Issue #268
Monday · July 06, 2026
๐ฅ Palate Cleanser
Putting together a market survey used to be the domain of big marketing departments, but now someone like Chandrapal Badshah can create a decent cloud security hiring report solo. He grabbed 407 cloud security job postings from June 2026 and extracted some fun facts for us to ponder. If you want a cloud security job, AWS used to be a necessity, but now Azure is catching up fast and has halved AWS's lead in a month. If you're just starting out, you're out of luck, as entry jobs accounted for just 3%.
I'm just as hyped as anyone about AI, but every week I'm more convinced there's a 'f-around and find out' moment coming. Microsoft showed this week that a poisoned MCP tool description, just the text a model reads to decide how to use a tool, is enough to make an agent hand company data to an outsider while following every rule perfectly. No exploit, no broken policy, no alarm. Which sets up this issue nicely. As apps and agents start acting with your identity in AWS, knowing who's doing what, catching it, and reconstructing it afterward stops being optional.
This issue is also available to share online. Got feedback? Tell us here.
๐ Chef's selections
Apps can now impersonate human access to AWS via IAM Identity Center
by Aidan Steele
AWS shipped the ability for server-side apps to assume roles on behalf of their own users through IAM Identity Center, and Aidan reverse-engineered it the same day. His field notes cover what the CloudTrail events actually look like, whether it's ready to turn on today, and the sharp edges the docs skip. If you've ever handed an internal tool a superset of everyone's permissions and then bolted your own authz on top, this is the feature you've been waiting for - along with the caveats to understand before you flip it on.
AWS Forensics: what you need to know
by Nathanael Ndong
Nathanael has written the AWS incident-response primer you wish every forensic analyst had before their first cloud breach. It walks through the account and identity model, then zeroes in on where the evidence actually lives - and where it doesn't, from CloudTrail's 90-day default retention to data events that stay off until you enable them. A grounded field guide to reconstructing what an attacker did, from recon and IAM backdoors to Lambda persistence.
Why I Keep Recommending Amazon GuardDuty
by Sena Yakut
I feature Sena's content pretty regularly because she writes from experience and doesn't overcomplicate things. In this post she makes the case for GuardDuty as the first detection service she reaches for on almost any AWS environment, tracing how it grew from crunching CloudTrail, VPC Flow Logs and DNS logs into today's much broader sensor. It's a practical, experience-driven tour of what the service catches for near-zero setup effort, and the gaps you still have to close yourself. I'm not a fan of the GuardDuty UX but the service works, has improved dramatically recently, and is infinitely better than no breach detection which is what most companies have.
๐ธ Sponsor shoutout
Meet Pleri: your AI security engineer. She’s not a chatbot. Pleri proactively finds meaningful security work and fixes issues before they become problems. Learn more about Pleri and see her in action.
๐ฅ AWS security blogs
- 📢 Amazon CloudWatch supports creating alarms from log queries
- 📢 AWS Artifact now includes Assurance Assistant for compliance inquiries
- 📢 Amazon GuardDuty adds sensitive file modification threat detections
- 📢 AWS Security Agent now available in Asia Pacific (Mumbai), Asia Pacific (Singapore), and South America (Sรฃo Paulo)
- 📢 Amazon CloudWatch Logs enriches log events with AWS resource tags
- 📢 AWS CloudFormation and CDK accelerate development feedback loops with pre-deployment validation on all stack operations
- 📢 AWS CloudFormation and CDK express mode speeds up infrastructure deployments by up to 4x
- 📢 Amazon ElastiCache T4g nodes now available in additional AWS Regions
- 📢 AWS Network Firewall now supports container attribute-based inspection for Amazon EKS and Amazon ECS
- 📢 AWS Security Hub CSPM launches AI Security Best Practices standard with 31 automated controls
- 📢 IAM Identity Center now enables programmatic AWS account access for customer managed applications
- 📢 AWS Service Availability Updates
- 📢 AWS WAF adds support for Amazon Bedrock AgentCore Gateway
- Using Amazon S3 Server Access Logs with Amazon CloudWatch Logs by Isaiah Salinas
- Automate public TLS certificate issuance with ACME support in AWS Certificate Manager by Sรฉbastien Stormacq
- Implementing Responsible AI in Contact Centers with Connect AI Agents Guardrails by Shabi Abbas Sayed
- Safely Releasing Frontier Models to Customers by Amy Herzog
- Secure Amazon container workloads using container attribute-based rules in AWS Network Firewall by Amit Gaur
- How to use the AWS Workload Credentials Provider for cross-account secret retrieval and prefetching secrets by Derik Wang
- What the June 2026 Threat Technique Catalog update means for your AWS environment by Shannon Brazil
๐ Reddit threads on r/aws
๐ค Dessert
Every machine-tracked change this week. Nobody else assembles this.
๐ง IAM permission changes
๐ช API changes
- Amazon Cognito Identity Provider
- AWS Config
- Amazon Connect Customer Profiles
- AWS MediaTailor
- AWS Artifact
- Amazon Connect Service
- Amazon Elastic Compute Cloud
- Amazon GameLift Streams
- AWS Elemental MediaConvert
- Amazon OpenSearch Service
- Amazon QuickSight
- AWS Certificate Manager
- Auto Scaling
- AWS Clean Rooms Service
- AWS CloudFormation
- Amazon CloudWatch
- AWS CodeBuild
- Amazon Connect Service
- Amazon DataZone
- Amazon Elastic Compute Cloud
- Amazon Elastic Kubernetes Service
- AWS Network Firewall
- CloudWatch Observability Admin Service
- Partner Central Selling API
- AWS Single Sign
- SupportAuthZ
- Amazon AppConfig
- Amazon CloudWatch
- AmazonConnectCampaignServiceV2
- Amazon Elastic Compute Cloud
- Amazon EC2 Container Service
- Amazon Elastic VMware Service
- AWS Glue
- EC2 Image Builder
- AWS Lambda
- AWS Parallel Computing Service
- Amazon Pinpoint SMS Voice V2
- AWS Resource Explorer
- Amazon SageMaker Feature Store Runtime
- Amazon VPC Lattice
- AWS WAFV2
๐น IAM managed policy changes
- DeclarativePoliciesEC2Report
- AIDevOpsAgentAccessPolicy
- AWSElasticBeanstalkEKSTagging
- AWSElasticBeanstalkEKSObservability
- AWSElasticBeanstalkEKSImageBuild
- AmazonECSInstanceRolePolicyForManagedInstances
- AWSResourceExplorerServiceRolePolicy
- AWSApplicationMigrationReadOnlyAccess
- AWSWAFReadOnlyAccess
- AWSWAFConsoleReadOnlyAccess
- AWSWAFConsoleFullAccess
- AWSWAFFullAccess
- AWSTransformSecurityAgentExecutorAccess
- AWSPartnerCentralRevenueAttributionManagement
- AWSArtifactComplianceInquiriesReadOnlyAccess
- AWSArtifactComplianceInquiriesFullAccess
- AWSObservabilityAdminTelemetryEnablementServiceRolePolicy
- AWSMarketplaceSellerFullAccess
- AmazonSageMakerModelCustomizationCoreAccess
- AWSRevenueAttributionManagement
- AWSCertificateManagerReadOnly
- AWSServiceRolePolicyForWorkspacesInstances
- SageMakerStudioProjectUserRolePolicy
- AccountAccessManagerServiceRolePolicy
- SageMakerStudioUserIAMPermissiveExecutionPolicy
- SageMakerStudioUserIAMDefaultExecutionPolicy
- SageMakerStudioProjectUserRolePolicy
- SageMakerStudioAdminIAMPermissiveExecutionPolicy
- SageMakerStudioAdminIAMDefaultExecutionPolicy
- AWSApplicationMigrationNetworkMigrationMultiAccount
โ CloudFormation resource changes
๐ฎ Amazon Linux vulnerabilities
- CVE-2026-13117: OpenVPN use-after-free in dynamic tls-crypt
- CVE-2026-13122: OpenVPN server crash via malformed auth-token
- CVE-2026-11771: OpenVPN 1-byte stack overrun via NTLM proxy
- CVE-2026-13698: OpenVPN server crash via crafted packet
- CVE-2026-12932: OpenVPN tls-crypt-v2 memory-leak DoS
- CVE-2026-12996: OpenVPN use-after-free via pending ACK
- CVE-2026-47251: libheif integer overflow in vvdec
- CVE-2026-45383: libde265 heap OOB read decoding WPP slice
- CVE-2026-47254: libheif HEIF-decode memory-safety flaw
- CVE-2026-54430: liboauth2 SSRF in AWS ALB JWT verifier
- CVE-2026-50142: dav1d/libheif/openjpeg decoder DoS
- CVE-2026-48029: libheif heap OOB read in grid decode
- CVE-2026-54431: liboauth2 DPoP accepts private-key proof
- CVE-2026-47709: libheif crash on malformed HEIF tiling
- CVE-2026-54241: libde265 SAO heap buffer overflow
- CVE-2026-47714: libheif integer overflow, undersized buffer
- CVE-2026-45382: libde265 heap OOB read in tile decode
