Release Date: 06/07/2025 | Issue: 295
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor
Stop breaches before they start - with Intruder
Your tech stackβs evolving fast. Can your security keep up? Intruder helps you find and focus on the vulnerabilities that pose the biggest risk to your business. From cloud to apps to infrastructure, get continuous monitoring, smart prioritization, and full visibility into your attack surface. One powerful platform. Top-rated user experience. Built for busy teams.
Here's how Figma scaled Santa, an open-source binary authorization tool, across all their laptops to boost endpoint security while keeping workflows seamless.
#defend #process #strategy
Learn how AWS EventBridge cross-account configurations can create security risks and discover practical guidance to protect your serverless architecture.
#attack #aws
How to use a browser SSO cookie to request Entra ID OAuth tokens and enumerate a target tenant. This technique is useful when a device is not joined to an Entra ID tenant.
#attack #azure #iam
Orca uncovers a privilege escalation risk in Azure Machine Learning pipelines that could allow attackers to run code and access sensitive data.
#attack #azure
The blog discusses techniques for extracting sensitive information from the Azure Load Testing service, which supports Managed Identities for accessing Key Vault entries.
#attack #azure
A leaked credential allowed anyone unauthorized access to all Microsoft tenants of organizations that use Synology's "Active Backup for Microsoft 365" (ABM).
#attack #azure