Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign

An ongoing campaign has been observed targeting Amazon Web Services AWS customers using compromised Identity and Access Management IAM credentials to enable cryptocurrency mining. The activity, first detected by Amazon's GuardDuty managed threat detection service and its automated security...

Shipt: Sensitive Clickjacking on admin login page.

A researcher identified that the 3rd party hosted login page for an externally-facing company tool is externally frameable and therefore potentially a vector for clickjacking...