🥖 Palette Cleanser

Sometimes it feels like everyone is moving from cloud security to AI security. This week there weren't many AWS security articles so I went a few weeks back to find 2 awesome articles I missed (sorry) when they were published. I think you'll enjoy them even if they aren't strictly from this week. The alternative is... more AI. 😬

AWS dropped a breakdown of the March 2026 update to their Threat Technique Catalog. The thing that stood out to me is the Cognito Refresh Token Abuse. It stood out because it implies it's happening regularly enough to warrant inclusion. If an attacker grabs a refresh token from credential theft or compromised browser storage, they can silently call cognito-idp:GetTokensFromRefreshToken to mint fresh access and ID tokens whenever they want. Default refresh token lifetime is 30 days and is configurable up to 10 years, and without rotation enabled the same token keeps working for that entire window. Persistence with no password reset, no MFA prompt, and a CloudTrail event that blends in with legitimate client renewals.

Have feedback about AWS Security Digest? Tell us here. This issue is also available to share online.

📋 Chef's selections

• Unexpected Routing Behaviour in AWS with VPC Peering and NAT Gateway by Aleksi Kallio

  AWS docs say a VPC peering connection needs return routes configured on both sides for stateful traffic to flow. Aleksi found that's not the case when the originating subnet's route table points the peer's CIDR at a NAT gateway instead of directly at the peering connection. The peer becomes reachable even with no peering route configured back, and even an explicit return route pointing somewhere other than the peering connection gets ignored on the response leg. AWS confirmed it as "expected behaviour", attributing it to connection tracking and route caching that can persist for up to 5 days after the route is removed. Kind of obvious once you remember the NAT gateway is doing connection tracking, but not explicitly stated in the docs. Route tables are not a security control. Security Groups and NACLs are.

• TrailTool: CloudTrail for AI Agents by Alex Smolen

  Pointing Claude at raw CloudTrail to ask "did contractor@company.com update this S3 bucket in the last 30 days?" burns tokens and context window on undifferentiated query-stitching across terabytes of logs. Alex built TrailTool, an open-source pre-aggregator that ingests CloudTrail with Lambda, caches it in DynamoDB, and groups events into People, Sessions, Roles, Services, and Resources so the agent skips straight to reasoning. Walks through four AWS-native workflows including detecting ClickOps and converting to IaC, generating least-privilege IAM policies (via iamlive mappings) from real session activity, auto-resolving AccessDenied errors, and validating break-glass sessions against the operator's stated justification. Pretty damn cool.

• Every PaaS Breach Becomes an AWS Breach by hackaws.cloud

  The world gave us everything aaS. We took it all and now it's virtually impossible to build a modern business without lots of aaS. Unfortunately, it all needs to integrate together somehow, so we diligently stick some of our most sensitive credentials in the aaS. There's nothing inherently special about those platforms and eventually they get breached or pseudo-breached and we are left to clean up. This article makes the claim it's a pattern but the most important thing to remember is to try to use short-lived integrations like OIDC where possible and limit the permissions you give away because eventually you'll be cleaning up the mess.

🥗 AWS security blogs

• 📣 IAM Roles Anywhere now enforces VPC endpoint policies for the CreateSession API
• 📣 AWS Payment Cryptography now supports paper-based key exchange
• 📣 AWS Outposts racks now support LagStatus CloudWatch metric
• 📣 Amazon GameLift Streams now supports Proton 10 runtime
• 📣 Amazon WorkSpaces Personal enhances PCoIP to DCV protocol migration
• 📣 AWS KMS now tracks last usage of all KMS keys
• Identifying security risks using AWS Cost and Usage Report data by Steph Gooch
• Implementing fine-grained Amazon Route 53 access using IAM condition keys (Part 2) by Daniel Yu
• CMMC Level 2 compliance on AWS: Why control ownership is where organizations struggle by Alexandria Burke
• Deep dive into FedRAMP 20x Key Security Indicators: Decoding the 63 KSIs by Paul Keastead
• Security posture improvement in the AI era by Celeste Bishop
• Announcing the ISO 31000:2018 Risk Management on AWS Compliance Guide by Jesse McMahan
• Designing trust and safety into Amazon Bedrock powered applications by Victor Lungu
• What the March 2026 Threat Technique Catalog update means for your AWS environment by Shannon Brazil
• Access control with IAM Identity Center session tags by Rashmi Iyer
• Optimize security operations through an AWS Security Hub POC by Kyle Shields
• Can I do that with policy? Understanding the AWS Service Authorization Reference by Anshu Bathla

🍛 Reddit threads on r/aws

No threads this week.

