A critical vulnerability in AWS Lambda functions allows attackers to exploit OS command injection through S3 file uploads, potentially compromising AWS credentials and enabling further malicious actions such as phishing via AWS SES. The article highlights the importance of proper configuration and vulnerability scanning to prevent such attacks in event-driven architectures.

A vulnerability in AWS Trusted Advisor allowed attackers to bypass checks for unprotected S3 buckets, misleading users about their security status. AWS has since addressed the issue and advised customers to review their S3 bucket permissions to align with security best practices.