Release Date: 27/04/2025 | Issue: 285
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Protect Your Azure SQL Databases
A critical vulnerability in Azure SQL Server was recently discovered by the Varonis Threat Lab team, that could lead to sudden and significant data loss.โ€Œ By exploiting a security gap in firewall rule-naming, malicious actors can delete entire servers and targeted assets when combined with admin actions. Discover more about this vulnerability, the impact it can have, and the recommended steps you can take to protect your data from Varonis. Take proactive measures to secure your Azure SQL databases now.

Join the Discussion

This week's articles


Jumping the line: How MCP servers can attack you before you ever use them
A vulnerability, called "line jumping", in the way MCP is implemented that undermines its core security promises. It allows malicious MCP servers to execute attacks before any tool is even invoked.   #ai   #attack


How MCP servers can steal your conversation history
A more effective way to exploit line jumping: injecting trigger phrases into tool descriptions to exfiltrate the user's entire conversation history.   #ai   #attack


Research Briefing: MCP Security
A post exploring the evolving Model Context Protocol (MCP), its security risks, and how to prepare for safe adoption as LLMs connect to external systems.   #ai   #attack   #defend


Claude Code: Best practices for agentic coding
A blog post covering tips and tricks that have proven effective for using Claude Code across various codebases, languages, and environments.   #ai   #explain


Principles for coding securely with LLMs
LLMs sometimes act maliciously, so you must treat LLM output like user input.   #ai   #strategy


Threat Modelling Cloud Service Providers in 2025
With the US Government acting in an erratic and hostile manner towards its traditional allies, it makes sense for companies not typically subject to US Jurisdiction to reconsider their threat models when using the big three cloud providers. All of them are US-based companies, and all three conduct a substantial amount of business with the US Government.   #aws   #azure   #gcp   #strategy


Secure Cross-Account Access is Tricky. Four Common Dangerous Misconceptions
Post diving into cross-account trust policies, explaining four major misconceptions repeatedly seen in organizations, which often lead to the creation of cross-account trust paths from less secure accounts to more sensitive accounts.   #aws   #design


Datadog threat roundup: Top insights for Q1 2025
The Datadog threat research and detection engineering efforts throughout Q1 revealed several significant patterns in the cloud threat landscape, with some notable shifts from previous quarters.   #attack   #defend   #monitor   #strategy

Sponsor

Cloud SIEM Best Practices
Learn how to apply Cloud SIEM best practices using Datadog to monitor and secure your systems by leveraging logs from AWS, GCP, and other popular technologies + explore how to use authentication logs to detect common security threats.

Read the guide

Tools


damn-vulnerable-MCP-server
A deliberately vulnerable implementation of the Model Context Protocol (MCP) for educational purposes.


auth0-mcp-server
The Auth0 MCP Server integrates with LLMs and AI agents, allowing you to perform various Auth0 management operations using natural language.


sim
Open-source AI Agent workflow builder.


New Pacu Module: Secret Enumeration in Elastic Beanstalk
Pacu's newest scenario, enumerating Elastic Beanstalk for Secrets, was built to save users hours of testing during an AWS penetration test.


attache
Provides an emulation layer for Cloud Provider IMDS APIs.

From the cloud providers


#AWS   Announcing AWS Security Reference Architecture Code Examples for Generative AI
The examples include two comprehensive capabilities focusing on secure model inference and RAG implementations, covering a wide range of security best practices using AWS generative AI services.


#AWS   How to help prevent hotlinking using referer checking, AWS WAF, and Amazon CloudFront
How to help prevent hotlinking by using header inspection in AWS WAF, while still taking advantage of the improved user experience from a CDN such as CloudFront.


#AWS   IAM Identity Center releases new SDK plugin to streamline token exchange with an external Identity Provider
A new SDK plugin that simplifies AWS resource authorization for applications that authenticate with external identity providers (IdPs) such as Microsoft EntraID, Okta, and others.


#GCP   MCP Toolbox for Databases: Simplify AI Agent Access to Enterprise Data
Learn how MCP Toolbox for Databases can help you deliver secure and standardized ways to have your agents communicate with one another and access enterprise data.


#GCP   SaaS delivery made easy: Meet SaaS Runtime
SaaS Runtime is a fully managed service management platform for SaaS providers to simplify and automate the complexities of infrastructure operations.


#AZURE   Understanding the threat landscape for Kubernetes and containerized assets
Microsoft released and updated the threat matrix for Kubernetes, an active knowledge base for security threats that target Kubernetes clusters, to systematically map the attack surface of Kubernetes.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini