How Security Tool Misuse Is Reshaping Cloud Compromise
ID: a7f9c4b4-e555-58b5-9675-7efd394d2ec2
STIX ID: report--a7f9c4b4-e555-58b5-9675-7efd394d2ec2
Feed Name: Qualys Blog
This report documents recurring cloud compromise patterns where exposed credentials and IAM misconfigurations are discovered (often using TruffleHog), validated via API calls (e.g., sts:GetCallerIdentity), and then abused to enumerate permissions and exfiltrate data; it highlights several 2025 campaigns—including supply-chain NPM infections and large-scale credential harvesting—that resulted in significant data exposure and provides detection signals (user-agent strings, API call patterns) and remediation guidance for credential lifecycle management.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.