Release Date: 15/06/2025 | Issue: 292
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Datadog Detect On-Demand

Check out Datadog Detect on-demand! Our first ever virtual conference featuring speakers from Snowflake, FireMon, Datadog and more. The sessions explore:
  • How to structure and deploy Detection-as-Code for repeatability and scale
  • Lessons from teams tackling alert fatigue and detection burnout
  • Behind-the-scenes practices for building high-signal, low-noise detections
Watch now

This week's articles


Reverse Engineering Cursor's LLM Client
This blog post demonstrates how to reverse-engineered Cursor's LLM client by setting up TensorZero as a self-hosted proxy service, enabling you to observe, analyze, and experiment with different LLM models while maintaining the full Cursor experience.   #ai   #explain


Secure AI Vibe Coding with Rules Files
Learn how to use open-source rules files to improve the security of AI-powered coding tools like Copilot, Claude, and Cursor.   #ai   #defend


OneLogin, Many Issues: How I Pivoted from a Trial Tenant to Compromising Customer Signing Keys
Critical vulnerabilities in OneLogin's AD Connector leaked authentication credentials, enabling account impersonation.   #attack   #iam   #saas


GitHub Device Code Phishing
What if all it took to compromise a GitHub organization, and thus the organization's supply chain, was an eight-digit code and a phone call?   #attack   #ci/cd   #supply-chain


Fine-Tuning a Small Language Model for Secrets Detection
Wiz fine-tuned a 1B LLM to detect secrets in code with 86% precision, outperforming regex-based methods while staying lean, private, and CPU-efficient.   #ai   #defend


Persisting Unseen: Defending against Entra ID persistence
Post covering some methods attackers may use now or in the near future to maintain access to Entra ID (formerly Azure AD) once they've obtained a privileged foothold.   #attack   #azure


The Evolution of Linux Binaries in Targeted Cloud Operations
PaloAlto predicts a surge in cloud attacks leveraging reworked Linux Executable and Linkage Format (ELF) files.   #attack   #strategy


Roles Here? Roles There? Roles Anywhere: Exploring the Security of AWS IAM Roles Anywhere
This examination of the AWS Roles Anywhere service looks at potential risks, analyzed from both defender and attacker perspectives.   #attack   #aws   #defend   #iam


Breaking down EchoLeak, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilot
The first weaponizable zero-click attack chain on an AI agent, resulting in the complete compromise of Copilot data integrity.   #ai   #attack

๐Ÿ“™ [The CloudSec Engineer] One Year Sale

To celebrate the first anniversary of The CloudSec Engineer,
the book is now discounted till the end of July!

Learn more

Tools


Git-Heat-Map
Visualise a git repository by diff activity.


container
A tool for creating and running Linux containers using lightweight virtual machines on a Mac.


microsandbox
Self-Hosted Platform for Secure Execution of Untrusted User/AI Code.


mcp-security
Google Security Operations and Threat Intelligence MCP Server.

From the cloud providers


#AWS   Introducing AWS API models and publicly available resources for AWS API definitions
AWS now provides daily updates of Smithy API models on GitHub, enabling developers to build custom SDK clients, understand AWS API behaviors, and create developer tools for better AWS service integration.


#AWS   Introducing the AWS Security Champion Knowledge Path and digital badge
The Security Champion Knowledge path is an educational framework designed to empower developers and software engineers with essential AWS cloud security knowledge and best practices.


#AWS   How to use on-demand rotation for AWS KMS imported keys
AWS announced support for on-demand rotation of symmetric encryption AWS Key Management Service (AWS KMS) keys with imported key material (EXTERNAL origin). This new capability enables you to rotate the cryptographic key material of these keys without changing the key identifier.


#AWS   Identity-provider controls for shared OIDC providers
AWS now requires specific claims in IAM role trust policies using OIDC for new/updated roles.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini