Release Date: 10/08/2025 | Issue: 300
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Protect Your Google Workspace with Purpose-Built Security

Built specifically for Google Workspace, Material is a detection and response platform that protects Gmail, Google Drive, and accounts by proactively eliminating security gaps, stopping misconfigurations, and preventing shadow IT before they turn into costly problems. With real-time monitoring and automatic fixes, Material keeps your workspace secure with minimal effort, reducing human error and freeing up your team to focus on work that matters.

Start securing your Google Workspace today!

This week's articles


Uncovering memory corruption in NVIDIA Triton
This post details how a new Trail of Bits engineer discovered two memory corruption vulnerabilities in NVIDIA's Triton Inference Server using Semgrep analysis and HTTP chunked transfer encoding exploitation.   #ai   #attack


Breaking NVIDIA Triton: A Vulnerability Chain Leading to AI Server Takeover
Wiz Research discovers a critical vulnerability chain allowing unauthenticated attackers to take over NVIDIA's Triton Inference Server.   #ai   #attack


Prompt injection engineering for attackers: Exploiting GitHub Copilot
This post demonstrates how to craft a prompt injection exploit targeting GitHub Copilot by hiding malicious instructions in HTML picture tags within GitHub issues to inject backdoors.   #ai   #attack


MCPoison Cursor IDE: Persistent Code Execution via MCP Trust Bypass
Researchers found that once an MCP configuration is approved, subsequent modifications to its commands or arguments are executed without additional user prompts or validations.   #ai   #attack


Breaking Down Azure DevOps: Techniques for Extracting Pipeline Credentials
This article explores techniques for extracting credentials from Azure DevOps pipelines, including workload identity federation tokens and service connection secrets, while discussing potential impacts on Terraform Cloud and GitHub resources.   #attack   #azure   #ci/cd


The Security Principles Guiding 1Password's Approach to AI
Here are the security principles that will guide how 1Password builds, adopts, and integrates AI, today and in the future.   #ai   #strategy

Sponsor

Join 150+ cybersecurity leaders at CISO New York 2025, taking place September 9 in NYC!

This one-day, high-impact event brings together CISOs and InfoSec leaders from end-user organizations to explore DevSecOps, cloud security, AI-driven threats, and more. Don’t miss this opportunity to connect, learn, and lead the future of cybersecurity. Free registration available for InfoSec executives from non-vendor companies.

Register Now

Tools


claude-code-action
A general-purpose Claude Code action for GitHub PRs and issues that can answer questions and implement code changes.


claude-code-security-review
An AI-powered security review GitHub Action using Claude to analyze code changes for security vulnerabilities.


turnt
A tool designed for smuggling interactive command and control traffic through legitimate TURN servers hosted by reputable providers such as Zoom. You canl also refer to the companion blog post.


mcp-context-protector
MCP security wrapper. You can also refer to the companion blog post.


aws-size
Checks Hard to Find Size Limits and Usage for AWS such as AWS IAM. You can also refer to the companion blog post.


semgrep-rules
A collection of Semgrep rules to facilitate vulnerability research.

From the cloud providers


#AWS   Implementing Defense-in-Depth Security for AWS CodeBuild Pipelines
Key points include understanding webhook configurations, establishing trust boundaries, and implementing least-privilege access.


#AWS   Secure file sharing solutions in AWS: A security and cost analysis guide
Securely share sensitive data with time-limited, nonce-enhanced presigned URLs that prevent replay attacks, minimizing exposure risks through granular access controls and rigorous monitoring.


#AWS   Secure file sharing solutions in AWS: A security and cost analysis guide: Part 2
In this second part of a two-part post, you can learn about multiple solutions for secure file sharing using AWS services and the pros and cons of each.


#GCP   Introducing Google Cloud Setup
Google Cloud Setup helps you quickly implement a robust cloud foundation based on recommended best practices, to get up and running quickly.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present CloudSecList Β· Marco Lancini