamp Response verification
• CVE-2025-69418: OpenSSL AES-NI OCB mode leaves partial blocks unencrypted
• CVE-2026-24881: GnuPG gpg-agent stack overflow via crafted S/MIME message (CVSS 8.1)
• CVE-2025-15468: OpenSSL QUIC NULL dereference on unknown cipher suite (CVSS 7.5)
• CVE-2025-11187: OpenSSL PKCS#12 PBMAC1 stack buffer overflow during MAC verification
• CVE-2025-68160: OpenSSL heap out-of-bounds write in line-buffering filter
• CVE-2025-69421: OpenSSL PKCS#12 NULL pointer dereference in decrypt function (CVSS 7.5)
• CVE-2026-24869: Firefox use-after-free in scrolling/overflow layout (CVSS 8.8)
• CVE-2026-1467: libsoup CRLF injection via URL-decoded proxy Host header
• CVE-2026-1485: glib2 buffer underflow in content type parsing via treemagic files
• CVE-2025-15467: OpenSSL CMS stack buffer overflow via oversized IV enables RCE (CVSS 7.5)
• CVE-2026-24868: Firefox anti-tracking mitigation bypass
• CVE-2025-69419: OpenSSL PKCS#12 BMPString one-byte buffer underwrite
• CVE-2026-22796: OpenSSL PKCS7 type confusion in digest_from_attributes (CVSS 7.5)
• CVE-2026-24883: GnuPG crash via long signature packet NULL dereference
• CVE-2026-24882: GnuPG tpm2daemon stack overflow handling PKDECRYPT for TPM keys (CVSS 7.8)
• CVE-2026-1489: glib2 integer overflow in Unicode case conversion causes memory corruption
• CVE-2026-1484: glib2 Base64 encoding buffer boundary miscalculation
• CVE-2026-24686: Finch go-tuf path traversal writes metadata outside cache directory
• CVE-2026-22795: OpenSSL NULL pointer dereference via malformed PKCS#12 file
• CVE-2025-15469: OpenSSL dgst silently truncates input to 16MB during one-shot signing

📺 AWS security bulletins

No bulletins this week.

🚬 Security documentation changes

• Cognito added InboundFederation Lambda trigger for transforming federated user attributes during external IdP authentication
• Cognito InboundFederation Lambda trigger added to UserPool structure output
• Cognito InboundFederation Lambda trigger added to UserPools output structure
• New S3 UpdateObjectEncryption operation with KMS key configuration and Bucket Key enablement
• CloudHSM added security warning about password exposure in command history
• Cognito updated OIDC claims specification link from HTTP to HTTPS
• Cognito changed security masking value from HIDDEN_FOR_SECURITY_REASONS to HIDDEN_DUE_TO_SECURITY_REASONS
• Deadline Cloud added detailed instructions for customizing monitor role permissions using condition keys
• DMS noted SASL Authentication is only supported for Apache Kafka up to version 3.8, unsupported in 4.0+
• DMS clarified S3 bucket ownership validation logic and cross-account requirements for ExpectedBucketOwner
• EventBridge now requires connections reach AUTHORIZED state before API destination creation
• FIS added Multi-Region strongly consistent global table support with resource policy examples and permissions
• Inspector added CVE mitigation guidance for SSM plugin/SBOM Generator and updated malicious package statistics
• Inspector released SBOM Generator v1.10.1 for Linux with download links and SHA-256 checksums
• Amazon Linux 2023.10 released with 200+ package updates including new ClamAV 1.5, Pacemaker, and Corosync
• AL2023.10 release notes updated with kernel livepatch packages, PHP 8.5, Python 3.13, and security tool updates
• AL2023.10 release notes added ClamAV 1.5, updated OpenSSL, kernel, Firefox, and Java runtimes
• Macie corrected behavior: manual score 100 now stops automated discovery instead of continuing it
• Marketplace added IAM permission requirements for FPGA image sharing
• Marketplace added link to IAM permission docs for FPGA image sharing
• SNS added Python code example for SNS-SQS FIFO integration with message filtering and deduplication
• Aurora DSQL added connectivity tools (DBeaver, SQLTools, Tortoise ORM) with IAM authentication support
• DRS updated supported kernel versions (6.8 to 6.14) and added Rocky Linux 9.7, RHEL 9.7 support
• Lambda added Terraform support and replaced custom IAM permissions with managed AWSLambdaBasicDurableExecutionRolePolicy
• Security IR enhanced proactive containment docs with IAM role requirements and containment preference options
• Security IR expanded case creation to include security capability inquiries and GuardDuty suppression rule questions
• Well-Architected added generative AI testing guidance with cost caps, token quota guardrails, and IAM/SCP segregation
• Well-Architected added generative AI risk management framework with model validation and bias monitoring
• Well-Architected added best practices for evaluating data privacy/security and prompt engineering standards for gen AI
• Well-Architected added generative AI observability best practice including security monitoring
• Well-Architected added generative AI incident response procedures best practice
• Well-Architected added gen AI feedback loops and chaos engineering best practices
• Well-Architected added IAM least privilege guidance and network controls for generative AI services
• Well-Architected added separation of duties for gen AI workloads including prompt engineering and model governance roles
• Well-Architected added gen AI monitoring for model behavior, response validation, and AI capability misuse detection
• Well-Architected added AI vulnerability scanning in CI/CD and automated response validation using Bedrock Guardrails
• Well-Architected extended network monitoring to cover AI endpoint access, model invocations, and data flow patterns
• Well-Architected expanded ransomware guidance to include AI protection measures with S3 Object Lock and GuardDuty
• Well-Architected added AI-specific incident reporting for model manipulation and poisoning attacks
• Well-Architected added gen AI governance, continuous model monitoring, and autonomous agent management frameworks
• Well-Architected added new section on Bedrock, SageMaker AI, and related gen AI/ML services
• WorkSpaces added Advanced Printing, screen capture protection, performance counters, and Firefox WebAuthn support