@hackingthe.cloud on Bluesky

JavaScript RequiredThis is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is. Learn more about Bluesky at bsky.social and atproto.com.

Post

Hacking the Cloud

hackingthe.cloud

did:plc:dmdzoossuvvr3lkqlsj4kywn

CVE-2024-28056 is not only a cross-account story. If an AWS account still has an old vulnerable Amplify role and a same-account Cognito identity pool with classic authflow, role takeover may still be possible. https://buff.ly/CZni4WM

2026-05-21T14:03:21.674Z