Release Date: 26/10/2025 | Issue: 311
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

This week's articles


Hacking Formula 1: Accessing Max Verstappen's passport and PII through FIA bugs
Researchers discovered a critical vulnerability in FIA's driver categorization website that allowed privilege escalation to admin level. This enabled access to sensitive documents including passports, PII, and communications for F1 drivers like Max Verstappen through a simple HTTP PUT request manipulation.   #attack   #saas


ECS on EC2: Covering Gaps in IMDS Hardening
The article discusses securing ECS on EC2 by blocking IMDS access. IMDSv2 with hop limit 1 only blocks access in bridge mode but not in awsvpc or host modes. Different networking modes require specific configurations to protect against privilege escalation attacks like ECScape.   #aws   #containers   #defend   #iam


CoPhish: Using Microsoft Copilot Studio as a wrapper for OAuth phishing
Copilot Studio links look benign, but they can host content to redirect users to arbitrary URLs. In this post, Datadog documents a method by which a Copilot Studio agent's login settings can redirect a user to any URL, including an OAuth consent attack.   #attack   #azure   #ai


Jingle Thief: Inside a Cloud-Based Gift Card Fraud Campaign
Threat actors behind the gift card fraud campaign Jingle Thief target retail via phishing and smishing, maintaining long-term access in cloud environments.   #attack   #saas


Reducing abuse of Microsoft 365 Exchange Onlineโ€™s Direct Send
Cisco Talos has observed increased activity by malicious actors leveraging Direct Send as part of phishing campaigns. Here's how to strengthen your defenses.   #attack   #defend   #microsoft365   #azure


Google Confidential Space Security Assessment
During the spring of 2025, Google engaged NCC Group to conduct the security assessment of Confidential Space, a cloud-based system designed to provide isolated execution environments for sensitive workloads.   #defend

Sponsor CloudSecList in 2026

Want to reach cloud security decision-makers at companies that matter?

CloudSecList subscribers at Apple, Google, Amazon, Microsoft, and 100+ top companies specifically chose this newsletter for cloud security content. Engineers running POCs. Architects writing RFPs. Security leaders with budget authority.

Now booking 2026: ๐Ÿ”— cloudseclist.com/sponsor

Tools


LME
An open source platform that centralizes log collection, enhances threat detection, and enables real-time alerting, helping small to medium-sized organizations secure their infrastructure.


auth0-checkmate
A command-line utility that performs configuration checks on your Auth0 tenant. It helps ensure your tenant is securely and correctly configured by validating key settings and generating a detailed report. You can also refer to the companion blog post.


Terramaid
A utility for generating Mermaid diagrams from Terraform configurations.


vt-cli
VirusTotal Command Line Interface.


DeepPass2
Multi-layered secret detection tool combining regex patterns, fine-tuned BERT model, and LLM verification to identify structured tokens and context-dependent passwords in documents.

From the cloud providers


#AWS   Summary of the Amazon DynamoDB Service Disruption in Northern Virginia (US-EAST-1) Region
This article summarizes the Amazon DynamoDB service disruption in Northern Virginia (US-EAST-1) Region on October 19-20, 2025. The incident, caused by a DNS management system defect, affected DynamoDB, EC2 instance launches, Network Load Balancer connections, and numerous dependent AWS services.


#AWS   How to choose the right AWS service for managing secrets and configurations
A comparison of AWS services for managing secrets and configurations: Secrets Manager for credentials requiring rotation, Parameter Store for simple key-value pairs, and AppConfig for feature flags with deployment controls. Each service has distinct pricing, security features, and use cases.


#AWS   Using AWS Secrets Manager Agent with Amazon EKS
AWS Secrets Manager Agent for Amazon EKS provides a language-agnostic HTTP interface that runs locally within containers. It improves application availability by fetching secrets from local cache instead of direct API calls, and implements post-quantum cryptography protection via ML-KEM key exchange.


#GCP   Whatโ€™s new in Cloud Armor: Innovations to boost security posture, threat protection
New capabilities in Cloud Armor offer more comprehensive security policies and granular network configuration controls.


#AZURE   Inside the attack chain: Threat activity targeting Azure Blob Storage
Blog outlining some of the unique threats associated with the data storage layer, including relevant stages of the attack chain for Blob Storage to connect these risks to actionable Azure Security controls and applicable security recommendations.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini