Serverless Security Blindspots: When Your Function's IAM Role is Too Permissive
submitted by /u/JadeLuxe [link] [comments]
Articles tagged with: #serverless
Clear filter
R2 SQL: a deep dive into our new distributed query engine
R2 SQL provides a built-in, serverless way to run ad-hoc analytic queries against your R2 Data Catalog. This post dives deep under the Iceberg into how we built this distributed engine.
AWS Weekly Roundup: Amazon Q Developer, AWS Step Functions, AWS Cloud Club Captain deadline, and more (September 22, 2025)
Three weeks ago, I published a post about the new AWS Region in New Zealand (ap-southeast-6). This led to an incredible opportunity to visit New Zealand, where I met passionate builders and presented at several events including Serverless and Platform Engineering meetup, AWS Tools and Programming meetup, AWS Cloud Clubs in Auckland, and AWS Community
Qwen models are now available in Amazon Bedrock
Amazon Bedrock has expanded its model offerings with the addition of Qwen 3 foundation models enabling users to access and deploy them in a fully managed, serverless environment. These models feature both mixture-of-experts (MoE) and dense architectures to support diverse use cases including advanced code generation, multi-tool business automation, and cost-optimized AI reasoning.
Multi-Region keys: A new approach to key replication in AWS Payment Cryptography
In our previous blog post (Part 1 of our key replication series), Automatically replicate your card payment keys across AWS Regions, we explored an event-driven, serverless architecture using AWS PrivateLink to securely replicate card payment keys across AWS Regions. That solution demonstrated how to build a custom replication framework for payment cryptography keys. Based on
Cloud-Native Security in 2025: Why Runtime Visibility Must Take Center Stage
The security landscape for cloud-native applications is undergoing a profound transformation. Containers, Kubernetes, and serverless technologies are now the default for modern enterprises, accelerating delivery but also expanding the attack surface in ways traditional security models can't keep up with. As adoption grows, so does complexity. Security teams are asked to monitor sprawling hybrid
Accelerate serverless testing with LocalStack integration in VS Code IDE
AWS is announcing integrated LocalStack support in the AWS Toolkit for Visual Studio Code that makes it easier than ever for developers to test and debug serverless applications locally. This enhancement builds upon our recent improvements to the Lambda development experience, including the console to IDE integration and remote debugging capabilities we launched in July 2025, continuing our commitment to simplify serverless development on AWS.
Hackers Leverages Google Calendar APIs With Serverless MeetC2 Communication Framework
Cybersecurity researchers have identified a sophisticated new command-and-control framework that exploits legitimate Google Calendar APIs to establish covert communication channels between attackers and compromised systems. The MeetC2 framework, discovered in September 2025, represents a concerning evolution in adversarial tactics where threat actors abuse trusted cloud services to bypass traditional security controls and evade detection mechanisms.
MeetC2 - A serverless command & control (C2) framework that leverages Google Calendar APIs, as a communication channel.
submitted by /u/SkyFallRobin [link] [comments]
MariaDB Boosts Cloud with AI & Serverless via SkySQL Buyout
Move delivers flexible cloud and hybrid solutions for AI-driven workloads MariaDB plc today announced it has acquired SkySQL Inc., the company behind an AI-powered, serverless database-as-a-service (DBaaS) platform. The acquisition brings SkySQL's established DBaaS product back into the MariaDB portfolio. SkySQL was originally developed by MariaDB and, since being spun off as...
A Comprehensive Review of Denial of Wallet Attacks in Serverless Architectures
arXiv:2508.19284v1 Announce Type: new Abstract: The Denial of Wallet (DoW) attack poses a unique and growing threat to serverless architectures that rely on Function-as-a-Service (FaaS) models, exploiting the cost structure of pay-as-you-go billing to financially burden application owners. Unlike traditional Denial of Service (DoS) attacks, which aim to exhaust resources and disrupt service availability, DoW attacks focus on escalating costs without impacting service operation. This review...
