3 min readLegal AI solutions provider LexisNexis has confirmed a massive breach of its AWS environment  According to reports, initial access was gained by exploiting the “React2Shell” vulnerability in an unpatched React frontend application – a flaw the company had reportedly left unaddressed for months.  Among the details reportedly posted by the attacker is the claim that, The post How a Single Overprivileged Service Turned the LexisNexis Breach Into a Keys-to-the-Kingdom Moment appeared first on Aembit.

Security Boulevard is a leading cybersecurity news and information portal, offering articles, analysis, and insights on cybersecurity threats, vulnerabilities, and best practices. From the latest trends in cyber threats to expert commentary on security technologies and compliance frameworks, Security Boulevard provides resources for security professionals, IT leaders, and business executives seeking to protect their organizations from cyber attacks and data breaches.

Security Boulevard

LexisNexis confirmed a major AWS breach initiated via the 'React2Shell' vulnerability in an unpatched React frontend. The attacker, FulcrumSec, claims the compromised ECS task role had read access to 53 entries in AWS Secrets Manager, exposing credentials for GitHub, Azure DevOps, Databricks, Salesforce, and analytics platforms. The incident illustrates how overprivileged workload identities can turn a single application compromise into a broad credential exposure. Key mitigations include applying least-privilege IAM policies, using short-lived credentials, segmenting secrets by environment, and auditing which identities can retrieve secrets. The post is authored by Aembit, a secrets management vendor.