Release Date: 18/01/2026 | Issue: 321
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

When your CEO calls, will you know it's real?

Today's phishing attacks involve AI voices, videos, and deepfakes of company executives. Adaptive Security is the first security awareness platform built to stop AI-powered social engineering. Adaptive protects your team with:
  • AI-driven risk scoring that reveals what attackers can learn from public data
  • Deepfake attack simulations featuring your own executives
  • Interactive, customizable training content
Book a Demo

This week's articles


How threat actors are using self-hosted GitHub Actions runners as backdoors
Sysdig Threat Research Team discovered attackers exploiting self-hosted GitHub Actions runners as persistent backdoors. The Shai-Hulud worm demonstrated this by installing rogue runners on compromised machines, using vulnerable workflows with command injection for persistence across workflow executions via discussions as C2 channels.   #attack   #ci/cd   #supply-chain


Phishing actors exploit complex routing and misconfigurations to spoof domains
Phishing actors exploit complex email routing and SPF/DMARC misconfigurations to spoof organizations' domains, delivering credential phishing and financial scams. Attacks bypass protections when MX records don't point to Office 365 and third-party connectors aren't properly configured.   #attack   #saas


A Brief Deep-Dive into Attacking and Defending Kubernetes
This article covers Kubernetes attack and defense techniques. Explores Kubernetes components (API Server, ETCD, kubelet), attack vectors including unauthenticated API access, RBAC misconfigurations, ServiceAccount token abuse, malicious admission controllers, CoreDNS poisoning, writable volume mounts, ETCD compromise, and certificate authority exploitation.   #attack   #defend   #kubernetes


Preparing for Post-Quantum Cryptography
Learn what post-quantum cryptography is, why quantum computers threaten today's encryption, and how to start preparing your environment now.   #explain   #strategy   #defend


Unauthenticated Cluster Takeover in AWS ROSA
A critical vulnerability in AWS ROSA Classic allowed unauthenticated attackers to discover clusters via Certificate Transparency logs, extract cluster UUIDs and owner emails from unauthenticated endpoints, initiate unauthorized cluster transfers, and escalate to AWS account access through ROSA's IAM roles.   #aws   #kubernetes   #attack


Kubernetes v1.35: Restricting executables invoked by kubeconfigs via exec plugin allowList added to kuberc
Kubernetes v1.35 introduces beta support for restricting credential plugin executables via kuberc configuration. Users can set "credentialPluginPolicy" to AllowAll, DenyAll, or Allowlist, with an optional "credentialPluginAllowlist" to specify permitted binaries, enhancing security against supply-chain attacks.   #kubernetes   #announcement

Tools


k8s-custom-detections
A curated collection of Falco detection rules, audit policies, sample attack manifests, and configuration files designed to detect real-world Kubernetes attack techniques.


promptfoo
Promptfoo is a developer-friendly local tool for testing LLM applications.


aura-inspector
A Swiss Army knife of Salesforce Experience Cloud testing. You can also refer to the companion blog post.


claude-code-transcripts
Tools for publishing transcripts for Claude Code sessions. You can also refer to the companion blog post.


snitch
A prettier way to inspect network connections.

AI


Best practices for coding with agents
A comprehensive guide from Cursor on working with coding agents, from starting with plans to managing context, customizing workflows, and reviewing code.


Claude Cowork Exfiltrates Files
Claude Cowork is vulnerable to file exfiltration attacks via indirect prompt injection as a result of known-but-unresolved isolation flaws in Claude's code execution environment.


Exploiting LLM Write Primitives: System Prompt Extraction When Chat Output Is Locked Down
This post demonstrates how system prompts can be extracted from intent-based LLM assistants even when chat output is completely locked down by exploiting the one thing these models still control: form field values.


Agent Safety is a Box
A post discussing how to control AI agent safety through a deterministic "box" layer outside the agent. The box uses gateways and policy enforcement to control which tools agents can access and how they use them, preventing bypass through prompts or context manipulation.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini