Release Date: 08/02/2026 | Issue: 324
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Rogue cloud assets giving you headaches?
Discover every AWS, Azure, and GCP instance your developers have ever created—including the ones they forgot about—with Nudge Security. Within minutes of starting a free trial, you’ll have an inventory of:
  • Cloud instances and accounts
  • Services, domains, organizations, and other resources
  • Billing data to help you avoid surprise expenses
The best part? Your inventory will include assets created in the past, not just a forward-looking view when new assets are added (but you’ll get that too).

Get started today

This week's articles


Google Looker RCE vulnerabilities: Patch now
Tenable Research discovered two novel vulnerabilities in Google Looker that could allow an attacker to completely compromise a Looker instance.   #attack   #gcp   #saas


Blog: A Beginners Guide: Cross-Device Passkeys
Find out more about how passkeys can be used across devices using a mechanism called Hybrid transport.   #explain   #iam


Building Slack’s Anomaly Event Response
This article introduces Slack's Anomaly Event Response (AER), an automated security system that detects suspicious activities and terminates user sessions in real-time, reducing detection-to-response gaps from hours to minutes.   #defend   #monitor   #strategy


3 Real Cloud Attacks Caused by App Misconfigurations
See how attackers exploited misconfigurations in Selenium Grid, Spring Boot, and PostgreSQL to gain full access.   #attack


Docker Sandboxes: Run Claude Code and More Safely
Docker Sandboxes now offer microVM isolation for macOS and Windows, enabling coding agents like Claude Code to run unsupervised in disposable environments. Features include hypervisor-based isolation, safe Docker-in-Docker execution, and network controls for secure autonomous agent operation.   #announcement   #ai   #containers


Weaponizing Whitelists: An Azure Blob Storage Mythic C2 Profile
Mature enterprises lock down egress but often carve out broad exceptions for trusted cloud services. This post shows how reviewing deployment guides can help identify those exceptions and weaponize them with a new Mythic C2 profile called azureBlob.   #azure   #attack

Advance Your Cloud Security Career

Want to break into Cloud Security or move up fast?
📙 The CloudSec Engineer gives you straight-to-the-point, no-BS career advice based on real-world experience. From landing your first role to securing senior and leadership positions, this book helps you navigate the path with practical insights, proven strategies, and bonus tools to track your learning and ace interviews.

Get the guide that works

Tools


frp
A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.


julius
Julius is an LLM service fingerprinting tool for security professionals. It detects which AI server software is running on network endpoints during penetration tests, attack surface discovery, and security assessments. You can also refer to the companion blog post.


skill-scanner
Security Scanner for Agent Skills.


presidio
An open-source framework for detecting, redacting, masking, and anonymizing sensitive data (PII) across text, images, and structured data. Supports NLP, pattern matching, and customizable pipelines.


aws-config-d
Manage multiple AWS SSO organizations with separate config files.

AI


Auditing Outline. Firsthand lessons from comparing manual testing and AI security platforms
Doyensec audited Outline OSS wiki, discovering seven vulnerabilities using manual testing over 60 person-days. Three AI security platforms were tested in parallel but produced overwhelming false positives requiring 40 hours to validate, demonstrating AI tools currently cannot replace experienced human auditors for quality security engagements.


From Automation to Infection: How OpenClaw AI Agent Skills Are Being Weaponized
The fastest-growing personal AI agent ecosystem just became a new delivery channel for malware. Over the last few days, VirusTotal has detected hundreds of OpenClaw skills that are actively malicious.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini