Aws

vulnerabilities 2026-04-26
LMDeploy CVE-2026-33626: SSRF in LLM Inference Server Exploited 12 Hours After Disclosure, Honeypot Sees AWS IMDS Theft
A 7.5-severity SSRF in Shanghai AI Lab's LMDeploy LLM serving toolkit was hit in the wild within 12h31m of the GitHub advisory. Sysdig's honeypot caught an attacker using the vision-language image loader to scrape AWS instance metadata, then pivot to internal Redis and MySQL.
lmdeploy cve-2026-33626 ssrf ai-infrastructure aws imds llm cloud-security
vulnerability 2026-04-07
Three High-Severity Command Injection Flaws in AWS Research and Engineering Studio Give Authenticated Users Root RCE
AWS patches three CVSS 8.8 command injection and privilege escalation bugs in Research and Engineering Studio (RES) — any authenticated user could get root on virtual desktop hosts or the cluster manager.
aws cloud command-injection rce privilege-escalation cve-2026-5707 cve-2026-5708 cve-2026-5709
incident 2026-04-04
European Commission Confirms Cloud Breach — Trivy Supply Chain Attack Cascades Into 30+ EU Entities
The European Commission confirms a data breach affecting 30+ EU entities after the compromised Trivy scanner leaked AWS API keys to TeamPCP. ShinyHunters published 92 GB of stolen data.
supply-chain trivy aws european-commission shinyhunters teampcp cloud data-breach

LMDeploy CVE-2026-33626: SSRF in LLM Inference Server Exploited 12 Hours After Disclosure, Honeypot Sees AWS IMDS Theft