💸 Sponsor shoutout

Meet Pleri: your AI security engineer. She’s not a chatbot. Pleri proactively finds meaningful security work and fixes issues before they become problems.

Learn more about Pleri and see her in action.

🧁 IAM permission changes

• application-signals-mcp
• aidevops
• cloudwatch
• bedrock-agentcore
• agentaccess-mcp
• iottwinmaker
• payment-cryptography
• gamelift
• q
• wickr
• scheduler
• aidevops
• trustedadvisor
• aws-marketplace-discovery
• kms

🍪 API changes

• Amazon AppStream
• Amazon CloudWatch
• AWS EntityResolution
• AWS IoT
• Amazon CloudWatch Logs
• Amazon Q Connect
• Amazon QuickSight
• Amazon Bedrock AgentCore Control
• Amazon Bedrock AgentCore
• Amazon DataZone
• Amazon Elastic Kubernetes Service
• Managed Streaming for Kafka
• CloudWatch Observability Admin Service
• Payment Cryptography Control Plane
• Amazon Route 53 Global Resolver
• Amazon SageMaker Service
• AWS Single Sign
• AWS Account
• Amazon Bedrock AgentCore Control
• Amazon Bedrock AgentCore
• Amazon CloudFront
• AWSDeadlineCloud
• Amazon GameLift
• AWS Elemental MediaPackage v2
• Amazon CloudWatch Application Signals
• AWS Glue
• Amazon Interactive Video Service
• AWS Key Management Service
• Amazon CloudWatch Logs
• Application Migration Service
• Amazon Omics
• Amazon OpenSearch Service
• Amazon WorkSpaces

🍹 IAM managed policy changes

• AmazonCognitoUnAuthedIdentitiesSessionPolicy
• SecurityAudit
• AWSObservabilityAdminTelemetryEnablementServiceRolePolicy
• AWSMarketplaceSellerFullAccess
• AWSElasticBeanstalkWorkerTier
• AWSElasticBeanstalkWebTier
• AWSElasticBeanstalkMulticontainerDocker
• AWSSecurityHubServiceRolePolicy
• EC2ApplicationStatusChecksServiceRolePolicy
• AmazonEKSLoadBalancingPolicy
• AWSTransformCustomManageTransformations
• AWSTransformCustomExecuteTransformations

