Release Date: 23/03/2025 | Issue: 280
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor
Free Cloud Data Risk Assessment With sensitive data across multiple cloud applications, it can be hard to know where exactly the data lives and who has access to itβmaking you more susceptible to a data breach. Our Cloud Data Risk Assessment was designed to solve this. Covering AWS, Azure, Google Cloud and more, it provides an in-depth look into your data and blast radius, at no cost. Easily map multi-cloud sensitive data risk and get a clear path to remediation within 24 hours, with the industry's most advanced cloud data risk assessment.
How to chain round-trip attacks and namespace confusion to achieve unauthenticated admin access on GitLab Enterprise by exploiting the ruby-saml library.
#attack #ci/cd
Success in these engagements is not solely determined by the number of findings but by how well the intended objectives align with the outcomes.
#defend #strategy
A supply chain attack on tj-actions/changed-files leaked secrets. Wiz Research found another attack on reviewdog/actions-setup, possibly causing the compromise.
#attack #ci/cd #supply-chain
This article aims to provide a deeper technical understanding of the Elevate Access mechanism, including its underlying implementation, the specific logs where activities are recorded, when you DON'T need Elevate Access to get the same permissions, and the practical techniques attackers use to leverage it.
#azure #explain #iam
Mandiant has developed an internal tool (Delusion) for performing BitM attacks, enabling an operator to target a specific application without possessing prior knowledge about the authentication protocols employed by the application.
Gemini in Workspace apps and the Gemini app are the first generative AI assistants for productivity and collaboration suites to have achieved FedRAMP High authorization.
Google compared OWASP's top 10 API security threats list to the security capabilities of Apigee.
Sponsor CloudSecList in 2025
If you want to get your product in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, take a look at: π cloudseclist.com/sponsor