Todayβs drop peels back layers β from AWS misconfigurations to PyPI poisoning, from phishing kits wrapped in AES to the OSINT tools that mirror what attackers already know. And deep in the digital abyss? Aquatic Panda still moves silently.
π AWS Default IAM Roles Found to Allow Cross-Tenant Abuse
Researchers discovered that certain AWS-managed IAM roles β designed for convenience β can be exploited for unauthorized access between tenants. A reminder that default β safe, especially in cloud privilege models.
π https://thehackernews.com/2025/05/aws-default-iam-roles-found-to-enable.html
π Malicious PyPI Packages Exploit Typo-Squatting and Script Abuse
New malicious packages on PyPI use obfuscated scripts and install-time attacks to gain initial access. These arenβt exotic β theyβre opportunistic, preying on speed over scrutiny in dev pipelines.
π https://thehackernews.com/2025/05/malicious-pypi-packages-exploit.html
π£ Novel Phishing Campaign Combines AES Encryption with Fake NPM Packages
A new phishing kit uses AES-encrypted payloads hosted within typo-squatted NPM packages. The encryption conceals delivery mechanisms from scanners β obscurity layered on trust.
π https://www.darkreading.com/threat-intelligence/novel-phishing-attack-combines-aes-npm-packages
π¦ Hazy Hawk: The APT Targeting Global Orgs with Obfuscation and Patience
Hazy Hawk, a lesser-known threat actor, is exploiting orgs across sectors using layered evasion and living-off-the-land techniques. Their strength? They donβt rush. They wait.
π https://cybersecuritynews.com/hazy-hawk-exploits-organizations/
π§ CloudSEK Raises $19M to Expand Predictive Threat Intelligence Capabilities
CloudSEK is building models to anticipate cyber threats based on emerging patterns and dark web chatter. The goal? Move detection from reaction to prediction.
π https://www.msspalert.com/brief/cloudsek-secures-19m-to-advance-predictive-cyber-threat-intelligence
π Threat Profile: Aquatic Panda β APT in Stealth and Recon Mode
SOCRadar dives into Aquatic Panda, a China-linked APT blending traditional espionage with fileless techniques, reconnaissance tooling, and high-level evasion. If most attackers break the door down β they pick the lock.
π https://socradar.io/dark-web-profile-aquatic-panda/
π°οΈ Porch Pirate: Postman-Based Recon and OSINT Framework
This open-source tool turns Postman into a full-blown recon suite, pulling OSINT, API analysis, and passive intel into one place. Itβs like giving developers the eyes of an attacker.
π https://meterpreter.org/porch-pirate-the-most-comprehensive-postman-recon-osint-client-and-framework/
π Reflection
Day 140 cuts through illusions:
Defaults can be exploits. Packages can be payloads. Silence can be strategy.
Whether itβs AWS IAM, PyPI, or the calm presence of Aquatic Panda β today proves that the greatest threats are often wrapped in the most familiar shapes.
As I sharpen my cloud security skills alongside CISSP prep, Iβm asking:
What are my assumed safe zones β and how deep has trust been left unchecked?
Because in this game, itβs not just the breach that matters β
β¦itβs the moment you realize you were never looking. π§ ππ§
