1. Slack Bot Security Gap: Unverified Requests Still Incur Lambda Costs, Prompting API Gateway or WAF Fix
A critical cost-control vulnerability has been identified in a Slack bot's authentication system. While recent updates correctly reject unauthorized requests with a 401 status, these invalid requests still trigger full AWS Lambda executions, generating unnecessary and potentially exploitable cloud costs. A malicious ac...