☕ CloudFormation resource changes

• AWS::NetworkFirewall::FirewallPolicy and
• AWS::NetworkFirewall::RuleGroup

🎮 Amazon Linux vulnerabilities

• CVE-2026-6276: curl - Host header leaks between requests
• CVE-2026-5773: curl - SMB connection reuse mix-up
• CVE-2026-5056: gstreamer - MOV/MP4 demuxer OOB
• CVE-2026-42013: gnutls - oversized SAN falls back to CN
• CVE-2026-7168: curl - proxy auth header leaks across hosts
• CVE-2026-42011: gnutls - permitted name constraint bypass
• CVE-2026-42009: gnutls - DTLS qsort comparator UB
• CVE-2026-5419: gnutls - PKCS#7 padding timing leak
• CVE-2026-5260: gnutls - PKCS#11 RSA premaster heap overread
• CVE-2026-42012: gnutls - URI/SRV SAN falls back to CN
• CVE-2026-42015: gnutls - PKCS#12 bag OOB write
• CVE-2026-42010: gnutls - RSA-PSK NUL-trunc auth bypass
• CVE-2026-42050: ImageMagick - XTileImage stack overflow
• CVE-2026-33846: gnutls - DTLS heap overwrite
• CVE-2026-7009: curl - OCSP stapling failure missed
• CVE-2026-42014: gnutls - PKCS#11 PIN UAF
• CVE-2026-6253: curl - cross-proxy cred leak on redirect
• CVE-2026-4873: curl - TLS reuses cleartext IMAP/SMTP/POP3 conn
• CVE-2026-43048: kernel - HID core OOB
• CVE-2026-43057: kernel - IPV6_CSUM GSO fallback DoS
• CVE-2026-43040: kernel - ipv6 ndisc info leak
• CVE-2026-43053: kernel - xfs attr dabtree race
• CVE-2026-43026: kernel - netfilter ctnetlink expect leak
• CVE-2026-31713: kernel - fuse signal abort
• CVE-2026-43024: kernel - nf_tables NF_QUEUE verdict
• CVE-2026-31727: kernel - usb gadget u_ether NULL deref
• CVE-2026-31739: kernel - crypto tegra missing ASYNC flag
• CVE-2026-43016: kernel - bpf sockmap UAF
• CVE-2026-43046: kernel - btrfs root item validation
• CVE-2026-43034: kernel - bnxt_en backing store type
• CVE-2026-43006: kernel - io_uring zero-len buffer
• CVE-2026-43047: kernel - HID multitouch report mismatch
• CVE-2026-43049: kernel - HID logitech UAF
• CVE-2026-5656: wireshark - profile import path traversal RCE
• CVE-2026-31742: kernel - vt stale unicode buffer
• CVE-2026-43037: kernel - ip6_tunnel skb cb clear
• CVE-2026-43038: kernel - ipv6 icmp skb cb clear, CVSS 8.2
• CVE-2026-43017: kernel - Bluetooth mesh adv length validation
• CVE-2026-43028: kernel - x_tables nul-terminate names
• CVE-2026-31752: kernel - bridge ND option length validation
• CVE-2026-43052: kernel - mac80211 tdls flag check
• CVE-2026-43012: kernel - mlx5 switchdev rollback
• CVE-2026-31728: kernel - usb gadget u_ether race
• CVE-2026-6429: curl - .netrc password leak on redirect
• CVE-2026-43041: kernel - net qrtr radix tree memleak
• CVE-2026-43029: kernel - mptcp recvmsg soft lockup
• CVE-2026-31767: kernel - drm i915 DSI DSC timing
• CVE-2026-43050: kernel - atm lec UAF
• CVE-2026-43023: kernel - Bluetooth SCO connect race
• CVE-2026-31708: kernel - smb client query_info OOB read
• CVE-2026-5545: curl - Negotiate-auth connection reuse
• CVE-2026-31729: kernel - usb typec ucsi connector validation
• CVE-2026-43042: kernel - mpls platform_label seqcount
• CVE-2026-5403: wireshark - SBC codec crash possible RCE
• CVE-2026-31731: kernel - thermal zone removal race
• CVE-2026-31700: kernel - packet vnet_hdr TOCTOU
• CVE-2026-5404: wireshark - K12 RF5 file crash
• CVE-2026-43010: kernel - bpf sleepable kprobe_multi reject
• CVE-2026-43013: kernel - mlx5 lag debugfs check
• CVE-2026-43043: kernel - crypto af-alg scatterwalk NULL deref
• CVE-2026-31732: kernel - gpio resource leak on error
• CVE-2026-43025: kernel - netfilter ctnetlink helper expect
• CVE-2026-31738: kernel - vxlan ND option length validation
• CVE-2026-31703: kernel - writeback inode UAF
• CVE-2026-31698: kernel - crypto ccp PDH copy on fail
• CVE-2026-43030: kernel - bpf regsafe packet pointer
• CVE-2026-5405: wireshark - RDP dissector crash possible RCE
• CVE-2026-43036: kernel - TCPv4 GSO frag_off check
• CVE-2026-31735: kernel - iommupt short gather
• CVE-2026-31697: kernel - crypto ccp ID copy on fail
• CVE-2026-43019: kernel - Bluetooth hci_conn UAF
• CVE-2026-31696: kernel - rxrpc ticket length missing check
• CVE-2026-43035: kernel - sched cls_api info leak
