Penta Security Inc. > Blog > AWS Outage Crashes Global Giants – Be Prepared for Phishing Attacks

AWS Outage Crashes Global Giants – Be Prepared for Phishing Attacks

2025-10-22 Blog
aws outage aws cyber attack aws hacking

AWS Outage Crashes Global Giants – Be Prepared for Phishing Attacks

An Amazon Web Services (AWS) outage that began on October 20, 2025 caused major service disruptions for numerous high-profile platforms, including Amazon.com, Prime Video, Fortnite, Perplexity AI, Canva, Roblox, and Hulu. Over six million users were affected which has made individuals vulnerable to phishing scams targeting services like Reddit, PayPal, and Coinbase. Cybercriminals have exploited the situation by sending phishing emails and texts promising to restore account access, often mimicking legitimate organizations. 

To stay safe, users are advised to avoid unsolicited links, verify email addresses, and never share login details with anyone claiming to help. After the incident, users should monitor their online accounts for unusual activity and consider improving their cybersecurity practices, such as using password managers and multi-factor authentication.

The initial cause was identified as a DNS resolution issue for the DynamoDB API endpoint, which led to increased error rates and latencies for multiple AWS services. Although AWS services were reportedly restored after about 45 minutes, subsequent updates indicated that new problems with network load balancers continued to cause widespread issues for companies reliant on the cloud platform.

Source: Cybernews, Bleeping Computer

 

Insider Data Loss Reaches 77% of Organizations

Insider data loss incidents affect more than three-quarters of organizations and cost companies at least $1 million more than a third of the time, a recent survey by Fortinet and Cybersecurity Insiders found. The increasing use of software-as-a-service (SaaS) apps, generative AI (GenAI) and other shadow IT poses a major challenge to insider risk management, with 52% of respondents citing difficulty monitoring SaaS and hybrid work environments as the biggest barrier to improving their insider risk program. A majority (72%) of respondents said they lacked visibility into how users interact with sensitive data across endpoints and cloud applications, only 47% agreed that their current data loss prevention (DLP) solution was effective in helping prevent sensitive data from leaving their organization.

Source: SC Media

 

Clothing Giant MANGO Discloses Data Breach

Spanish fashion retailer MANGO disclosed a data breach on October 14, 2025, after one of its unnamed external marketing service providers suffered unauthorized access. The breach exposed customer personal data used for marketing campaigns, including the customer’s first name, country, postal code, email address, and telephone number. MANGO confirmed that no last names, banking information, credit card data, IDs, passports, or account credentials were compromised, and the company’s own corporate infrastructure and IT systems were not affected. The precise number of affected customers was not disclosed in the notice.

Source: Security Affairs, Bleeping Computer

 

F5 Disclosed Cyberattack by a Nation-state Threat Actor

F5 disclosed a cyberattack by a nation-state actor after being granted permission by the U.S. Department of Justice (DOJ) to delay public disclosure. The DOJ authorized the delay under Item 1.05(c) of a Form 8-K filed with the Securities and Exchange Commission (SEC), citing a “substantial risk to national security or public safety” if the breach was immediately made public. The breach involved prolonged access to F5’s infrastructure, specifically the BIG-IP product development environment and engineering knowledge management platform. The attacker exfiltrated files, including segments of BIG-IP source code and details about existing vulnerabilities. F5 stated it has not found evidence the supply chain was modified, nor is it aware of any current exploitation, but a portion of the exfiltrated files included configuration or implementation information for a small percentage of customers.

Source: Cyber Scoop, The Hacker News

 

 

Click here to subscribe our Newsletter

Click here for inquiries regarding the partner system of Penta Security

 

Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D.AMO

 

Check out the product lines of  Cloudbric by Penta Security:

Cloud-based Fully Managed WAAP: Cloudbric WAF+

Agent based Zero Trust Network Access Solution: Cloudbric PAS

Agentless Zero Trust Network Access Solution: Cloudbric RAS

Click here for inquiries regarding the partner system of Cloudbric

Tags: