Week 5 - Jan 27 - Feb 2, 2026
STS OIDC federation enhancements go live, SageMaker adds PrivateLink, and Amazon Threat Intelligence begins tracking an AI-augmented campaign compromising FortiGate devices at scale.
Highlights
AI-Augmented Threat Campaign Targeting FortiGate Devices Begins
Amazon Threat Intelligence began tracking a Russian-speaking financially motivated threat actor using commercial GenAI services to scale attacks against FortiGate devices. The campaign ran from January 11 to February 18, ultimately compromising 600+ devices across 55+ countries. Full details were published in Week 8.
Amazon SageMaker Adds PrivateLink Support
SageMaker Unified Studio added PrivateLink support for private connectivity between VPCs and SageMaker service endpoints, keeping all data traffic within the AWS network. Critical for ML workloads handling sensitive data.
Key Takeaway
The FortiGate campaign is a preview of what is coming - threat actors using GenAI to scale attacks that were previously manual. No zero-days were used; all compromises exploited exposed management ports and weak single-factor credentials. MFA and network segmentation remain the most effective defenses.
Need Custom Security Briefings?
These weekly digests are a starting point. Contact us for tailored threat briefings, security assessments, and architectural guidance for your AWS environment.