Release Date: 19/10/2025 | Issue: 310
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor CloudSecList in 2026

Need to reach cloud security decision-makers at companies that matter?

Reach security professionals at Apple, Google, Amazon, Microsoft, and 100+ top companies. Engineers evaluating tools. Architects specifying vendors. Security leaders approving budgets.
4.89/5 subscriber rating.

🔗 cloudseclist.com/sponsor

This week's articles


Supply Chain Risk in VSCode Extension Marketplaces
Wiz Research uncovered 500+ leaked secrets in VSCode and Open VSX extensions, exposing 150K installs to risk.   #attack   #defend   #supply-chain


Commanding attention: How adversaries are abusing AI CLI tools
The article discusses the rising trend of adversaries abusing AI command-line interface (CLI) tools for malicious activities such as credential harvesting, reconnaissance, and data destruction.   #ai   #attack


Anatomy of a BEC in 2025
Business Email Compromise (BEC) incidents are common, and usually start with a suspicious email containing a PDF with a link to a fake Microsoft 365 login page, which tricked the victim into providing credentials and MFA details.   #monitor   #gsuite   #saas


Workload Attestation and Metadata Gathering: Building Trust from the Ground Up
Every SPIFFE ID, certificate, and mTLS handshake at Riptides originates in the Linux kernel and begins with a single question: can we prove who this workload really is? This post explores how process-level evidence becomes the foundation of verifiable trust across the system.   #design   #defend


A Practitioner’s Field Notes on Google Workspace’s Blind Spots
Google Workspace offers strong foundational security, but subtle architectural blind spots in identity, data governance, and app ecosystems, compounded by human factors, create significant risks beyond default protections.   #gsuite   #defend   #saas


Rubygems.org AWS Root Access Event – September 2025
This post details a September 2025 security incident where a former RubyGems.org maintainer retained AWS root access after removal. Ruby Central discovered unauthorized access, reset credentials, and found no evidence of data compromise.   #announcement   #attack   #aws   #supply-chain


Abusing PIM-related application permissions in Microsoft Graph
Escalating to Global Admin via active assignments.

Tools


MFASweep
A tool for checking if MFA is enabled on multiple Microsoft Services.


yams
A Go library, server, and CLI providing foundational capabilities to simulate access for AWS IAM policies.


spec-kit
Toolkit to help you get started with Spec-Driven Development.


aws-s3-cost-explorer
A simple CLI tool to retrieve S3 storage costs and storage tiers for buckets in your AWS account.

From the cloud providers


#AWS   Amazon EC2 instance attestation
Learn how to use NitroTPM for attestation to verify the integrity of your EC2 instances.


#AWS   AWS Transfer Family SFTP connectors now support VPC-based connectivity
AWS Transfer Family SFTP connectors now support VPC-based connectivity, allowing secure file transfers between Amazon S3 and remote SFTP servers through your existing VPC infrastructure without exposing endpoints to the internet.


#AWS   Introducing Amazon EBS Volume Clones: Create instant copies of your EBS volumes
AWS launched Amazon EBS Volume Clones, a new capability that allows users to create instant point-in-time copies of EBS volumes within the same Availability Zone with a single API call, eliminating the previous multi-step process of taking snapshots and creating volumes from them.


#AZURE   Remove Passwords from Microsoft Entra ID
Password scrambling guidance to deploy passwordless and phishing-resistant authentication for organizations that use Microsoft Entra ID.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini