Hacker News
- Investigating a backdoored PyPI package targeting FastAPI applications https://securitylabs.datadoghq.com/articles/malicious-pypi-package-fastapi-toolkit/ 32 comments
- Amplified exposure: How AWS flaws made Amplify IAM roles vulnerable to takeover | Datadog Security Labs https://securitylabs.datadoghq.com/articles/amplified-exposure-how-aws-flaws-made-amplify-iam-roles-vulnerable-to-takeover/ 2 comments aws
- A point worth repeating: "hiding" does not mean "securing". Never assume that just because your API is undocumented, or your admin portal URL is not published, or your jumpserver location is not known to anyone outside your team, no one can access it. https://securitylabs.datadoghq.com/articles/iamadmin-cloudtrail-bypass/ 3 comments aws
- AWS CloudTrail vulnerability: Undocumented API allows CloudTrail bypass | Datadog Security Labs https://securitylabs.datadoghq.com/articles/iamadmin-cloudtrail-bypass/ 7 comments aws
- AWS CloudTrail vulnerability: Undocumented API allows CloudTrail bypass | Datadog Security Labs https://securitylabs.datadoghq.com/articles/iamadmin-cloudtrail-bypass/ 4 comments netsec
- Investigating a backdoored PyPi package targeting FastAPI applications https://securitylabs.datadoghq.com/articles/malicious-pypi-package-fastapi-toolkit/ 2 comments netsec
- A Confused Deputy Vulnerability in AWS AppSync | Datadog Security Labs https://securitylabs.datadoghq.com/articles/appsync-vulnerability-disclosure/ 2 comments aws
- A Confused Deputy Vulnerability in AWS AppSync | Datadog Security Labs https://securitylabs.datadoghq.com/articles/appsync-vulnerability-disclosure/ 5 comments netsec