S3 shadow buckets leave AWS accounts open to compromise
Researchers from security firm Aqua Security identified six AWS services that were creating predictably named S3 buckets and that were vulnerable to the new hijacking technique. They presented their findings in a talk at the Black Hat USA security conference this week.
Aqua Security Unveils Traceeshark: Open Source Tool Combining Tracee’s Dynamic Analysis of Linux Malware with Wireshark
BOSTON—August 7, 2024—Aqua Security, the pioneer in cloud native security, today unveiled Traceeshark, an innovative plugin for Wireshark that enables security practitioners to quickly investigate security incidents. Traceeshark enhances the capabilities of Aqua Tracee, an open source runtime security and forensics tool for Linux, and empowers users to analyze kernel-level event and behavioral detection alongside …
Aqua Discovers Critical Vulnerabilities in 6 AWS Cloud Services
BOSTON—August 7, 2024—Aqua Security, the pioneer in cloud native security, today unveiled new research by its cyber research team, Nautilus, addressing critical vulnerabilities in six AWS services. The potential impacts include remote code execution (RCE), full-service user takeover which might provide powerful administrative access, manipulation of AI modules, exposing sensitive data, data exfiltration and denial …
Researchers unveil AWS vulnerabilities, ‘shadow resource’ vector
During a Black Hat USA 2024 session, Aqua Security researchers demonstrated how they discovered six cloud vulnerabilities in AWS services and a new attack vector.
Hackers Exploit Misconfigured Jupyter Notebooks with Repurposed Minecraft DDoS Tool
The activity, codenamed Panamorfi by cloud security firm Aqua, utilizes a Java-based tool called mineping to launch a TCP flood DDoS attack. Mineping is a DDoS package designed for Minecraft game servers.
Aqua Security Chosen by 10 of the top North American Banks for Cloud Native Application Protection
BOSTON—July 11, 2024 — Aqua Security, the pioneer in cloud native security, today announced that 10 of North America’s largest and most influential banks have chosen its cloud native application protection platform (CNAPP), the Aqua Platform, to prevent attacks in the software supply chain and stop attacks as they happen in real time in production. With Aqua, customers …
Critical Unpatched Flaws Disclosed in Popular Gogs Open-Source Git Service
The disclosure comes as cloud security firm Aqua discovered that sensitive information such as access tokens and passwords once hard-coded could remain permanently exposed even after removal from Git-based source code management (SCM) systems.
A guide to supply chain security tools
Aqua Security is featured in a list of tools to help secure software supply chains, along with a brief description of their offerings.
- When AI Writes, Scans and Fixes Code, Runtime Becomes the Last Line of Defense February 26, 2026
- Aqua Security: Built for This Moment February 12, 2026
- Cloud Threat Detection in 2026: The Growing Role of SecOps January 8, 2026
- Critical CVE in React Server Components Actively Exploited December 9, 2025
- Selective Memory Dump Technique for Deeper Container Forensic Analysis November 17, 2025
- Aqua at KubeCon 2025: Securing Cloud Native and AI Apps November 4, 2025
