Release Date: 14/12/2025 | Issue: 318
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
๐ŸŽ„ Holiday Break ๐ŸŽ„
After this issue, I will take a couple weeks off to disconnect and recharge.
CloudSecList will return in January!

This week's articles


Startup Engineering Team Organisation
Pros and cons of various team structures for startups.   #strategy


Shifting left at enterprise scale: how we manage Cloudflare with Infrastructure as Code
Cloudflare has shifted to Infrastructure as Code and policy enforcement to manage internal Cloudflare accounts. This new architecture uses Terraform, custom tooling, and Open Policy Agent to enforce security baselines and increase engineering velocity.   #iac   #terraform   #cloudflare   #strategy   #ci/cd


Zombie Workflows: A GitHub Actions horror story
This article discusses "Zombie Workflows," a GitHub Actions vulnerability pattern where attackers exploit old workflow versions in non-default branches even after fixes are applied to the main branch. SonarSource found 67 such vulnerabilities across popular repositories; GitHub mitigated this by changing workflow execution defaults.   #attack   #ci/cd   #supply-chain


AWS Lambda Managed Instances: A Security Overview
An initial security overview of AWS Lambda Managed Instances, exploring the Bottlerocket-based architecture, the 'Elevator' components, and security insights for this new compute model.   #aws   #containers   #explain   #design


All Paths Lead to Your Cloud: A Mapping of Initial Access Vectors to Your AWS Environment
Post which analyzes AWS initial access vectors through identity-driven misconfigurations, categorizing them into service exposure (Lambda, EC2, ECR, DataSync) and access by design (IAM/STS, IoT, Cognito) vulnerabilities that compromise cloud perimeter security.   #aws   #attack   #defend


Investigating an adversary-in-the-middle phishing campaign targeting Microsoft 365 and Okta users
Datadog identified an active adversary-in-the-middle phishing campaign targeting Microsoft 365 and Okta users. The campaign uses lookalike domains, proxies legitimate authentication pages, injects JavaScript to steal credentials and session tokens, and can bypass non-phishing-resistant MFA.   #attack   #defend   #azure   #saas


Code to Cloud Attacks: Github PAT to Cloud Control Plane
How attackers are leveraging compromised employee GitHub Personal Access Tokens to compromise cloud environments.   #attack   #ci/cd


Exploiting AWS IAM Eventual Consistency for Persistence
AWS IAM eventual consistency creates a 4-second window where deleted AWS access keys can still work. Learn how attackers exploit this and how to mitigate it.   #aws   #iam   #attack   #defend


React2Shell Deep Dive: CVE-2025-55182 Exploit Mechanics
A technical deep dive into React2Shell (CVE-2025-55182): deserialization bugs, gadget-chains, framework-wide impact, and real-world exploitation data.   #attack   #explain   #supply-chain

Sponsor CloudSecList in 2026

If you want to get your product in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, take a look at:
๐Ÿ”— cloudseclist.com/sponsor

Tools


dyana
A sandbox environment designed for loading, running and profiling a wide range of files, including machine learning models, ELFs, Pickle, Javascript and more.


sq
A command line tool that provides jq-style access to structured data sources: SQL databases, or document formats like CSV or Excel.


owasp-social-osint-agent
An autonomous OSINT agent for social media using any OpenAI-compatible API for deep analysis and reporting.


ludus_scom
An Ansible collection that installs a SCOM deployment with optional configurations.

From the cloud providers


#AWS   AWS Builder Center
A portal collecting hands-on workshops crafted by AWS experts to gain practical experience and solve real business challenges.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini