MA-2026-004High10 May 2026
Public S3 buckets via legacy CloudFront origin access
Bucket policies left over from CloudFront OAI migrations can silently re-expose objects when origin access controls are updated without policy review.
SECURITY ADVISORIES
Patterns we've seen. Now you can too.
A running log of cloud security patterns we've observed and remediated in production. Public, no login, written for engineers.
MA-2026-003Medium22 April 2026
IAM role chaining bypasses MFA boundary
Cross-account role assumption can skip the MFA boundary if the trust policy does not require an aws:MultiFactorAuthPresent condition.
MA-2026-002High15 March 2026
GuardDuty detector disabled during region expansion
Multi-region rollouts often re-create GuardDuty in new regions without the same detector configuration as the home region, leaving blind spots.
MA-2026-001Low8 February 2026
Default VPC kept in production accounts
Default VPCs persist in many accounts despite never being used by workloads, creating an unaudited public attack surface.
Advisories are general patterns, not specific exploit instructions. If you have a confirmed vulnerability disclosure, reach us via the Contact page.
AUDIT
Want this checked against your account?
A 30-minute scoping call. We tell you whether a security audit is the right next step.