Week 2 - Jan 6-12, 2026
High-severity command injection CVE in Kiro IDE (CVSS 8.4), AWS Client VPN gets simplified onboarding, and AWS is named ISG Leader for Sovereign Cloud for the third consecutive year.
Highlights
AWS Client VPN Quickstart Setup
AWS simplified Client VPN onboarding to require only three inputs: IPv4 CIDR, server certificate ARN, and subnet selection. Available at no additional cost in all supported regions. Dramatically lowers the barrier for secure remote access.
AWS Named ISG Leader for Sovereign Cloud (3rd Year)
For the third consecutive year, AWS was named a Leader in the ISG Provider Lens Quadrant report for Sovereign Cloud Infrastructure Services (EU). This validates AWS's investment in data sovereignty controls.
Amazon Corretto January 2026 Quarterly Security Updates
Security and critical updates released for all Corretto LTS versions: 25.0.2, 21.0.10, 17.0.18, 11.0.30, and 8u482. Patch immediately if running Java workloads on AWS.
CVEs & Vulnerabilities
CVE-2026-0830: Kiro IDE Command Injection (CVSS 8.4)
Opening a maliciously crafted workspace in Kiro IDE triggers arbitrary command execution via the GitLab Merge Request Helper. High severity (CVSS 8.4). Fixed in Kiro v0.6.18. Update immediately if using Kiro IDE.
Key Takeaway
The Kiro IDE CVE is worth immediate attention - CVSS 8.4 command injection via malicious workspaces. If your team uses Kiro, ensure v0.6.18 or later is deployed. The Client VPN quickstart is a nice quality-of-life improvement for teams struggling with VPN setup complexity.
Need Custom Security Briefings?
These weekly digests are a starting point. Contact us for tailored threat briefings, security assessments, and architectural guidance for your AWS environment.