This week's articles
Google API Keys Weren't Secrets. But then Gemini Changed the Rules.
Enabling the Gemini API on a GCP project silently grants existing public AIza... keys (e.g., Maps/Firebase) access to sensitive Gemini endpoints. Truffle Security found 2,863 such exposed keys via Common Crawl, enabling data access, billing abuse, and quota exhaustion, including against Google's own infrastructure.
Untangling Microsoft Graph's $batch requests in Burp
Requests to Microsoft Graph's $batch endpoint bundle several API calls into one JSON object. This makes analyzing Azure Portal traffic difficult, since underlying API calls for requests to the $batch endpoint are not individually logged. This post shares the graph_batch_parser.py Burp Suite extension as a way to speed up analysis of $batch requests.
The Consent Epidemic: OAuth Risk in Microsoft Entra
OAuth app sprawl in Microsoft Entra creates critical risk: attackers bypass MFA by abusing delegated consent and stolen tokens. Shadow apps, overprivileged scopes, and poor offboarding create persistent backdoors. Five governance questions are provided to assess exposure.
|
|
Sponsor
Rogue cloud assets giving you headaches? Discover every AWS, Azure, and GCP instance your developers have ever created—including the ones they forgot about—with Nudge Security. Within minutes of starting a free trial, you’ll have an inventory of:- Cloud instances and accounts
- Services, domains, organizations, and other resources
- Billing data to help you avoid surprise expenses
The best part? Your inventory will include assets created in the past, not just a forward-looking view when new assets are added (but you’ll get that too).
Get started today
|
|
|
Tools
safe-chain
Protect against malicious code installed via npm, yarn, pnpm, npx, and pnpx.
threat-designer
Threat Designer is a GenerativeAI application designed to automate and streamline the threat modeling process for secure system design.
titus
High-performance secrets scanner. CLI, Go library, Burp Suite extension, and Chrome extension. You can also check out the companion blog post.
shannon
Fully autonomous AI hacker to find actual exploits in your web apps.
|
|
AI
Using threat modeling and prompt injection to audit Comet
Trail of Bits used ML-centered threat modeling and adversarial testing to identify four prompt injection techniques that could exploit Perplexity's Comet browser AI assistant to exfiltrate private Gmail data. The audit demonstrated how fake security mechanisms, system instructions, and user requests could manipulate the AI agent into accessing and transmitting sensitive user information.
Running OpenClaw safely: identity, isolation, and runtime risk
OpenClaw, a self-hosted agent runtime, lacks built-in security controls, enabling credential exfiltration, memory/state manipulation, and host compromise via indirect prompt injection and malicious skills. Microsoft recommends isolated deployment, least-privilege identities, continuous monitoring, and Defender XDR hunting queries.
How "Clinejection" Turned an AI Bot into a Supply Chain Attack
A prompt injection in a GitHub issue title gave attackers code execution inside Cline's CI/CD pipeline, leading to cache poisoning, stolen npm credentials, and an unauthorized package publish affecting the popular AI coding tool's 5 million users. Here's the full technical breakdown and what developers should do now.
|
|
Upcoming Events
CONF
RootedCon
Mar 05-07, 2026 | Madrid, Spain
|
|
Thanks for reading!
|
If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌 If you have questions, comments, or feedback, let me know on Twitter ( @lancinimarco / @CloudSecList), or at feedback.cloudseclist.com! Thanks, Marco
|
|
|