Consider a cached access key on a single Windows machine. It got there the way most cached credentials do – a user logged in, and the key stored itself automatically. Standard AWS behavior. No one misconfigured anything or violated a policy. Yet that single key, which was easily accessible to a minor-league attacker, could have opened a path to some 98% of entities in the company’s cloud
First seen on thehackernews.com
Jump to article: thehackernews.com/2026/05/when-identity-is-attack-path.html
