Need to get code execution on thousands of cloud customers? What about on internal AWS systems? Datadog Security Research found that a number of tools, including one published by AWS, are susceptible to name confusion attacks, leading to arbitrary execution in vulnerable environments!

https://securitylabs.datadoghq.com/articles/whoami-a-cloud-image-name-confusion-attack/