Release Date: 29/06/2025 | Issue: 294
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

AI Security That Actually Fixes Code
Amplify Security is now GA, fresh off being named a top performer in Latio Tech’s 2025 AI Auto-Fixing Guide. Unlike noisy scanners or vague LLM tools, Amplify delivers:
  • βœ” Production-ready fixes straight to your PRs
  • βœ” Seamless GitHub/GitLab integration
  • βœ” High accuracy, minimal developer disruption
Amplify Security is offering a 60-day free trial to CloudSecList readers.
See what real AI-powered AppSec looks like

This week's articles


Why IAM demands an AttackGraph First Approach
Discover why traditional IAM efforts fall short and how an Attack Graph First approach reframes identity risk to drive effective security.   #defend   #iam   #strategy


The Future of Threat Emulation: Building AI Agents that Hunt Like Cloud Adversaries
Exploring the breakthrough potential and emerging risks of AI agents that can autonomously discover and exploit complex AWS attack chains.   #ai   #aws   #defend   #monitor


Sign in with your eID: Using AWS IAM Roles Anywhere with a SmartCard Reader
A fun experiment: the Belgian eID, which includes an authentication certificate, can be utilized to authenticate users without requiring extensive certificate management.   #aws   #iam


Semgrep: Comparing Pro vs. Community
A research demonstrating that Semgrep Code identifies more findings than Semgrep Community Edition, in the tested open-source projects.   #ci/cd   #defend


Slashing CI Costs at Uber
This blog describes how Uber enhanced SubmitQueue to slash CI resource usage by 53% and speed up wait times by 37%, all while keeping mainlines green.   #build   #ci/cd


JA3 and JA4 Fingerprints in AWS WAF and Beyond
This article discusses JA3 and JA4 fingerprints, including how they can be useful across cloud services, and how to use them with AWS WAF.   #aws   #defend


Microsoft Entra ID OAuth Phishing and Detections
This article explores OAuth phishing and token-based abuse in Microsoft Entra ID. Through emulation and analysis of tokens, scope, and device behavior during sign-in activity, it surfaces high-fidelity signals defenders can use to detect and hunt for OAuth misuse.   #azure   #elastic   #monitor


Kubernetes security fundamentals: Networking
A look at how network security works in Kubernetes.   #explain   #kubernetes

πŸ“™ [The CloudSec Engineer] One Year Sale

To celebrate the first anniversary of The CloudSec Engineer,
the book is now discounted till the end of July!

Learn more

Tools


gcp-oidc-aws
A Terraform module that creates a GCP Workload Identity Federation to allow AWS workloads to authenticate to GCP via a GCP Service Account, without storing service account keys.


codex
Lightweight coding agent that runs in your terminal.


seccomp-diff
Analyze binaries and containers to extract and disassemble seccomp-bpf profiles.


MCP-Security-Checklist
A comprehensive security checklist for MCP-based AI tools.

From the cloud providers


#AWS   How to prioritize security risks using AWS Security Hub exposure findings
The enhanced Security Hub now uses advanced analytics to automatically correlate, enrich, and prioritize security signals across your cloud environment.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present CloudSecList Β· Marco Lancini