Amazon: Ongoing cryptomining campaign uses hacked AWS accounts

Amazon's AWS GuardDuty security team is warning of an ongoing crypto-mining campaign that targets its Elastic Compute Cloud ...
Bleeping Computer

Hackers target SSRF bugs in EC2-hosted sites to steal AWS credentials

A targeted campaign exploited Server-Side Request Forgery (SSRF) vulnerabilities in websites hosted on AWS EC2 instances to extract EC2 Metadata, which could include Identity and Access Management ...