Release Date: 15/02/2026 | Issue: 325
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Stop Deepfake Phishing Before It Tricks Your Team
Today's phishing attacks involve AI voices, videos, and deepfakes of executives. Adaptive is the security awareness platform built to stop AI-powered social engineering. Protect your team with:
  • AI-driven risk scoring that reveals what attackers can learn from public data
  • Deepfake attack simulations featuring your executives
Take a free self guided tour

This week's articles


The Forensic Trail On GitHub: Hunting For Supply Chain Activity
Slides from a talk which details GitHub Actions supply chain attacks, demonstrating forensic investigation methodology using public GitHub data. Covers user analysis, attack patterns, payload recovery, deleted evidence reconstruction, and pivoting techniques for threat intelligence without private feeds.   #attack   #ci/cd   #supply-chain   #monitor


Encrypting Files with Passkeys and age
A post explaining how to encrypt files with passkeys, using the WebAuthn prf extension and the TypeScript age implementation.   #build


Incorrect Permission Assignment issue in GitLab ID token
This article details a GitLab vulnerability (CVE-2025-5819) where merge request pipelines could obtain ID tokens with identical 'sub' claims as protected branches, enabling potential privilege escalation through OIDC authentication.   #ci/cd   #attack


Standardizing Privileged Access Architecture for Multi-Cloud
This white paper examines the risks and attack vectors inherent in hybrid multi-cloud infrastructures, and analyzes various attack paths observed by Mandiant in real-world multi-cloud scenarios.   #iam


SCOMmand and Conquer - Attacking System Center Operations Manager
SCOM suffers from similar insecure default configurations as its SCCM counterpart, enabling attackers to escalate privileges, harvest credentials, and ultimately compromise the entire management group and its monitored infrastructure.   #attack   #monitor

Tools


augustus
LLM security testing framework for detecting prompt injection, jailbreaks, and adversarial attacks. See also the companion blog post.


claude-code-devcontainer
Sandboxed devcontainer for running Claude Code in bypass mode safely. Built for security audits and untrusted code review.


dropkit
A CLI tool for managing DigitalOcean droplets with automated setup, SSH configuration, and lifecycle management.


skills
Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows.


skills-curated
Curated, community-vetted Claude Code plugin marketplace.

AI


Manipulating AI memory for profit: The rise of AI Recommendation Poisoning
That helpful “Summarize with AI” button? It might be secretly manipulating what your AI recommends. Microsoft security researchers have discovered a growing trend of AI memory poisoning attacks used for promotional purposes, a technique they called "AI Recommendation Poisoning".


OpenClaw Security Engineer's Cheat Sheet
A practical security guide to OpenClaw: first principles, real attack vectors, skill supply-chain risks, and safe experimentation playbooks.


Threat modeling agentic AI: a scenario-driven approach
A practical workflow for threat modeling agentic AI systems: use a five-zone navigation lens to trace attack paths, formalize them as attack trees, and map to OWASP's threat taxonomy and playbooks.

Upcoming Events


CONF   Nullcon Goa
Feb 25 - Mar 04, 2026 | Goa, India


CONF   OWASP London Training Days 2026
Feb 25-27, 2026 | London, United Kingdom

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini