AWS is a organization tracked across 50 threat clusters and 331 intelligence report mentions on ThreatCluster. First observed October 24, 2025; most recent activity July 17, 2026.
Gamaredon, a Russian state-backed APT group, is actively exploiting a WinRAR vulnerability (CVE-2025-8088) to deploy malware against Ukrainian government and military targets. The attack begins with a spearphishing…
On July 1, 2026, security firm SlowMist identified a fake trading bot on GitHub designed to spread malware targeting Polymarket users and DeFi developers. The bot, named 'polymarket-arbitrage-bot', was promoted as a…
A China-linked threat actor known as Red Menshen has been conducting a long-term espionage campaign targeting global telecommunications networks using a stealthy Linux kernel backdoor called BPFdoor. This malware…
APT41, a China-backed threat group, has been identified using a new zero-detection ELF backdoor targeting Linux cloud workloads across major platforms including AWS, Google Cloud Platform, Microsoft Azure, and Alibaba…
On July 3, 2026, Google, in coordination with the FBI and other partners, disrupted the NetNut residential proxy network, also known as the Popa botnet. This operation targeted over 2 million compromised consumer…
On April 6, 2026, drone strikes targeted AWS infrastructure in the UAE, prompting Managed Service Providers (MSPs) to activate disaster recovery plans. The strikes have led to significant disruptions in cloud services,…
AWS has highlighted the risks associated with unmonitored outbound traffic in cloud environments, particularly in light of the CVE-2025-55182 vulnerability affecting React Server Components. This vulnerability allows…
The TeamPCP threat group has expanded its supply chain attack campaign, compromising the Microsoft DurableTask Python client with versions v1.4.1, v1.4.2, and v1.4.3 found to contain a credential-stealing worm. This…
A high-severity vulnerability (CVE-2026-12957) in Amazon Q Developer for Visual Studio Code allowed attackers to execute arbitrary code and steal AWS credentials by automatically loading malicious MCP server…
Hackers have compromised Docker images and VSCode extensions for the Checkmarx KICS analysis tool, which is used to identify security vulnerabilities in source code. The attack involved a trojanized KICS Docker image…