Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

AWS Bedrock AgentCore Code Interpreter DNS exfiltration and covert C2 in Sandbox Mode

Technical Analysis
First reported
Last updated
Happening score
H score 31
2 unique sources, 2 articles

Summary

Hide ▲

Researchers demonstrated DNS-based exfiltration and covert C2 against AWS Bedrock AgentCore Code Interpreter, showing cloud AI code execution environments can still leak sensitive data despite restricted outbound networking.

Related Happenings

XM Cyber maps eight validated AWS Bedrock attack vectors across connected enterprise integrations

Technical Analysis
First: 23.03.2026 13:55 Last: 23.03.2026 13:55 Sources 1

About this happening: **XM Cyber** mapped **eight validated attack vectors** in **AWS Bedrock**, showing how over-privileged permissions can expose logs, knowledge bases, agents, flows, guardrails, and...

Open Happening

LangSmith version 0.12.71 security update (CVE-2026-25750)

Security Patch Release
First: 17.03.2026 18:39 Last: 17.03.2026 18:39 Sources 1

How related: The issue, which affects both self-hosted and cloud deployments, has been addressed in LangSmith version 0.12.71 released in December 2025.

About this happening: **LangSmith** released **version 0.12.71** to fix **CVE-2026-25750**, a high-severity flaw that could enable **token theft** and **account takeover**. The update applies to both *...

Open Happening

GhostLoader RAT-stealer via @openclaw-ai/openclawai

Malware Activity
First: 09.03.2026 20:31 Last: 09.03.2026 20:31 Sources 1

About this happening: A malicious **@openclaw-ai/openclawai** npm package is delivering **GhostLoader** to **macOS** hosts, enabling **credential theft**, **browser-session cloning**, and persistent re...

Open Happening

Amazon Web Services Middle East drone-strike outage

Service Disruption
First: 03.03.2026 13:44 Last: 03.03.2026 13:44 Sources 1

About this happening: **Amazon Web Services** confirmed a **drone-strike** disruption that damaged infrastructure in its **Middle East regions** and caused an outage affecting **dozens of cloud service...

Open Happening

Publicly exposed training and demo apps in cloud environments are being abused at scale

Target Trend
First: 11.02.2026 13:30 Last: 11.02.2026 13:30 Sources 1

About this happening: Publicly exposed **training and demo applications** are showing up at scale in **AWS, Azure, and GCP**, turning lab systems into real cloud footholds. Researchers verified **nearl...

Open Happening

Timeline

  1. 16.03.2026 15:00 2 articles · 2mo ago

    Phantom Labs Research demonstrates DNS exfiltration in AWS Bedrock AgentCore Code Interpreter

    Initial Disclosure

    Phantom Labs Research published a March 16, 2026 demonstration showing that AWS Bedrock AgentCore Code Interpreter in Sandbox Mode could be steered by malicious CSV content into generating Python code that used DNS queries as a covert C2 channel, even while the environment reported network access as disabled. The proof of concept included whoami execution, Amazon S3 bucket enumeration, and extraction of file contents containing credentials, personal data, and financial information.

    Show sources
    Open in new tab
  2. 16.03.2026 15:00 1 articles · 2mo ago

    Broader AgentCore IAM permissions widen the data-exposure risk

    Campaign Scope Update

    The same March 16, 2026 analysis warned that Code Interpreter instances can inherit broader AgentCore permissions in some configurations, including the default AgentCore Starter Toolkit role with full access to DynamoDB, full access to Secrets Manager secrets, and read access to all S3 buckets in the account. If malicious instructions influence code execution inside the interpreter, those permissions can expand exposure from a sandboxed code run to cloud resource discovery and sensitive-data extraction.

    Show sources
    Open in new tab
  3. 16.03.2026 15:00 1 articles · 2mo ago

    AWS clarifies Sandbox Mode DNS behavior and directs sensitive workloads to VPC mode

    Mitigation Patch Update

    AWS reviewed the research, said the behavior reflects intended functionality rather than a vulnerability, and updated documentation to clarify that Sandbox Mode provides limited external network access and allows DNS resolution. Security guidance urged administrators to inventory all active AgentCore Code Interpreter instances and move those handling critical data from Sandbox mode to VPC mode.

    Show sources
    Open in new tab