Key Commitment Issues in S3 Encryption Clients

More info at https://aws.amazon.com/security/security-bulletins/AWS-2025-032/...

BIT-CILIUM-2025-64715 Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network...

Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic

Impact CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network interface may unintentionally allow broader outbound access than intended by the policy authors. In such cases, the toCIDRset sectio...

CVE-2025-64715 Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network...

CVE-2025-64715 Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network...

How to spot the latest fake Gmail security alerts

Security alerts from tech companies are supposed to warn us when something might be amiss—but what if the alerts themselves are the risk? Scammers have long impersonated tech companies' security and support staff as a way to sniff out users' login credentials, and reports suggest that they're doi...

GHSA-857Q-XMPH-P2V5 s2n-tls's mTLS API ordering may skip client authentication

Impact An API ordering issue in s2n-tls can cause client authentication to unexpectedly not be enabled on the server when it otherwise appears to be. Server applications are impacted if client authentication is enabled by calling s2nconnectionsetconfig before calling s2nconnectionsetclientauthtyp...

s2n-tls has a potentially observable differences in RSA premaster secret handling

When receiving a message from a client that sent an invalid RSA premaster secret, an issue in s2n-tls results in the server performing additional processing when the premaster secret contains an incorrect client hello version. While no practical attack on s2n-tls has been demonstrated, this cause...

jupyter-scheduler's endpoint is missing authentication

Impact jupyterscheduler is missing an authentication check in Jupyter Server on an API endpoint GET /scheduler/runtimeenvironments which lists the names of the Conda environments on the server. In affected versions, jupyterscheduler allows an unauthenticated user to obtain the list of Conda...

GHSA-V9G2-G7J4-4JXC jupyter-scheduler's endpoint is missing authentication

Impact jupyterscheduler is missing an authentication check in Jupyter Server on an API endpoint GET /scheduler/runtimeenvironments which lists the names of the Conda environments on the server. In affected versions, jupyterscheduler allows an unauthenticated user to obtain the list of Conda...

GHSA-7PC3-PR3Q-58VG sagemaker-python-sdk Command Injection vulnerability

Impact The capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module before version 2.214.3 allows for potentially unsafe Operating System OS Command Injection if inappropriate command is passed as the “requirementspath” parameter. This consequently may allow an...

OpenSearch StackOverflow vulnerability

Impact A flaw was discovered in OpenSearch, affecting the search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service. The issue was identified by Elastic Engineering and corresponds to security advisory ESA-2023-14 CVE-2023-31419...

GHSA-72Q2-GWWF-6HRV OpenSearch Issue with tenant read-only permissions

Impact There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit and delete operations on index metadata of dashboards and visualizations in that tenant, potentially rendering them...

OpenSearch Issue with tenant read-only permissions

Impact There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit and delete operations on index metadata of dashboards and visualizations in that tenant, potentially rendering them...

GHSA-8WX3-324G-W4QQ OpenSearch uncontrolled resource consumption

Impact An issue has been identified with how OpenSearch handled incoming requests on the HTTP layer. An unauthenticated user could force an OpenSearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering an...

OpenSearch uncontrolled resource consumption

Impact An issue has been identified with how OpenSearch handled incoming requests on the HTTP layer. An unauthenticated user could force an OpenSearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering an...

Amazon Security Lake Partners with Trend

Trend Micro is proud to be a launch partner for Amazon Security Lake, which puts the customer in control, making critical data available to them from third-party security and analytics solutions of their choice...

Trend is a Launch Partner for Amazon Security Lake

Trend Micro is proud to be a launch partner for Amazon Security Lake, which puts the customer in control, making critical data available to them from third-party security and analytics solutions of their choice...

GHSA-G8XC-6MF7-H28H OpenSearch issue with fine-grained access control during extremely rare race conditions

Impact There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the queries during extremely rare race conditions potentially leading to incorrect access authorization. Fo...

OpenSearch has issue with fine-grained access control of indices backing data streams

Impact There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the indices that back data streams potentially leading to incorrect access authorization. This issue can on...