- CVE-2026-47247: libheif heap info disclosure via grid gap
- CVE-2026-58381: GIMP PSP parser double-free, possible RCE
- CVE-2026-54240: libde265 integer overflow, heap OOB read/write
- CVE-2026-20213: ClamAV PE parser DoS (OOB write)
- CVE-2026-24260: NVIDIA Container Toolkit TOCTOU, code exec
- CVE-2026-14427: Firefox/Thunderbird Skia heap overflow
- CVE-2026-6425: QEMU local high-impact flaw (patched v11.0.2)
- CVE-2026-46680: containerd runAsNonRoot bypass to root
- CVE-2026-20244: ClamAV DMG parser DoS (32-bit overflow)
- CVE-2026-48915: QEMU local integrity/DoS flaw (patched v11.0.2)
- CVE-2026-14330: PulseAudio server unbounded alloca DoS
- CVE-2026-55628: ImageMagick -concatenate policy bypass
- CVE-2026-54399: Apache HttpComponents HTTP/1.1 parser DoS
- CVE-2026-55594: ImageMagick MVG stack-overflow DoS
- CVE-2025-15666: Qt3D/Assimp heap overflow via model file
- CVE-2026-53466: ImageMagick XCF integer overflow, OOB read
- CVE-2026-56016: Perl CGI::Session predictable session IDs
- CVE-2026-53467: ImageMagick MNG heap info disclosure
- CVE-2026-20217: ClamAV PESpin parser DoS (OOB write)
- CVE-2026-57964: spice-vdagent UDSCS auth bypass (macOS/BSD)
- CVE-2026-54428: Apache HttpComponents HTTP/2 HPACK DoS
- CVE-2026-14387: Firefox/Thunderbird Skia sandbox escape
- CVE-2026-55577: ImageMagick MVG heap overflow (OOB write)
- CVE-2026-55510: ImageMagick 8BIM use-after-free
- CVE-2026-20215: ClamAV 7z parser DoS (OOB write)
- CVE-2026-14324: PulseAudio RAOP module DoS
- CVE-2026-14419: Firefox/Thunderbird Skia UAF, sandbox escape
- CVE-2026-14389: Firefox/Thunderbird Skia sandbox escape
- CVE-2026-14410: Firefox/Thunderbird Skia UI spoofing
- CVE-2026-20216: ClamAV InstallShield parser DoS
- CVE-2026-20214: ClamAV FSG parser DoS (OOB write)
- CVE-2026-14429: Firefox/Thunderbird Skia sandbox escape
- CVE-2026-48002: QEMU VNC OOB write via display resolution
- CVE-2026-48003: QEMU VNC stats OOB read
- CVE-2026-57963: Thunderbird HTML chat content injection
- CVE-2026-14414: Firefox/Thunderbird Skia info disclosure
- CVE-2026-8343: QEMU minor info leak (patched v11.0.2)
- CVE-2026-48004: QEMU local DoS (patched v11.0.2)
- CVE-2026-55597: ImageMagick JP2 encoder heap overflow
- CVE-2026-44605: RPM NDB heap overflow via crafted db
- CVE-2026-13606: GraphicsMagick PCD decoder OOB write
- CVE-2026-55595: ImageMagick connected-components infinite loop
- CVE-2026-57962: Thunderbird LDAP autocomplete memory-exhaustion DoS
- CVE-2026-20243: ClamAV ALZ parser DoS (OOB write)
- CVE-2026-58011: GLib OOB read in g_date_time_get_ymd
- CVE-2026-4360: Python tarfile extract filter bypass (hardlinks)
- CVE-2026-49877: Apache ActiveMQ improper authorization
- CVE-2026-56364: ImageMagick OpenCL benchmark memory leak
- CVE-2026-50734: Apache ActiveMQ client memory-alloc DoS
- CVE-2026-12610: SSSD PAM use-after-free with YubiKey
- CVE-2026-56363: ImageMagick divide-by-zero (binomial kernel)
- CVE-2026-57585: Python msgpack OOB read/crash
- CVE-2026-58012: GLib buffer over-read in g_regex_replace
- CVE-2026-14164: libarchive RAR5 double-free
- CVE-2026-58010: GLib off-by-one in GVariant serialiser
- CVE-2026-54696: Ruby JSON heap buffer overflow
- CVE-2026-56369: ImageMagick info disclosure (Passkey encipher)
- CVE-2026-56361: ImageMagick off-by-one OOB read (morphology)
- CVE-2026-54475: Apache ActiveMQ missing authorization
