John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
There is a comfortable myth in cloud computing: because serverless environments only live for a few seconds, they cannot really be breached. Spin up, run, and vanish. No persistence, so no problem.
That myth died this week. New research has uncovered a CVSS 8.8 sandbox escape in Azure Functions that lets a compromised kernel modify the secure host memory. In AWS Lambda, a “ghost code” injection technique allows attackers to infect runtime layers so that every future invocation runs malicious code first.
The attack surface has shifted. It is no longer about the running workload; it is about the initialization layer. By the time your security tools have anything to inspect, the attacker is already positioned.
Ephemerality is not a security control. If you are not monitoring your runtime environments and your IAM configuration for these “ghost” persistence vectors, you are trusting a wall that is essentially made of glass.