Release Date: 09/03/2025 | Issue: 278
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

The autonomous SOC...just a buzzword, or the future of security?
Security operations are evolving, and AI is at the center of this transformation. But is the hype around the β€œautonomous SOC” real? And what does the ideal future look like for security leaders hoping to balance automation with human oversight?

Hear from Tines CEO Eoin Hinchy and guest speaker Allie Mellen, Principal Analyst at Forrester Research, for insights into the future of SOC and automation and the evolving nature of AI in enterprise security operations.
Register for the webinar

This week's articles


Threat modeling the TRAIL of Bits way
TRAIL aims to provide maximum value to clients while minimizing the effort needed to update threat models as systems evolve.   #defend   #process   #strategy


Continuous TRAIL
How to maintain threat models, when to update them as development continues, and how to make use of them.   #defend   #process   #strategy


Shrinking the haystack: The six phases of cloud threat detection
A structured approach to detecting threats within cloud environments: Ingest, Standardize, Combine, Detect, Suppress, and Respond.   #defend   #monitor


Substack Domain Takeover
An edge case that allows an attacker to take over inactive Substack blog custom domains.   #attack   #saas


How to gain code execution on millions of people and hundreds of popular apps
The article discusses a security vulnerability discovered in the todesktop application bundler service, which affected several popular apps, like Clickup, Cursor, Linear, and Notion.   #attack   #saas   #supply-chain


Evaluating AWS Native Approaches for Detecting Suspicious API Calls
Three primary approaches: 1) EventBridge β†’ SNS β†’ Email, 2) CloudTrail β†’ S3 β†’ Lambda β†’ SNS β†’ Email, and 3) CloudTrail β†’ CloudWatch β†’ MetricFilter β†’ MetricAlert β†’ SNS β†’ Email.   #aws   #defend   #monitor


Finding leaked passwords with AI: How we built Copilot secret scanning
Passwords are notoriously difficult to detect with conventional programming approaches. AI can help us find passwords better because it understands context.   #ai   #build   #defend


Kubernetes networking: service, kube-proxy, load balancing
This article examines Kubernetes networking, focusing on Services and load balancing. It explains how traffic is routed within the cluster and from external sources.   #containers   #explain   #kubernetes


VaultRecon: An Azure Control Plane/Data Plane Isolation Flaw
A vulnerability in Microsoft Azure that allows users with Reader access to expose sensitive metadata about secrets stored in Azure Key Vaults.   #attack   #azure

Advance Your Cloud Security Career

Want to break into Cloud Security or move up fast?
πŸ“™ The CloudSec Engineer gives you straight-to-the-point, no-BS career advice based on real-world experience.
From landing your first role to securing senior and leadership positions, this book helps you navigate the path with practical insights, proven strategies, and bonus tools to track your learning and ace interviews.

Don't waste time guessingβ€”get the guide that works.

Tools


yaak
Organize and execute REST, GraphQL, WebSockets, Server Sent Events, and gRPC.


data-formulator
Create rich visualizations with AI.


rogue
Automated web vulnerability scanning with LLM agents.


twilio-security-scanner
A security scanning tool for Twilio accounts that helps detect misconfigurations and security risks.


Az-Skywalker
Enumerate all secrets in all Azure Key Vaults and Logic Apps across all subscriptions.

From the cloud providers


#GCP   Introducing AI Protection: Security for the AI era
Google Cloud's new AI Protection safeguards AI workloads and data across clouds and models, no matter the platform.


#AZURE   Disrupting a global cybercrime network abusing generative AI
Microsoft is actively fighting against a global cybercrime network known as Storm-2139, which exploits generative AI technologies.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present CloudSecList Β· Marco Lancini