Release Date: 12/10/2025 | Issue: 309
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

No More Babysitting the Security of Your Google Workspace

While your employees communicate via email and access sensitive files, Material quietly contains what’s lying in wait—phishing attacks in Gmail, exposed Drive files, and suspicious account activity. Agentless and API-first, it stops attacks and triages user reports with AI while running safe, automatic fixes so you don’t have to hover.
Search everything in seconds, stream alerts to your SIEM, and audit with detailed access logs. 24/7 autopilot security—no extra headcount, no constant hand-holding.

Simplify Your Google Workspace Security

This week's articles


Crimson Collective: A New Threat Group Observed Operating in the Cloud
Rapid7 has observed increased activity of a new threat group attacking AWS cloud environments, Crimson Collective, who recently claimed to have stolen private repositories from Red Hat's GitLab.   #attack   #aws   #ci/cd


The Clean Source Principle and the Future of Identity Security
The Clean Source Principle gives us a simple but powerful lens: security dependencies must be as trustworthy as the objects they secure. When that rule is violated, attack paths emerge. An exploration of GitHub, Entra, and Active Directory shows how easily these violations occur, and how they compound across platforms.   #attack   #defend   #supply-chain


Wiz Finds Critical Redis RCE Vulnerability: CVE‑2025‑49844
This article details a critical Redis vulnerability (CVE-2025-49844) discovered by Wiz Research that allows attackers to escape the Lua sandbox and execute arbitrary code on hosts. The 13-year-old bug affects all Redis versions and has a CVSS score of 10.0.   #attack


Database Ransomware: How It Works and How to Stop It
Attackers are skipping malware and extorting orgs through exposed databases. Learn how these attacks work, who's affected, and how to defend your environment.   #attack   #defend   #explain


Do you feel in control? Analysis of AWS CloudControl API as an attack tool
Abusing AWS CloudControl API to stealthily enumerate resources, persist in accounts, and evade detection.   #aws   #attack


Terraform Actions: Deep-Dive
With Terraform actions you can now perform operations outside of the normal CRUD (Create-Read-Update-Delete) workflow of Terraform. Enabling operations that interact with your resources in ways you normally use other tools for, e.g. Ansible.   #terraform   #iac   #explain


Cosign v3 is now available
This article announces Cosign v3, which makes new capabilities like offline verification, key rotation, and transparency log sharding on by default, with plans for Cosign v4 to remove old functionality entirely.   #announcement   #supply-chain


Auditing user activity in pods and nodes with the Security-Profiles-Operator
This article introduces Security-Profiles-Operator's new audit logging feature, which addresses a security gap by recording user activities inside containers and on host nodes during kubectl debugging sessions, providing detailed JSON logs for compliance and incident investigation.   #kubernetes   #monitor

Tools


libsigv4
A highly portable AWS SigV4 C implementation.


honeybee
HoneyBee is a tool for creating misconfigured environments to test vulnerabilities in technologies like Jenkins, Jupyter Notebook, and more. You can also refer to the companion blog post.


aws-extend-switch-roles
Extend your AWS IAM switching roles by Chrome extension, Firefox add-on, or Edge add-on.


auditkit
Open-source compliance scanner for AWS, Azure, and M365 with auditor-ready evidence collection guides.


agent
Open-source agent for AI-ready privilege access management (PAM) and just-in-time access (JIT) to cloud infrastructure, SaaS applications and local systems.

From the cloud providers


#AWS   New AWS whitepaper: Security Overview of Amazon EKS Auto Mode
The whitepaper covers the core security principles of Amazon EKS Auto Mode, highlighting its unique approach to managing Kubernetes clusters.


#AWS   AWS IAM Identity Center now supports customer-managed KMS keys for encryption at rest
Gain control over encryption and comply with regulations using customer-managed keys for AWS IAM Identity Center's user data and passwords.


#AWS   IMDS impersonation
AWS is aware of a potential Instance Metadata Service (IMDS) impersonation issue that would lead to customers interacting with unexpected AWS accounts.


#GCP   Announcing quantum-safe Key Encapsulation Mechanisms in Cloud KMS
GCP now supports post-quantum Key Encapsulation Mechanisms in Cloud KMS, in preview, enabling customers to begin migrating to a post-quantum world.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini