Release Date: 01/03/2026 | Issue: 327
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Your container registry is a critical attack surface. Here's how to secure it.

Most teams treat container registries like simple storage — but pulling images straight from public repos like Docker Hub introduces real supply chain risk.
There's a smarter way to set it up that protects your pipeline without slowing it down. Read the guide to see how it works in practice.

Read the guide

This week's articles


Disrupting the GRIDTIDE Global Cyber Espionage Campaign
GTIG, Mandiant, and partners took action to disrupt a global espionage campaign from a suspected PRC-nexus cyber espionage group.


Google API Keys Weren't Secrets. But then Gemini Changed the Rules.
Enabling the Gemini API on a GCP project silently grants existing public AIza... keys (e.g., Maps/Firebase) access to sensitive Gemini endpoints. Truffle Security found 2,863 such exposed keys via Common Crawl, enabling data access, billing abuse, and quota exhaustion, including against Google's own infrastructure.


Goodbye innerHTML, Hello setHTML: Stronger XSS Protection in Firefox 148
Firefox 148 is the first browser to ship the standardized Sanitizer API, introducing setHTML() as a safer replacement for innerHTML. It strips malicious HTML/JS before DOM insertion, mitigating XSS with minimal code changes, and pairs with Trusted Types for stronger enforcement.


AWS Incident Response: IAM Containment That Survives Eventual Consistency
Standard AWS IR containment fails against attackers exploiting IAM eventual consistency. This article presents an SCP-enforced technique that makes identity-level containment attacker-resistant.


Untangling Microsoft Graph's $batch requests in Burp
Requests to Microsoft Graph's $batch endpoint bundle several API calls into one JSON object. This makes analyzing Azure Portal traffic difficult, since underlying API calls for requests to the $batch endpoint are not individually logged. This post shares the graph_batch_parser.py Burp Suite extension as a way to speed up analysis of $batch requests.


The Consent Epidemic: OAuth Risk in Microsoft Entra
OAuth app sprawl in Microsoft Entra creates critical risk: attackers bypass MFA by abusing delegated consent and stolen tokens. Shadow apps, overprivileged scopes, and poor offboarding create persistent backdoors. Five governance questions are provided to assess exposure.


Semgrep + AI for Infrastructure as Code: Targeted IaC Security Without the Noise
This post shows how to combine Semgrep with AI to review Pulumi, AWS CDK, and Terraform for risky patterns.

Sponsor

Rogue cloud assets giving you headaches?
Discover every AWS, Azure, and GCP instance your developers have ever created—including the ones they forgot about—with Nudge Security.
Within minutes of starting a free trial, you’ll have an inventory of:
  • Cloud instances and accounts
  • Services, domains, organizations, and other resources
  • Billing data to help you avoid surprise expenses
The best part? Your inventory will include assets created in the past, not just a forward-looking view when new assets are added (but you’ll get that too).

Get started today

Tools


safe-chain
Protect against malicious code installed via npm, yarn, pnpm, npx, and pnpx.


threat-designer
Threat Designer is a GenerativeAI application designed to automate and streamline the threat modeling process for secure system design.


airdrop-observatory
Passive macOS AirDrop monitor TUI.


titus
High-performance secrets scanner. CLI, Go library, Burp Suite extension, and Chrome extension. You can also check out the companion blog post.


shannon
Fully autonomous AI hacker to find actual exploits in your web apps.

AI


Using threat modeling and prompt injection to audit Comet
Trail of Bits used ML-centered threat modeling and adversarial testing to identify four prompt injection techniques that could exploit Perplexity's Comet browser AI assistant to exfiltrate private Gmail data. The audit demonstrated how fake security mechanisms, system instructions, and user requests could manipulate the AI agent into accessing and transmitting sensitive user information.


Running OpenClaw safely: identity, isolation, and runtime risk
OpenClaw, a self-hosted agent runtime, lacks built-in security controls, enabling credential exfiltration, memory/state manipulation, and host compromise via indirect prompt injection and malicious skills. Microsoft recommends isolated deployment, least-privilege identities, continuous monitoring, and Defender XDR hunting queries.


How "Clinejection" Turned an AI Bot into a Supply Chain Attack
A prompt injection in a GitHub issue title gave attackers code execution inside Cline's CI/CD pipeline, leading to cache poisoning, stolen npm credentials, and an unauthorized package publish affecting the popular AI coding tool's 5 million users. Here's the full technical breakdown and what developers should do now.

Upcoming Events


CONF   RootedCon
Mar 05-07, 2026 | Madrid, Spain

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini