Release Date: 16/11/2025 | Issue: 314
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Help shape CloudSecList in 2026

I need your input. CloudSecList has been running for 6 years, and I want to make sure it's delivering what you actually need. I'm running a short reader survey that covers what's working, what's not, and where you want this newsletter to go.

Your feedback will directly influence content, format, and topics in 2026.
Plus, I'm giving away three Β£50 Amazon gift cards to random respondents.

Take the 5-minute survey β†’ survey.cloudseclist.com

This week's articles


The log rings don’t lie: historical enumeration in plain sight
Logs aren't just for defenders. This research explores how attackers exploit cloud audit logs for enumeration and reconnaissance across AWS, Azure, and GCP, and how to detect and defend.   #attack   #aws   #azure   #gcp   #monitor


Hacking Gemini: A Multi-Layered Approach
The article describes exploiting multi-layered architecture discrepancies in Gemini to bypass Markdown sanitization. The researcher achieved image injection through linkification quirks and context bridges (Gemini-to-Colab), enabling workspace data exfiltration via indirect prompt injection despite existing protections.   #ai   #attack   #saas   #gcp


GitHub Actions Security: A Guide to Common Risks
This article examines GitHub Actions security risks including secrets management failures, overprivileged tokens, dependency pinning issues, supply chain attacks via compromised actions, script injection, workflow injection through pull requests, artifact poisoning, and self-hosted runner compromise.   #ci/cd   #attack   #supply-chain


awesome-annual-security-reports
A curated list of annual cyber security reports.   None


Managing AWS SSM Parameters with Terraform with External Updates
How to manage AWS SSM Parameters with Terraform using the lifecycle "ignore_changes" meta-argument, allowing external processes to update parameter values without Terraform reverting them on subsequent applies.   #aws   #terraform   #iac   #build


The Sins of Security Vendor Research
A post which critiques security vendor research practices, identifying four common pitfalls: using fear-based marketing tactics, falsely claiming novelty while ignoring prior work, making unsupported statistical correlations, and compromising editorial integrity for marketing purposes.   #process   #strategy


Towards a secure by default GitHub Actions
GitHub announces security changes to pull_request_target event and environment protection rules, effective December 8, 2025, to reduce vulnerabilities and make Actions more secure by default.   #announcement   #ci/cd   #defend


Public Report: Google Private AI Compute Review
NCC Group conducted a 100 person-day security review of Google's Private AI Compute system across two phases, evaluating architecture, cryptography, attestation, IP-blinding relay, T-Log system, and frontend components to ensure cloud-based AI processing maintains local-only privacy guarantees.   #ai   #gcp   #attack   #defend

Tools


teams-cookies-bof
Steal cookies for Microsoft Teams.


vnc-browser
A ready to use, minimal, customizable docker image designed to provide a lightweight and secure environment for browsing the web via VNC.


mac_apt
MacOS (& ios) Artifact Parsing Tool.


opengrep
Static code analysis engine to find security issues in code.

From the cloud providers


#AWS   AWS Control Tower supports automatic enrollment of accounts
Customers are no longer required to manually update accounts or re-register OUs when migrating accounts or making changes to their OU structure. When an account is moved to a new OU, AWS Control Tower automatically enrolls the account, applying the baseline configurations and controls from the new OU and removing those from the original OU.


#AWS   Secure EKS clusters with the new support for Amazon EKS in AWS Backup
AWS Backup now supports Amazon EKS, providing a fully managed, centralized solution to back up and restore Kubernetes clusters and application data without requiring custom scripts or third-party tools.


#AWS   AWS KMS now supports Edwards-curve Digital Signature Algorithm (EdDSA) - AWS
With this new capability, you can create an elliptic curve asymmetric KMS key or data key pairs to sign and verify EdDSA signatures using the Edwards25519 curve (Ed25519).


#GCP   Private AI Compute: our next step in building private and helpful AI
Google introduces Private AI Compute, a cloud AI processing platform combining Gemini models with on-device-level privacy protections. It uses hardware-secured enclaves, remote attestation, and encryption to ensure personal data remains inaccessible to anyone, including Google, while enabling faster, more capable AI experiences.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present CloudSecList Β· Marco Lancini