Release Date: 01/02/2026 | Issue: 323
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Your SAST hasn't found a real bug in months

ZeroPath has found 50+ bugs in curl, CVEs in Linux, and vulnerabilities in ffmpeg. Codebases that have been scanned by traditional tools for years. AI-native SAST that catches business logic flaws and auth bypasses, verifies exploitability, and generates patches. Zero config, low noise.

See what it finds

This week's articles


Zero trust architecture design principles
Eight principles to help you to implement your own zero trust network architecture in an enterprise environment.   #explain   #strategy


SITF: The First Threat Framework for SDLC Infrastructure
Wis introduced SITF, an open framework to map and block supply chain attacks. Visualize threats across Endpoint, VCS, CI/CD, and Registry with 70+ techniques.   #strategy   #announcement


Kubernetes Remote Code Execution Via Nodes/Proxy GET Permission
An authorization bypass in Kubernetes RBAC allows for nodes/proxy GET permissions to execute commands in any Pod in the cluster.   #kubernetes   #attack


Stealing Salesforce OAuth Tokens using the WAF
This post details a method for stealing Salesforce OAuth tokens by exploiting an XSS vulnerability and leveraging the Cloudflare Web Application Firewall (WAF).   #attack   #saas


Kube-Policies BinauthZ: Closing the Supply Chain Gap in Kubernetes
Block's BinauthZ plugin extends their OPA-based admission controller to cryptographically verify container image signatures and attestations at Kubernetes admission time, enforcing SLSA using Sigstore/cosign with AWS KMS.   #kubernetes   #containers   #build


We should all be using dependency cooldowns
Dependency cooldowns delay automatic dependency updates, providing a free and effective mitigation against most open source supply chain attacks. Tools like Dependabot and Renovate support configurable cooldown periods before adopting new dependency versions.   #supply-chain   #ci/cd

Sponsor

Your team investigates 1,000+ alerts per week. 50% are preventable.

CNAPPs detect misconfigurations after deployment. Turbot stops them from being created in the first place - blocking at build, at the API, and auto-remediating in runtime. This is PSPM (Preventive Security Posture Management), and it complements your CNAPP by stopping misconfigurations before they become findings. Make prevention your primary control, detection your safety net.

Shift to prevention-first โ†’

Tools


copilot-sdk
Multi-platform SDK for integrating GitHub Copilot Agent into apps and services. You can also refer to the companion blog post.


IDE-SHEPHERD-extension
A VS Code/Cursor extension capable of performing realtime security monitoring from inside the IDE. You can also refer to the companion blog post.


blackice
An open-source containerized toolkit designed for red teaming AI models, including Large Language Models (LLMs) and classical machine learning (ML) models. You can also refer to the companion blog post.


ZeroPulse
C2 Platform with Cloudflare Tunnel Integration.


mcp-security-hub
A growing collection of MCP servers bringing offensive security tools to AI assistants. Nmap, Ghidra, Nuclei, SQLMap, Hashcat and more.

AI


Securing Agents in Production
This is the first in a series exploring Palantir AIP's Agentic Runtime, the integrated toolchain for building, deploying, and managing agents in mission-critical settings.


Reprompt: The Single-Click Microsoft Copilot Attack that Silently Steals Your Personal Data
Varonis Threat Labs discovered a way to bypass Copilot's safety controls, steal users' darkest secrets, and evade detection.


AI-Assisted Development at Block
Block's AI engineering approach includes: 95% of engineers using AI assistants, providing freedom to explore multiple tools, launching an AI Champions program focused on repo readiness and context engineering, implementing automated PRs, and planning team-based workshops for multi-agent workflows.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini