Trust is a liability, whether you're handing cross-account IAM roles to a shiny new SaaS or just letting your backends parse a few bytes of authentication data.
💸 Supply Chain Suicide
A YC-backed cost optimization vendor called Pump spent five months leaking their own production AWS keys, Auth0 tokens, and Terraform state to the public internet. This is exactly why you don't blindly hand out access. If an attacker popped their exposed infrastructure, they could pivot straight into the AWS accounts of any customer who trusted them with cross-account IAM roles. Read the Pump exposure autopsy. Go audit your third-party roles right now and aggressively revoke access for unverified integrations.
🪆 The Infinite Matryoshka
Your Python workers are begging to be DoS'd if they handle untrusted WebAuthn or COSE data using cbor2 prior to 5.9.0. The parser blindly follows nested structures without limits. An attacker can throw a deeply recursive, 100KB payload at `cbor2.loads` to trigger an uncontrolled recursion loop that instantly terminates the process. You don't need a botnet to take down a fleet anymore—just a tiny, malformed object sent fast enough to outpace your container restart loop. Bump cbor2 to 5.9.0 today before someone tests it on your endpoints.
🏎️ Racing to Root in Looker
Self-hosted GCP Looker instances had a directory deletion race condition that escalated straight into native Git CLI execution. Attackers delete a repository while concurrently spraying Git commands. By timing the deletion of the `.git` directory perfectly, the system falls back to a forged Git config left in the worktree, which executes arbitrary hooks. This drops you directly into an RCE, and thanks to overly permissive K8s defaults, attackers were using this to pivot cluster-wide. Check out the Looker RCE chain to see how a basic race condition spirals out of control. Patch your instances and lock down those Kubernetes RBAC service accounts.