Release Date: 09/11/2025 | Issue: 313
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

The 2026 CISO Budget Benchmark

It’s budget season! Over 300 CISOs and security leaders have shared how they’re planning, spending, and prioritizing for the year ahead. This report compiles their insights, allowing readers to benchmark strategies, identify emerging trends, and compare their priorities as they head into 2026.
Learn how top leaders are turning investment into measurable impact.

Get the Report

This week's articles


What data do coding agents send, and where to?
Researchers analyzed network traffic from seven popular coding agents to determine data transmission, telemetry patterns, and privacy implications.   #ai   #supply-chain   #monitor


Mercari’s Phishing-Resistant Accounts with Passkey
Rather than offering passkeys as an optional authentication method, Mercari created phishing-resistant accounts that systematically eliminate password-based authentication.   #defend   #iam


Crimson Collective: A New Threat Group Observed Operating in the Cloud
Rapid7 has observed increased activity of a new threat group attacking AWS cloud environments, Crimson Collective, who recently claimed to have stolen private repositories from Red Hat's GitLab.   #aws   #attack   #supply-chain   #iam


Hacking India’s largest automaker: Tata Motors
Security researchers discovered multiple critical vulnerabilities in Tata Motors' systems: exposed AWS keys revealed 70+ TB of sensitive data across hundreds of buckets, a Tableau backdoor enabled passwordless admin access, and leaked API credentials compromised fleet management systems.   #attack   #iam   #saas


oss-sec: runc container breakouts via procfs writes: CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881
Three high-severity runc vulnerabilities enable container breakouts through procfs write bypasses. Attackers exploit race conditions in masked paths, /dev/console mounts, and LSM label writes to access dangerous procfs files like core_pattern. Patches released in runc v1.2.8, v1.3.3, and v1.4.0-rc.3.   #containers   #kubernetes   #attack


Breaking Into GitLab: Attacking and Defending Self-Hosted CI/CD Environments
This article demonstrates exploiting self-hosted GitLab by hijacking instance runners with shell executors to gain remote access, exfiltrate secrets from pipeline files, steal IAM credentials from AWS metadata service, and pivot laterally using SSM permissions for cloud infrastructure compromise.   #ci/cd   #attack


Immutable releases are now generally available
GitHub releases now support immutability, adding a new layer of supply chain security. With immutable releases, assets and tags are protected from tampering after publication, so the software you publish remains secure and trustworthy.   #announcement   #ci/cd

Tools


SlopGuard
Detects AI-hallucinated package dependencies and supply chain attacks.


False-Positive-Center
Repository to help security vendors deal with false positives.


vt-py
The official Python 3 client library for VirusTotal.


RestrictedPython
A restricted execution environment for Python to run untrusted code.


gpts-compliance-insight
A CLI tool that automatically generates clear, concise, and structured reports about your GPT configurations, shared users, and linked files.

From the cloud providers


#AWS   Migrating from Open Policy Agent to Amazon Verified Permissions
Post exploring the process of migrating from OPA and Rego to Verified Permissions and Cedar, including policy translation strategies, software development and testing approaches, and deployment considerations.


#AWS   Authorizing access to data with RAG implementations
An architecture pattern for providing strong authorization for results returned from knowledge bases with a walkthrough example of this using Amazon S3 Access Grants with Amazon Bedrock Knowledge Bases.


#AWS   Introducing AWS Capabilities by Region for easier Regional planning and faster global deployment
AWS Capabilities by Region is a new planning tool that provides detailed visibility into AWS services, features, APIs, and CloudFormation resources across different AWS Regions, helping customers make informed decisions for global deployments and prevent costly rework through side-by-side regional comparisons and forward-looking roadmap information.


#GCP   How Google Does It: Threat modeling, from basics to AI
Google's threat modeling process follows four key questions: identifying scope, enumerating potential threats using STRIDE methodology and threat libraries, operationalizing mitigations through defensive controls and offensive red team activities, and continuously updating models through review processes and AI-powered automation with Gemini.


#GCP   Whitepaper: Securing Identities in the Microsoft Cloud
This whitepaper presents a unified, risk-based privilege framework for securing identities and roles in Microsoft Entra ID and Azure. It is designed for large organizations with a need to balance security controls with administrative usability and operational efficiency.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini