Security researchers discovered the "whoAMI" attack, allowing hackers to execute code on AWS EC2 instances by exploiting how AMI IDs are retrieved. The attack occurs when software selects AMIs without specifying trusted owners, enabling attackers to inject malicious AMIs with similar names. Amazon fixed the issue in September 2024 and introduced the 'Allowed AMIs' feature, but organizations must update their configurations to stay protected.

‍