Release Date: 08/06/2025 | Issue: 291
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

The 2025 State of Data Security Report is Here

Varonis analyzed 1,000 real-world environments to uncover how attackers exploit SaaS misconfigurations, overexposed data, and excessive permissions. The report reveals the most common paths to compromise and how defenders can shut them down. From privilege escalation to data exfiltration, it’s a playbook for defenders.
Read the full report here and get a free cloud risk assessment to see how your environment compares.

Assess Your Cloud Risk Level

This week's articles


Transform Years of Content Into a Conversational Knowledge Base
How to make your content interactive by building a conversational knowledge base. A practical walkthrough using CloudSecList, LLMs, and Cloudflare Workers. (Disclaimer: I did write this post)   #ai   #build   #cloudflare


DevOps Tools Targeted for Cryptojacking
The Wiz Threat Research team has identified a widespread cryptojacking campaign targeting commonly used DevOps applications including Nomad and Consul.   #attack   #defend   #hashicorp


Poison everywhere: No output from your MCP server is safe
Post diving into Tool Poisoning Attacks (TPA) on MCP servers.   #ai   #attack


CloudTrail Logging Evasion: Where Policy Size Matters
Permiso uncovered a subtle yet critical logging evasion vulnerability within AWS environments - mainly the differing size limitations of individual AWS CloudTrail logs versus the actual content being logged. By exploiting whitespace and other syntactic quirks, an attacker can create valid IAM policies that effectively bypass CloudTrail logging.   #attack   #aws   #iam


Weaponizing Dependabot: Pwn Request at its finest
Learn how Dependabot can be co-opted to exploit some sensitive workflows, through the Confused Deputy Problem and branch name injections.   #attack   #ci/cd   #supply-chain


Automatically prioritize security issues from different tools with an LLM
Turn your security backlog into a ranked list that actually makes sense with LLMs, smart prompts, and just enough chaos to keep it interesting.   #ai   #defend   #process


Lost in Resolution: Azure OpenAI's DNS Resolution Issue
Unit 42 researchers discovered an issue with Azure OpenAI's Domain Name System (DNS) resolution logic that could have enabled cross-tenant data leaks and meddler-in-the-middle (MitM) attacks.   #ai   #attack   #azure


Azure Arc - C2aaS
Post exploring Azure Arc's overlooked C2aaS potential: attacking and defending against its usage and exploring use cases for Red Teams.   #attack   #azure   #defend

Sponsor

AI Is Writing Code—But Can It Secure It? Hype vs. Reality

With the rise of tools like GitHub Copilot and Cursor, security teams are racing to keep up. AI-native security tools promise to help—but are they ready for production? In this new 2025 report, Latio Tech puts top AI security vendors to the test against real-world code vulnerabilities. See who detects, who fixes, and who falls short.
Normally paywalled, Amplify Security is offering the full report free for a limited time.

Get the Free Report

Tools


envilder
Envilder is a CLI that securely centralizes your environment variables from AWS SSM as a single source of truth.


hakrawler
Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application.


gubble
Gubble is a tool designed to audit Google Workspace group settings.


mcp-watch
A security scanner for MCP servers that detects vulnerabilities and security issues in your MCP server implementations.


eathar
A program designed to quickly pull some interesting security related information from Kubernetes clusters.

From the cloud providers


#AWS   Implementing just-in-time privileged access to AWS with Microsoft Entra and AWS IAM Identity Center
By using security groups in Entra and mapping them to permission sets in IAM Identity Center, you can automate the provisioning and deprovisioning of privileged access based on defined policies and approval workflows.


#GCP   The Cost of a Call: From Voice Phishing to Data Extortion
UNC6040 uses vishing to impersonate IT support, deceiving victims into granting access to their Salesforce instances.


#GCP   New MCP integrations to Google Cloud Databases
Google announced additional capabilities in Toolbox specifically designed to empower AI-assisted development. Toolbox now makes it easy to connect databases to AI assistants in your IDE.


#GCP   Enhancing Google Cloud protection: 4 new capabilities in Security Command Center
Including agentless scanning for Compute Engine and GKE, Artifact Analysis integration, Threat detection for Cloud Run.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini