Release Date: 05/10/2025 | Issue: 308
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Securing AI Agents 101

AI agents are changing how work gets done. They take on tasks, orchestrate tools, and drive outcomes across environments. Securing AI Agents 101 is a one-page resource to help teams build a clear understanding of what AI agents are, how they operate, and where key security considerations show up. Inside, youโ€™ll find:
  • What makes an AI agent different from traditional tools
  • Top risks to watch, from shadow AI to excessive permissions
  • Four key questions to assess agent usage and exposure
Download the security flashcard and get up to speed quickly

This week's articles


A Security Engineer's Guide to MCP
MCP is quickly becoming the API standard for AI coding agents. That means new attack surfaces, and security engineers need to know how to test them safely.   #ai   #defend   #security   #strategy


MCP Tools: Attack Vectors and Defense Recommendations for Autonomous Agents
This research examines how MCP tools expand the attack surface for autonomous agents, detailing exploit vectors such as tool poisoning, orchestration injection, and rug-pull redefinitions alongside practical defense strategies.   #ai   #defend   #monitor


From MCP to Shell
The article discusses security vulnerabilities in the Model Context Protocol (MCP) that enable remote code execution (RCE) in tools like Claude Code and Gemini CLI.   #attack   #ai


Malicious MCP Server on npm postmark-mcp Harvests Emails
On September 25, 2025, the npm package 'postmark-mcp' was compromised, secretly exfiltrating email contents. Learn about the incident timeline, impact, and immediate mitigation steps, including uninstalling, rotating credentials, and scanning.   #defend   #supply-chain   #ai


Exploiting GitHub Actions at Fortune-100 Companies
Part 2 of Orca's research showing how a single pull request was used to exploit GitHub Actions at Microsoft, Google, and Nvidia, leading to RCE and secret exposure.   #attack   #ci/cd   #defend   #github   #supply-chain


Terraform Search: Deep-Dive
One of the latest additions to Terraform is Terraform search. Although not a feature for directly manipulating your state file, it will likely be involved in the process of bringing existing infrastructure under management by Terraform. This post explains what Terraform search is, how it works, and see a few examples of it in use.   #terraform   #iac   #explain


Critical Vulnerability in AI Vibe Coding platform Base44
The Wiz Blog article discusses a critical vulnerability in the AI-powered vibe coding platform Base44, which was recently acquired by Wix. The vulnerability allowed unauthorized access to private applications by exploiting undocumented registration and email verification endpoints, bypassing authentication controls like Single Sign-On (SSO).   #ai   #attack   #saas   #build

Tools


tokenex
A Go library that securely exchanges identity tokens for temporary cloud credentials, with built-in support for AWS, GCP, Azure, OCI, Kubernetes, and OAuth2. You can also refer to the companion blog post.


OmniProx
IP Rotation from different providers - Like FireProx but for GCP, Azure, Alibaba and CloudFlare.


SAMLSmith
SAMLSmith is a C# tool for generating custom SAML responses and implementing Silver SAML and Golden SAML attacks.


splunk-ad-lab
This project automates the creation of a complete security lab environment for detection engineering and attack simulation.

From the cloud providers


#AWS   How to develop an AWS Security Hub POC
This article guides you through planning and implementing an AWS Security Hub proof of concept, covering value assessment, success criteria definition, configuration, deployment, and validation steps.


#AWS   Billing View now supports cost management data from multiple organizations
AWS announced the general availability of new capabilities within AWS Billing and Cost Management that enable customers to manage their AWS spend across multiple organizations through a single AWS account.


#AWS   Build secure network architectures for generative AI applications using AWS services
Post which reviews the secure network design principles that provide a robust foundation for deploying generative AI applications on AWS while maintaining strong security controls.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini