Release Date: 17/08/2025 | Issue: 301
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

When AI agents act like humans, they need to identify like humans

As LLMs and agents act on behalf of users through MCP-based systems, the security paradigm is shifting toward treating AI agents like human users, requiring the same principles of least privilege, credential management, and behavioral visibility that teams have long applied to protect against insider threats. Learn more about extending infrastructure identity governance to AI systems and turning MCP deployments into controlled, auditable, and compliant AI infrastructure components below.

Securing MCP with Teleport and AWS

This week's articles


Under the Hood of Amazon ECS on EC2: Agents, IAM Roles, and Task Isolation | Naor Haziz
This deep-dive explores Amazon ECS on EC2's internals, focusing on the ECS agent's role, IAM credential delivery mechanisms, and task isolation boundaries between containers sharing the same host.   #aws   #containers   #explain


ECScape: Understanding IAM Privilege Boundaries in Amazon ECS
This article details "ECScape," a technique allowing malicious containers in Amazon ECS to steal IAM credentials from other tasks on shared EC2 hosts by impersonating the ECS agent's control plane connection.   #attack   #aws   #containers


Salesforce OAuth Exploit: Malicious Data Loader Impersonation
Learn how attackers impersonated Salesforce's Data Loader app, bypassed OAuth trust, and exfiltrated CRM data.   #attack   #saas


Cracking the Vault: how we found zero-day flaws in authentication, identity, and authorization in HashiCorp Vault
The flaws allow attackers to bypass lockouts, evade policy checks, impersonate users, escalate privileges to root level, and execute remote code, leading to full system takeover.   #attack   #vault


OAuthSeeker: Leveraging OAuth Phishing for Initial Access and Lateral Movement on Red Team Engagements
The Praetoran Labs team researched initial access vectors for red team engagements, focusing on malicious applications distributed through platforms like the Microsoft Store, including OAuth applications and malicious Outlook extensions.   #attack   #azure


ISO 27001:2022 Requirements Explained for 2025
This blog breaks down ISO 27001 requirements in 2025, and what's changed from 2013 to 2022.   #explain

Tools


ATEAM
A Python reconnaissance tool designed to discover Azure services and attribute tenant ownership information based on their responses.


data-formulator
Create rich visualizations with AI .


zizmor
A static analysis tool for GitHub Actions.


run-gemini-cli
A GitHub Action invoking the Gemini CLI.


pqcscan
Post-Quantum Cryptography Scanner - Scan SSH/TLS servers for PQC support.

From the cloud providers


#AWS   Amazon EC2 defenses against L1TF Reloaded
The guest data of AWS customers running on the AWS Nitro System and Nitro Hypervisor is not at risk from a new attack dubbed L1TF Reloaded. No additional action is required by AWS customers.


#AWS   Malware analysis on AWS: Setting up a secure environment
The basic steps to build isolated sandbox environments, robust security controls, and proper monitoring policies to safely analyze malware.


#AWS   Introducing AWS Cloud Control API MCP Server
This MCP server allows to create, read, update, delete, and list resources using natural language.


#GCP   Introducing Looker MCP Server
Looker Model Context Protocol (MCP) Server integrates with MCP Toolbox for Databases to help AI apps such as chatbots to connect to trusted data.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini