Today’s drop peels back layers — from AWS misconfigurations to PyPI poisoning, from phishing kits wrapped in AES to the OSINT tools that mirror what attackers already know. And deep in the digital abyss? Aquatic Panda still moves silently.
🔐 AWS Default IAM Roles Found to Allow Cross-Tenant Abuse
Researchers discovered that certain AWS-managed IAM roles — designed for convenience — can be exploited for unauthorized access between tenants. A reminder that default ≠ safe, especially in cloud privilege models.
🔗 https://thehackernews.com/2025/05/aws-default-iam-roles-found-to-enable.html
🐍 Malicious PyPI Packages Exploit Typo-Squatting and Script Abuse
New malicious packages on PyPI use obfuscated scripts and install-time attacks to gain initial access. These aren’t exotic — they’re opportunistic, preying on speed over scrutiny in dev pipelines.
🔗 https://thehackernews.com/2025/05/malicious-pypi-packages-exploit.html
🎣 Novel Phishing Campaign Combines AES Encryption with Fake NPM Packages
A new phishing kit uses AES-encrypted payloads hosted within typo-squatted NPM packages. The encryption conceals delivery mechanisms from scanners — obscurity layered on trust.
🔗 https://www.darkreading.com/threat-intelligence/novel-phishing-attack-combines-aes-npm-packages
🦅 Hazy Hawk: The APT Targeting Global Orgs with Obfuscation and Patience
Hazy Hawk, a lesser-known threat actor, is exploiting orgs across sectors using layered evasion and living-off-the-land techniques. Their strength? They don’t rush. They wait.
🔗 https://cybersecuritynews.com/hazy-hawk-exploits-organizations/
🧠 CloudSEK Raises $19M to Expand Predictive Threat Intelligence Capabilities
CloudSEK is building models to anticipate cyber threats based on emerging patterns and dark web chatter. The goal? Move detection from reaction to prediction.
🔗 https://www.msspalert.com/brief/cloudsek-secures-19m-to-advance-predictive-cyber-threat-intelligence
🌊 Threat Profile: Aquatic Panda — APT in Stealth and Recon Mode
SOCRadar dives into Aquatic Panda, a China-linked APT blending traditional espionage with fileless techniques, reconnaissance tooling, and high-level evasion. If most attackers break the door down — they pick the lock.
🔗 https://socradar.io/dark-web-profile-aquatic-panda/
🛰️ Porch Pirate: Postman-Based Recon and OSINT Framework
This open-source tool turns Postman into a full-blown recon suite, pulling OSINT, API analysis, and passive intel into one place. It’s like giving developers the eyes of an attacker.
🔗 https://meterpreter.org/porch-pirate-the-most-comprehensive-postman-recon-osint-client-and-framework/
💭 Reflection
Day 140 cuts through illusions:
Defaults can be exploits. Packages can be payloads. Silence can be strategy.
Whether it’s AWS IAM, PyPI, or the calm presence of Aquatic Panda — today proves that the greatest threats are often wrapped in the most familiar shapes.
As I sharpen my cloud security skills alongside CISSP prep, I’m asking:
What are my assumed safe zones — and how deep has trust been left unchecked?
Because in this game, it’s not just the breach that matters —
…it’s the moment you realize you were never looking. 🧠🔐🧭