AWS updated its responsible AI governance, risk, and compliance guidance for financial services on May 13, 2026. The useful part is not another principles list. The useful part is turning...
AWS announced full repository code review for AWS Security Agent on May 12, 2026. That sounds like a bigger SAST scanner at first glance. It is more interesting than that,...
On May 7, 2026, the Dirty Frag disclosure put Linux local privilege escalation back on the priority board. On May 13, Fragnesia followed. That one-week rhythm is enough to change...
An open proxy in AWS is not just a security group mistake. It can turn your IP reputation, bandwidth, compute budget, and abuse desk into someone else’s infrastructure. AWS published...
Kyverno 1.18 was released on May 5, 2026, and the headline is not only new features. The bigger operational message is that the old ClusterPolicy era is ending. Teams need...
Kubernetes service accounts are not enough once workloads cross clusters, clouds, and trust boundaries. The April 2026 AWS guide for SPIFFE/SPIRE on EKS is worth reading because it treats identity...
Event-driven systems used to have a strange blind spot. You could build a clean EventBridge architecture, route critical business events through it, and still struggle to answer a basic forensic...
AWS published Bedrock trust-and-safety guidance on April 29, 2026, and two numbers should catch every AI platform team’s attention: AWS cites an 82% improvement in employee trust when organizations communicate...
AWS published a practical IAM Identity Center session-tags walkthrough on April 28, 2026, and the pattern is worth copying: take attributes from Microsoft Entra ID, pass them through IAM Identity...
Kubernetes v1.36 makes fine-grained kubelet API authorization generally available. That sounds dry. It is not. It is the upstream answer to a nasty old habit: granting monitoring agents nodes/proxy because...
Kubernetes v1.36 promotes User Namespaces to GA, and the important field is only two words: hostUsers: false. That setting lets a pod run with user namespace isolation so UID 0...
CVE-2026-31431 is not the kind of Linux bug you leave for the next maintenance window. CERT-EU says Copy Fail was publicly disclosed on April 29, 2026, has a CVSS 3.1...
Amazon SNS message data protection has a hard availability change on April 30, 2026. AWS says the feature will no longer be available to new customers after that date. Existing...
AWS published the Security Hub Extended technical walkthrough on April 22, 2026, after announcing the multicloud expansion on March 10, 2026. The short version: Security Hub is becoming more than...
On April 2, 2026, AWS expanded Amazon CloudWatch auto-enablement so teams can automatically configure telemetry for Amazon CloudFront Standard access logs, AWS Security Hub CSPM finding logs, and Amazon Bedrock...
On April 20, 2026, AWS added seven Amazon EKS IAM condition keys that finally make several cluster standards enforceable before the cluster is created or changed. That date matters because...
On April 23, 2026, Docker published details on two Docker Hub supply-chain compromises that hit common security scanners: Trivy first, then Checkmarx KICS. The KICS incident was especially uncomfortable for...
Terraform 1.10 introduced ephemeral resources, and the feature matters for one reason above all others: it gives Terraform a way to work with temporary or sensitive data without persisting that...
Docker’s April 14, 2026 update on Hardened Images included a few numbers that are hard to ignore: more than 500,000 daily pulls, more than 25,000 continuously patched OS-level artifacts, and...
AWS added CloudTrail Lake to its March 31, 2026 service availability update and said CloudTrail Lake will stop accepting new customers on May 31, 2026. Existing customers can continue to...
AWS shipped Bedrock Guardrails cross-account enforcement on April 3, 2026, and this is exactly the kind of feature security teams ask for after the first wave of internal AI pilots...
Think of security scanning that runs after deployment like an autopsy. You figure out what went wrong, but the damage is done. The vulnerabilities were already live in production. Somebody...
I’ve watched teams build gorgeous Kubernetes clusters on EKS, then basically shrug at container security. The cluster runs great, pipelines are solid, autoscaling hums along – and then someone actually...
Security teams are basically drowning in logs at this point. CloudTrail events pouring in from 47 AWS accounts, VPC Flow Logs from hundreds of subnets, GuardDuty findings stacked up across...
AES-GCM has real limits, and most teams only discover them after a key has been used far longer than they planned. AWS KMS and the AWS Encryption SDK exist partly...
PCI DSS on EKS is not one control. It is a set of controls that have to line up: network inspection, identity, logging, and evidence retention. AWS’s April 2026 guidance...
EKS Pod Identity session policies are the first practical answer AWS has given to “how do I keep pod permissions narrow without creating a dozen roles?” The answer is simple:...
AWS made the control question explicit in April 2026: when an AI agent touches AWS, which IAM principal is actually acting? That is the part people skip, and it is...
Docker’s March 2026 security push is not subtle. The company said over a quarter of production code is now AI-authored, and that developers using agents are merging roughly 60% more...
The worst secret in your platform is the one that exists only because the previous secret could not be trusted. That is how teams end up with GitLab variables that...
The simplest way to ruin network security is to let every VPC invent its own firewall story. The cleaner pattern is still centralized inspection: one inspection VPC, one firewall policy...
Security Hub changed twice in quick succession. On February 26, 2026, AWS launched Security Hub Extended as a pay-as-you-go plan for partner solutions. On March 31, 2026, CloudWatch started ingesting...
The problem: your application team needs to create IAM roles for their Lambda functions and ECS tasks. You can give them iam:CreateRole and related permissions, but then they can create...
The standard AWS multi-account setup has a tools account for CI/CD, separate accounts for dev/staging/prod, a security audit account, and maybe a shared services account for internal tooling. Getting code...
The aws-auth ConfigMap was never a good idea. It’s a plain Kubernetes ConfigMap in the kube-system namespace — editable by anyone with cluster-admin, no audit trail, no AWS-native access controls,...
AWS WAF v2 launched in 2019 and the original WAF Classic is end-of-life — migration ended November 2024. If you’re still on Classic, those web ACLs are frozen. This guide...
Every bastion host in your architecture is a maintenance burden and an attack surface. You need to keep the AMI patched, manage SSH keys across the team, control security group...
The average AWS account running production workloads generates findings from at least four different security services: GuardDuty for threat detection, Inspector for vulnerability scanning, Config for compliance drift, and IAM...
Most AWS teams start with one account. They create IAM users, attach policies, and eventually have a mess of permissions nobody fully understands. Then they start a second account for...
When a fintech company discovered in late 2023 that 14 months of customer transaction exports — including names, account numbers, and partial SSNs — had been sitting in a public...
Inspector Classic (v1) required you to schedule scans, install an agent manually, and remember to run assessments after deployments. Inspector v2, launched in November 2021, works differently. Enable it once...
A tweet with 52,894 impressions last September put it plainly: “master IAM roles and policies” was the single skill that separated AWS beginners from people who could actually build in...
AWS renamed AWS Single Sign-On to IAM Identity Center in 2022, which confused a lot of people who were still searching for “AWS SSO” in the console. The name changed;...
In 2022, a researcher at Lacework published an analysis of 500 AWS accounts across their customer base. The most common finding was cryptocurrency mining workloads running on EC2 instances that...
Every API call made to AWS — from the console, CLI, SDK, or another service — generates a CloudTrail event. Who created that security group rule? When was that IAM...
Something I tell every new team I work with: stop assuming your internal network is safe. That assumption is how you end up with a bad time. In 2026, 8.4...
Businesses rely on technology for most operations, so protecting sensitive data from breaches is essential. Without proper safeguards, cyber criminals can exploit weaknesses in your systems.
As cloud usage grows, data spreads across servers everywhere. This creates a real problem: traditional security tools cannot keep up with cybercriminals who move fast and adapt faster. AI and...
In software development, security and efficiency matter. DevOps has changed how teams build, test, and deploy software, enabling faster delivery and collaboration between development and operations. However, with evolving security...
When you start your business, there are several things to consider so you don’t run out of resources. One important aspect, no matter how big or small your business is,...
Monitor your S3 bucket access and actions with CloudTrail, Amazon S3 server access logs, and CloudWatch Logs. Get visibility into potential security risks and keep your S3 usage secure. #CloudSecurity...
If you are using Amazon S3, server-side encryption is worth understanding. It adds a layer of protection for your data at rest, and AWS makes it relatively painless to set...
