May Recap: New AWS Privileged Permissions and Services
Security Boulevard, Monday, June 8th, 2026
Sonrai's monthly recap catalogs newly added AWS privileged permissions and services from May 2026 and their security risks.
This recurring Sonrai Security recap, syndicated on Security Boulevard, reviews new AWS privileged permissions and services introduced in May 2026 across compute networking, genomics pipelines, and container orchestration. It flags a daemon permission that, combined with ecs:CreateDaemon, can run arbitrary code across every instance in a cluster. Another creates extra EC2 network interfaces, letting traffic route outside monitoring boundaries for lateral movement. A genomics pipeline permission can redirect automated runs into an attacker-controlled network by recreating a pipeline under an existing name with different VPC settings. (Page returned HTTP 403; details from the syndicated Sonrai source.)