Release Date: 25/01/2026 | Issue: 322
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

How KarmaCheck made SaaS security pay for itself
Within six months, KarmaCheck recouped 150% of its annual investment in Nudge Security by chipping away at runaway SaaS use, along with benefits like:
  • Gaining control of shadow SaaS and AI use
  • Completing user access reviews in 1/3 the time
  • Speeding up security reviews for new SaaS and AI vendors
  • Ensuring complete offboarding, even for apps outside of SSO
See why they call Nudge a “Swiss Army Knife of Utility”.

Read the case study

This week's articles


CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Repositories via CodeBuild
Wiz Research discovered a critical supply chain vulnerability that abused a CodeBuild misconfiguration to take over key AWS GitHub repositories, including the JavaScript SDK powering the AWS Console.   #aws   #ci/cd   #attack


When protections outlive their purpose: A lesson on managing defense systems at scale
GitHub removed outdated emergency mitigations that incorrectly blocked legitimate users, highlighting the need for better observability and lifecycle management of defense systems.   #defend   #monitor   #process


OAuth 2.1 in Simple Terms
A post explaining OAuth2 through a simplified flow.It covers authorization requests, redirect URIs, scopes, state parameters, and security considerations.   #explain   #iam   #saas


Linking Privileged Accounts to Identities in Microsoft Defender: Benefits & Use Cases
Microsoft Defender for Identity now allows linking multiple accounts to a single identity, by correlating accounts from different identity providers or linking distinct user accounts, crucial for incident response and remediation.   #azure   #iam   #monitor


Running Renovate as a GitHub Action (and NO PAT!)
A post explaining how you can run Renovate as a GitHub Action without needing a GitHub Personal Access Token by using Octo STS.   #ci/cd   #build

Tools


terraform-skill
The Claude Agent Skill for Terraform and OpenTofu - testing, modules, CI/CD, and production patterns.


Tangled
Open-source offensive security platform for conducting phishing campaigns that weaponizes iCalendar automatic event processing. - ineesdv/Tangled.


multiclaude
A lightweight orchestrator for running multiple Claude Code agents on GitHub repositories.


netsniff-ng
A Swiss army knife for your daily Linux network plumbing.


octo-sts
A GitHub App that acts like a Security Token Service (STS) for the Github API.

AI


Dude, where's my CopilotInteraction?
This post documents requirements for logging the "CopilotInteraction" event, as well as some caveats of when it isn't logged. This event is key for Copilot audit trails. An App Insights alternative for logging interactions in Copilot Studio is also provided.


All your OpenCodes belong to us
OpenCode, a popular open-source AI coding agent, suffered a severe CVE allowing arbitrary remote code execution (RCE). The vulnerability is significantly more dangerous and easier to exploit than typical RCE attacks, requiring less sophistication to compromise systems.


As Strong As Your Weakest Parameter: An AI Authorization Bypass
A critical vulnerability was discovered in an AI-assisted chat application, not through prompt injection, but via a misconfigured parameter in its integration with the AI backend.

From the cloud providers


#AZURE   A new era of agents, a new era of posture
Microsoft Defender introduces AI Security Posture Management for multi-cloud environments, providing visibility and contextual risk assessment across AI agent architectures. It identifies agents connected to sensitive data, susceptible to indirect prompt injection attacks, and operating as coordinators, while offering attack path analysis and actionable hardening recommendations.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini