Week 12 - Mar 16-22, 2026
Four AWS Security Bulletins published in a single week, Route 53 Global Resolver reaches GA with DNS filtering, Trivy supply chain compromise hits CI/CD pipelines, and Amazon threat intel exposes Interlock ransomware exploiting a Cisco FMC zero-day 36 days before disclosure.
Highlights
Amazon Threat Intel Exposes Interlock Ransomware Exploiting Cisco FMC Zero-Day
Amazon's MadPot honeypot network identified the Interlock ransomware group exploiting CVE-2026-20131, a critical insecure deserialization flaw in Cisco Secure Firewall Management Center (FMC) allowing unauthenticated remote code execution as root. Exploitation began January 26, 2026 — 36 days before Cisco's March 4 public disclosure. Post-exploitation included PowerShell reconnaissance, custom RATs in JavaScript and Java, and ConnectWise ScreenConnect for persistence. CISA added the CVE to its Known Exploited Vulnerability catalog on March 19.
Trivy Security Scanner Supply Chain Compromise by TeamPCP
Aqua Security's Trivy vulnerability scanner was compromised by threat actor TeamPCP on March 19. The core scanner binary, trivy-action GitHub Action, and setup-trivy GitHub Action were weaponized. The malware harvested SSH keys, cloud credentials, and Kubernetes secrets from CI/CD environments, encrypting them with AES-256 + RSA-4096 before exfiltration. Aqua's credential rotation was not atomic, allowing attackers to exfiltrate newly rotated secrets during the rotation window.
Amazon Route 53 Global Resolver — General Availability
Route 53 Global Resolver is now GA across 30 AWS Regions with IPv4 and IPv6 support. Provides internet-reachable anycast DNS resolution with DNS query filtering to block malicious domains, DNS tunneling, and Domain Generation Algorithms (DGA). New at GA: Dictionary DGA threat protection. Includes centralized query logging for compliance. 30-day free trial for new customers.
Amazon S3 Account Regional Namespaces for General Purpose Buckets
S3 buckets can now be created in an account regional namespace, eliminating the need for globally unique bucket names. Available in 37 Regions including GovCloud and China. Security teams can enforce namespace usage via SCPs and IAM policies, preventing bucket namespace squatting.
ACM 200-Day Certificate Validity Enforcement Begins
Complying with the CA/Browser Forum mandate effective March 15, ACM public certificates now have a maximum validity of 198 days (down from 395). Auto-renewal occurs 45 days before expiry. Exportable certificate pricing reduced: 198-day single domain now $7/FQDN (was $15), wildcard now $79 (was $149).
AWS Security Agent: Downloadable Penetration Testing Reports
AWS Security Agent (Preview) now supports downloading penetration testing reports in PDF format. Reports include executive summary, scope, methodology, and findings with risk assessments. Filterable by risk level, confidence level, finding status, risk types, and task status.
CVEs & Vulnerabilities
CVE-2026-4270 — AWS API MCP Server File Access Bypass
File access restriction bypass in AWS API MCP Server (versions >= 0.2.14 and < 1.3.9) allows bypassing no-access and workdir modes, potentially exposing arbitrary local file contents to the MCP client application. Discovered by Varonis Threat Labs via coordinated disclosure. Fix: upgrade to v1.3.9+.
CVE-2026-4269 — Bedrock AgentCore Starter Toolkit S3 Ownership Bypass
Missing S3 ownership verification in Bedrock AgentCore Starter Toolkit (before v0.1.13) allows a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. Only affects users who built the toolkit after September 24, 2025. Fix: upgrade to v0.1.13+.
CVE-2026-4295 — Kiro IDE Arbitrary Code Execution via Crafted Projects
Improper trust boundary enforcement in Kiro IDE (before v0.8.0) permits arbitrary code execution when users open maliciously crafted project directories. Workaround: avoid opening untrusted project directories. Fix: upgrade to Kiro v0.8.0+.
CVE-2026-4428 — AWS-LC CRL Distribution Point Logic Error
Logic error in CRL distribution point matching in AWS-LC (v1.24.0 through v1.70.x) allows a revoked certificate to bypass revocation checks when CRL checking is enabled with partitioned CRLs using IDP extensions. Also affects AWS-LC-FIPS (3.0.0–3.2.x), aws-lc-sys (0.15.0–0.38.x), aws-lc-fips-sys (0.13.0–0.13.12). Fix: upgrade to AWS-LC v1.71.0.
Key Takeaway
Four AWS Security Bulletins in a single week is unusual and signals increased scrutiny on AWS developer tooling (MCP Server, Kiro IDE, AgentCore Toolkit) and cryptographic libraries (AWS-LC). Meanwhile, the Trivy supply chain compromise is a wake-up call for every team running third-party security scanners in CI/CD — if your vulnerability scanner is compromised, your entire pipeline is compromised. Pin your dependencies, enforce IMDSv2, and audit your GitHub Actions.
Need Custom Security Briefings?
These weekly digests are a starting point. Contact us for tailored threat briefings, security assessments, and architectural guidance for your AWS environment.