whoAMI: A Cloud Image Name Confusion Attack By Seth Art Can a simple naming trick let attackers take control of your cloud workloads? Yes. The "whoAMI" attack abuses container image name confusion to trick systems into running malicious images instead of trusted ones. ⚠️ Key insights: 🐳 Container registry confusion – Attackers exploit lookalike image names in public and private repositories to deceive CI/CD pipelines. 🎭 Shadow deployments – Threat actors can inject rogue images into Kubernetes, ECS, and other cloud environments without triggering alarms. 🔄 Supply chain risks – Even teams using private registries aren’t safe; misconfigured pull policies can lead to silent compromises. 🛡️ Defense tactics – Learn how to secure container pipelines with signed images, explicit image sources, and better IAM policies. If you're relying on image names alone for security, you're at risk. See how attackers exploit this weakness and how to defend against it. 🔗 Read more: securitylabs.datadoghq.com/articles/whoam… This was first mentioned in AWS Security Digest Issue #201: awssecuritydigest.com/past-issues/aw…