TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

Today’s signal The Hacker News recently reported TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO. Published context: May 25, 2026. A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The campaign, codenamed TrapDoor, spans more than 34 malicious packages across over 384 versions. The earliest activity was recorded on May 22, 2026, at 8:20 p.m. UTC, with new packages published to the ecos ...

May 25, 2026 · 2 min · David Gomez

Introducing pre-fetching and IAM role assumption for AWS Secrets Manager Agent

Today’s signal AWS What’s New recently reported Introducing pre-fetching and IAM role assumption for AWS Secrets Manager Agent. Published context: May 18, 2026. AWS Secrets Manager Agent now supports two new capabilities: pre-fetching secrets at startup and assuming an IAM role to retrieve secrets. With pre-fetching, you can specify a list of secrets or a tag value to retrieve and cache at agent startup, reducing application startup latency and optimizing cost through the BatchGetSecretValue API. With IAM role assum ...

May 24, 2026 · 2 min · David Gomez

Announcing the general availability of a new AWS Local Zone in Istanbul, Türkiye

Today’s signal AWS What’s New recently reported Announcing the general availability of a new AWS Local Zone in Istanbul, Türkiye. Published context: May 20, 2026. Today, AWS announces the general availability of a new AWS Local Zone in Istanbul, Türkiye, bringing AWS infrastructure closer to end users, while enabling organizations to meet data residency requirements by storing and backing up data locally. AWS Local Zones are AWS infrastructure deployments that extend core services, such as compute, storage, networking ...

May 24, 2026 · 2 min · David Gomez

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

Today’s signal The Hacker News recently reported npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks. Published context: May 23, 2026. GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation. Called staged publishing, the feature is now generally available on npm. It mandates that a human maintainer pass a two-factor authe ...

May 24, 2026 · 2 min · David Gomez

AWS Security Agent adds verification scripts for pentest findings

Today’s signal AWS What’s New recently reported AWS Security Agent adds verification scripts for pentest findings. Published context: May 22, 2026. AWS Security Agent now generates verification scripts for penetration test findings, enabling security teams to independently reproduce and validate discovered vulnerabilities. Previously, teams manually followed reproduction steps from finding details. Now, AWS Security Agent automatically generates ready-to-run scripts for each confirmed finding. Teams dow The reason this matters is simple: buyers are paying attention to speed, operational resilience, and credible technical execution. A trending story can create awareness, but the business question is what a team should do with that attention. ...

May 23, 2026 · 2 min · David Gomez

New agentic migration assessment capabilities now available with AWS Transform

Today’s signal AWS What’s New recently reported New agentic migration assessment capabilities now available with AWS Transform. Published context: May 22, 2026. AWS Transform now offers advanced migration assessment capabilities including what-if scenarios, customizable assumptions, flexible file format support, and multiple new total cost of ownership (TCO) assessment features. These latest features let you quickly build a migration business case and accelerate your migration decisions. You can start your migration ...

May 23, 2026 · 2 min · David Gomez

AWS Secrets Manager adds managed external secrets support for Datadog vended keys and Snowfl...

Today’s signal AWS What’s New recently reported AWS Secrets Manager adds managed external secrets support for Datadog vended keys and Snowflake Programmatic Access Tokens. Published context: May 22, 2026. AWS Secrets Manager now extends its managed external secrets capability to include Datadog Keys and Snowflake Programmatic Access Tokens (PATs). Managed external secrets enable customers to automatically rotate third-party credentials directly from AWS Secrets Manager by offering first-class integration with supported third-party services. With this launch, ...

May 23, 2026 · 2 min · David Gomez

Amazon ECS introduces pause and continue controls for service deployments

Today’s signal AWS What’s New recently reported Amazon ECS introduces pause and continue controls for service deployments. Published context: May 19, 2026. Amazon Elastic Container Service (Amazon ECS) now enables you to pause service deployments at critical stages during deployment progression and continue deployments when ready. You can use these pause points to introduce manual decision points and interactive controls into your deployments for scenarios such as manual approval workflows, operational checks, ...

May 22, 2026 · 2 min · David Gomez

Amazon Aurora MySQL 8.4 is now generally available

Today’s signal AWS What’s New recently reported Amazon Aurora MySQL 8.4 is now generally available. Published context: May 21, 2026. Amazon Aurora MySQL-Compatible Edition now supports MySQL 8.4, a community MySQL Long Term Support (LTS) major version. Aurora MySQL 8.4 launches with compatibility for community MySQL 8.4.7 and introduces aligned version numbering, so the version number you run on Aurora matches the community MySQL version it is compatible with. Aurora also manages the unde ...

May 22, 2026 · 2 min · David Gomez

Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials

Today’s signal The Hacker News recently reported Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials. Published context: May 19, 2026. In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server. “Every existing tag in the repository has been moved to point to an imposter commit that does not appear i ...

May 22, 2026 · 2 min · David Gomez

Security Hub Extended expands to 21 curated partner solutions across 9 categories

Today’s signal AWS What’s New recently reported Security Hub Extended expands to 21 curated partner solutions across 9 categories. Published context: May 20, 2026. AWS Security Hub Extended plan now includes 21 curated partner solutions across 9 security categories, adding SentinelOne (endpoint), CyberArk (identity), Sublime (email), Varonis (data security), LayerX (browser), Native Security (cloud), and Zenity (AI security). With these additions, you have more flexibility to select the solutions that best fit your ent ...

May 21, 2026 · 2 min · David Gomez

AWS Security Hub now uncovers identity risks from unused access

Today’s signal AWS What’s New recently reported AWS Security Hub now uncovers identity risks from unused access. Published context: May 20, 2026. Today, AWS Security Hub brings identity risk into the same unified console where central security teams already manage threats, exposures, and posture findings. Security Hub now detects unused IAM permissions, roles, and credentials across your AWS organization, helping central security teams identify and reduce identity risk at scale. Until now, managing id ...

May 21, 2026 · 2 min · David Gomez