- CVE-2026-56365: ImageMagick MNG encoder memory leak
- CVE-2026-14241: Firefox memory-safety bugs (corruption)
- CVE-2026-58016: GLib D-Bus introspection state confusion
- CVE-2026-58374: hostapd Wi-Fi 7 MLO missing bounds check
- CVE-2026-58014: GLib off-by-one in key_file locale list
- CVE-2026-58015: GLib D-Bus DBUS_COOKIE_SHA1 auth flaw
- CVE-2026-14209: Keycloak Admin UI authorization bypass
- CVE-2026-13149: Node.js brace-expansion ReDoS
- CVE-2026-45822: decode-uri-component ReDoS DoS
- CVE-2026-58013: GLib buffer over-read in g_io_channel
- CVE-2026-56377: ImageMagick policy bypass, file create/truncate
๐บ AWS security bulletins
- CVE-2026-13762 and CVE-2026-13763 - Issue with HTTP/2 multi-frame request body inspection in AWS WAF
- CVE-2026-13769 โ Insecure file permissions in AWS CLI
- CVE-2026-13760 - OS Command Injection in NodejsFunction Docker Bundling in aws-cdk-lib
- CVE-2026-14265- Deserialization of Untrusted Data in AWS Advanced JDBC Wrapper RemoteQueryCachePlugin
๐ฌ Security documentation changes
- Deadline Cloud multi-region monitor docs clarified (excludes CMK regions)
- Glue column-level metadata attachments docs added
- HealthLake FHIR bulk member match consent rules updated
- Mainframe Modernization 5.194.0: CVEs added, sunset date updated
- Marketplace reseller (selling) authorization process updated
- OpenSearch Service SAML sign-in endpoint config note added
- OpenSearch Service Java client credentials-provider docs
- SageMaker HyperPod on EKS: June 19 AMI release notes
- Security IR CLI examples fixed (valid notification types)
- Sign-in: CloudTrail logging for policy-evaluation events documented
- IAM Identity Center: SAML NameID must match username
- IAM Identity Center: SAML NameID must match SCIM username
- VPC account/org-level encryption controls added
- AppStream: cert-based auth now required for agent sessions
- AppStream: agent-per-session concurrency limit noted
- Athena: s3:PutObject now required for spill buckets
- Bedrock: deny both CallWithBearerToken actions to block API keys
- Bedrock: both CallWithBearerToken actions must be denied to revoke keys
- AWS CLI: ACM delete-acme-external-account-binding command added
- Clean Rooms: result-receiver / additional-analyses controls added
- Clean Rooms: result-receiver / additional-analyses controls added
- Image Builder logging: execution role + naming constraints
- Image Builder: source image + distribution/IAM role clarifications
- Image Builder CloudWatch Logs: naming + permission requirements
- Image Builder CloudWatch Logs docs (pipeline execution logs)
- Image Builder: imageBuildVersionArn validation clarified
- Image Builder CloudWatch Logs: group naming/permissions
- Cognito: token audience verification now mandatory
- Connect: redacted screen-recording viewing + permissions
- EKS: removed --ack-service-controllers optionality guidance
- ELB: verify ENI conntrack timeout for idle timeout >350s
- GuardDuty: API action resource-path mappings + example policy
- Lambda: restrict AWS IoT invocation permissions (example)
- OpenSearch: manual-snapshot IAM ignores SourceArn/SourceAccount
- SageMaker Feature Store DataPlane ops + IAM (KMS:Decrypt)
- Security Hub: new control BedrockAgentCore.7 (private network)
- VPC: route-propagation note for AZ-aware appliance mode