PyPI invalidates tokens stolen in GhostAction supply chain attack

The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early ...
GitHub

AmazonS3Client's constructor overwrites credentials in caller provided AmazonS3Config object

Certain overloads of AmazonS3Client constructor accept both login/password (awsAccessKeyId/awsSecretAccessKey) and an instance of AmazonS3Config object. Down the call ...
GitHub

Support for temporary AWS credentials(aws_session_token) integration for Bedrock

While attempting to integrate AWS Bedrock into Cursor using temporary AWS credentials, I’ve verified that aws_session_token does not seem to be supported. As modern AWS environments often rely on ...