Release Date: 22/06/2025 | Issue: 293
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Secure Your Cloud, Inside and Out
You’re managing cloud services, applications, APIs, and infrastructure - but still guessing where the real risks are. Intruder gives you a complete view across your tech stack, built to save time and reduce noise.
  • βœ… Discover misconfigurations, vulnerabilities, and newly exposed assets across your cloud, apps, and infrastructure
  • βœ… Prioritize the risks that pose real threats to your business
  • βœ… Mobilize your team with clear, expert guidance to fix issues fast
Start your free trial

This week's articles


Leaking Secrets in the Age of AI
Sensitive AI secrets are showing up in public code repositories at alarming rates. A scan from Wiz uncovered key leakage patterns and practices that must change.   #ai   #defend


When Caching Hides the Truth: A VPC Service Controls & Artifact Registry Tale
To mitigate potential impacts of Docker Hub rate limits and improve supply chain security, Mercari has undertaken a project to launch an in-house Docker registry and migrate their production infrastructure over to pull from the registry.   #build   #ci/cd   #containers


Uncovering Nytheon AI - A New Platform of Uncensored LLMs
Cato CTRL observed an emerging platform on Tor called Nytheon AI that combines various technologies and LLM jailbreaks to create a suite of uncensored LLMs to facilitate malicious activities.   #ai   #attack


Asana Discloses Data Exposure Bug in MCP Server
Asana identified a bug in its Model Context Protocol (MCP) server that may have exposed data to MCP users in other Asana accounts.   #ai   #attack   #saas


Slack Audit Logs and Anomalies
What are Slack Audit Logs? Like many Software as a Service (SaaS) offerings, Slack provides audit logs to Enterprise Grid customers that record when entities take an action on the platform. For example, when a user logs in, when a user updates their profile, when an app downloads a file, etc.   #explain   #monitor


Securing Amazon Redshift
How to manage access in Amazon Redshift, focusing on best practices for security.   #aws   #defend   #iam


Terraform AWS provider 6.0 now generally available
Version 6.0 of the Terraform AWS provider is now generally available. Along with bugfixes, the latest update brings enhanced multi-region support and other workflow improvements.   #announcement   #iac   #terraform

Tools


threat-designer
A GenerativeAI application designed to automate and streamline the threat modeling process for secure system design.


slack-export-viewer
A Slack Export archive viewer that allows you to easily view and share your Slack team's export.


container-use
Development environments for coding agents. Enable multiple agents to work safely and independently with your preferred stack.


playwright-mcp
A Model Context Protocol (MCP) server that provides browser automation capabilities using Playwright.

From the cloud providers


#AWS   Amazon GuardDuty expands Extended Threat Detection coverage to Amazon EKS clusters
GuardDuty Extended Threat Detection introduces a new critical severity finding type, which automatically correlates security signals across Amazon EKS audit logs, runtime behaviors of processes associated with EKS clusters, malware execution in EKS clusters, and AWS API activity to identify sophisticated attack patterns that might otherwise go unnoticed.


#AWS   AWS Backup adds new Multi-party approval for logically air-gapped vaults
Multi-party approval for AWS Backup logically air-gapped vaults enables organizations to recover their backup data even when their AWS account is compromised, by creating approval teams of trusted individuals who can authorize vault sharing with a recovery account through a separate authentication path.


#AWS   Unify your security with the new AWS Security Hub for risk prioritization and response at scale
Amazon announced the preview release of the new AWS Security Hub which offers additional correlation, contextualization, and visualization capabilities.


#AWS   New AWS Shield feature discovers network security issues before they can be exploited
Shield network security posture management automatically discovers and analyzes network resources across AWS accounts, prioritizes security risks based on AWS best practices, and provides actionable remediation recommendations to protect applications against threats like SQL injections and DDoS attacks.


#AWS   Verify internal access to critical AWS resources with new IAM Access Analyzer capabilities
A new capability in IAM Access Analyzer helps security teams verify which principals within their AWS organization have access to critical resources like S3 buckets, DynamoDB tables, and RDS snapshots by using automated reasoning to evaluate multiple policies and provide findings through a unified dashboard.


#GCP   Mitigating prompt injection attacks with a layered defense strategy
Key components of this strategy include model hardening, machine learning models for detecting malicious instructions, and user confirmation frameworks to ensure secure interactions.


#GCP   How Google Cloud is securing open-source credentials at scale
Google developed a tool to scan open-source package and image files by default for leaked Google Cloud credentials to help protect Google Cloud customers who publish open-source artifacts.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present CloudSecList Β· Marco Lancini