• CVE-2026-31701: kernel - ALSA caiaq USB ref
• CVE-2026-43033: kernel - crypto authencesn out-of-place
• CVE-2026-43007: kernel - accel/qaic DBC deactivation
• CVE-2026-43021: kernel - Bluetooth hci_sync leaks
• CVE-2026-31719: kernel - krb5enc async hash skip
• CVE-2026-31694: kernel - fuse oversized dirents
• CVE-2026-43055: kernel - scsi target file aio_cmd alloc
• CVE-2026-31699: kernel - crypto ccp CSR copy on fail
• CVE-2026-43009: kernel - bpf atomic fetch pruning
• CVE-2026-31709: kernel - smb cifsacl DACL validation
• CVE-2026-43044: kernel - crypto caam DMA on long hmac keys
• CVE-2026-43051: kernel - HID wacom OOB read
• CVE-2026-43020: kernel - Bluetooth LTK enc_size validation
• CVE-2026-43018: kernel - Bluetooth hci_event UAF
• CVE-2026-43022: kernel - Bluetooth hci_sync queue once
• CVE-2026-43027: kernel - netfilter helper expect cleanup
• CVE-2026-6535: wireshark - zlib decompression crash
• CVE-2026-42798: lcms2 - ParseCube integer overflow
• CVE-2026-6527: wireshark - ASN.1 PER dissector crash
• CVE-2026-6870: wireshark - GSM RP dissector crash
• CVE-2026-6538: wireshark - BEEP dissector crash
• CVE-2026-6532: wireshark - Kismet dissector crash
• CVE-2026-6521: wireshark - OpenFlow v5 infinite loop
• CVE-2026-5406: wireshark - FC-SWILS dissector crash
• CVE-2026-3832: gnutls - OCSP wrong-entry index check
• CVE-2026-5409: wireshark - Monero dissector crash
• CVE-2026-6520: wireshark - OpenFlow v6 infinite loop
• CVE-2026-7378: wireshark - sharkd crash
• CVE-2026-6868: wireshark - HTTP dissector crash
• CVE-2026-7246: python-click - click.edit() command injection
• CVE-2026-6528: wireshark - TLS dissector infinite loop
• CVE-2026-6536: wireshark - DLMS/COSEM infinite loop
• CVE-2026-6531: wireshark - SANE dissector infinite loop
• CVE-2026-31693: kernel - cifs missing init on replay
• CVE-2026-6524: wireshark - MySQL dissector crash
• CVE-2026-31692: kernel - rtnetlink missing ns_capable check
• CVE-2026-3833: gnutls - nameConstraints case-bypass
• CVE-2026-5407: wireshark - SMB2 dissector infinite loop
• CVE-2026-6522: wireshark - RPKI-Router infinite loop
• CVE-2026-7376: wireshark - sharkd crash
• CVE-2026-6519: wireshark - MBIM dissector infinite loop
• CVE-2026-5657: wireshark - iLBC codec crash
• CVE-2026-5402: wireshark - TLS heap overflow possible RCE
• CVE-2026-6869: wireshark - WebSocket dissector crash
• CVE-2026-6530: wireshark - DCP-ETSI dissector crash
• CVE-2026-31787: kernel - xen privcmd double free
• CVE-2026-6537: wireshark - ZigBee dissector crash
• CVE-2026-5299: wireshark - ICMPv6 PvD dissector crash
• CVE-2026-5654: wireshark - AMR-NB codec crash
• CVE-2026-5655: wireshark - SDP dissector crash
• CVE-2026-6867: wireshark - SMB2 dissector crash
• CVE-2026-6526: wireshark - RTSP dissector crash
• CVE-2026-7375: wireshark - UDS dissector infinite loop
• CVE-2026-6529: wireshark - iLBC audio codec crash
• CVE-2026-6534: wireshark - USB HID infinite loop
• CVE-2026-7379: wireshark - sharkd memory leak
• CVE-2026-5401: wireshark - AFP Spotlight dissector crash
• CVE-2026-5408: wireshark - BT-DHT dissector crash
• CVE-2026-5653: wireshark - DCP-ETSI dissector crash
• CVE-2026-31786: kernel - xen sys-hypervisor buffer overflow
• CVE-2026-33845: gnutls - DTLS reassembly heap overrun, CVSS 8.2
• CVE-2026-6533: wireshark - LZ77 decompression crash
• CVE-2026-6523: wireshark - GNW infinite loop
• CVE-2026-7111: perl-Text-CSV_XS - UAF / type confusion
• CVE-2026-37555: libsndfile - WAV int overflow heap overflow
• CVE-2026-42198: postgresql-jdbc - SCRAM PBKDF2 client DoS
• CVE-2026-5435: glibc - ns_printrr OOB write on TSIG
• CVE-2026-7324: firefox/thunderbird - memory safety RCE
• CVE-2026-7323: firefox/thunderbird - memory safety RCE, CVSS 8.8
• CVE-2026-40355: krb5 - NegoEx NULL deref DoS
• CVE-2026-7322: firefox/thunderbird - memory safety RCE, CVSS 8.8
• CVE-2026-7321: firefox - WebRTC sandbox escape
• CVE-2026-6238: glibc - ns_printrr DNS info leak / DoS
• CVE-2026-40356: krb5 - NegoEx integer underflow OOB read
• CVE-2026-7320: firefox/thunderbird - Audio/Video info disclosure

📺 AWS security bulletins

• Issue with FreeRTOS-Plus-TCP - MAC Address Validation Bypass and ICMP Echo Reply Integer Underflow
• CVE-2026-7424 - Integer Underflow in DHCPv6 Sub-Option Parser in FreeRTOS-Plus-TCP
• Issue with FreeRTOS-Plus-TCP - IPv6 Router Advertisement Memory Safety Issues
• CVE-2026-7191- Arbitrary Code Execution via Sandbox Bypass in QnABot on AWS
• CVE-2026-7461 - OS Command Injection in Amazon ECS Agent via FSx Windows File Server Volume Credentials

🚬 Security documentation changes

• IAM API Gateway/Lambda tutorial hardened, Python 3.11 runtime
• IAM example script hardened with security best practices
• IAM ECS example hardened, IMDSv2 enforced
• IAM ECS getting-started script hardened
• IAM example script hardened, log redaction and cleanup
• IAM example script hardened with umask and least privilege
• IAM Lambda example script hardened with input validation
• IAM Redshift example: cluster encryption, secure passwords
• IAM Secrets Manager example: masking, replicas, rotation
• IAM tagging docs corrected from user to role
• IAM tagging docs corrected from user to role
• IAM tagging docs corrected from user to role
• IAM example script hardened, strict errors and cleanup
• IAM ECS example: IMDSv2 hop limit 1, CIDR warnings
• IAM example script hardened with security logging
• CLI account-mgmt: OTP and email constraints relaxed
• CLI alternate-contact-type parameter position moved
• CLI account-mgmt response now returns AccountState
• CLI evaluators support --kms-key-arn for CMK encryption
• CLI memory record schema adds indexed-keys metadata
• CLI evaluators require kms:Decrypt for CMK encryption
• CLI ECR-public registry policy scope: V1 removed
• CLI ECR-public registry policy scope: V1 removed
• CLI IAM OIDC docs: guidance for multiple certificates
• CLI MPA: cross-account policies and session tracking
• CLI MPA gains session-level status tracking
• CloudHSM JDK support: OpenJDK 8 dropped, 25 added
• CloudHSM marks OpenJDK 8/11 end-of-support
• EC2 DocumentDB example: KMS encryption, audit logging
• EC2 getting-started example script hardened
• EC2 ECS example hardened, IMDSv2 enforced
• EC2 example script hardened with cred validation and CIDR checks
• EKS client cert max lifetime cut from 1 year to 45 days
• EMR 7.13.0 release notes posted
• GovCloud: RDS Db2 GA, GuardDuty policy scoped down
• Lambda example script hardened with validation
• Lambda CloudWatch dashboard script hardened
• Lambda setup script hardened with log sanitization
• Lightsail blueprints: FreeBSD 13 EOL, openSUSE 16 added
• Managed Services example configs removed
• MemoryDB adds CVE-2025-49844 to Valkey/Redis docs
• PCS adds scheduler audit log separation
• Pinpoint example script hardened with shred and umask
• Polly example script hardened with strict mode
• SMS sender ID registration rules updated for AU (Jul 2026)
• SNS IoT Device Defender setup script hardened
• SNS tutorial script hardened with validation
• Systems Manager example: IMDSv2, JSON validation, cleanup
• VPC TGW encryption: Client VPN attachment unsupported
• WAF SQL/Windows-OS managed rule groups updated