Release Date: 22/03/2026 | Issue: 330
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Can Your Team Spot an AI Deepfake Attack?
Today's phishing attacks involve AI voices, videos, and deepfakes of company executives. Adaptive Security is the first security awareness platform built to stop AI-powered social engineering.
Adaptive protects your team with:
  • AI-driven risk scoring that reveals what attackers can learn from public data
  • Deepfake attack simulations featuring your own executives
  • Interactive, customizable training content
Schedule a Demo

This week's articles


Securing our codebase with autonomous agents
Cursor's security team built a fleet of security agents to find and fix vulnerabilities across a fast-changing codebase.


Pwning AI Code Interpreters in AWS Bedrock AgentCore
Phantom Labs discovered that AWS Bedrock AgentCore Code Interpreter's sandbox mode allows DNS queries, enabling bypass of network isolation through DNS-based command-and-control. This research details the discovery, proof-of-concept exploit, disclosure timeline, and defensive guidance for organizations using Code Interpreter workloads.


Pentesting a pentest agent - Here's what I've found in AWS Security Agent
A researcher pentested AWS Security Agent, finding 4 issues: DNS confusion enabling unauthorized domain pentesting, a full reverse shell/container escape chain to host root + AWS credentials via prompt injection, unnecessary destructive actions (e.g., DROP TABLE probes, exploit-based cleanup deleting /etc/crontab), and unredacted secrets in pentest reports.


Cracks in the Bedrock: Bypassing SCP Enforcement with Long-Lived API Keys
Sonrai Security researcher discovered that AWS "bedrock-mantle" IAM permissions could bypass SCP enforcement when using long-lived Service Specific Credential API keys. IAM policy denials worked correctly, but SCP denials were bypassed. AWS patched this between Jan–Feb 2026; no customer action required.


Artisanal Handcrafted Git Repositories
An interesting post explaining how to create a Git repository from scratch without using standard Git commands.


CrackArmor: Multiple vulnerabilities in AppArmor
Qualys's "CrackArmor" advisory details 9 vulnerabilities in Linux AppArmor: a confused-deputy flaw letting unprivileged users load/replace/remove arbitrary profiles, plus kernel bugs (uncontrolled recursion, OOB read enabling KASLR leak, use-after-free, double-free), all exploitable for full LPE to root on Ubuntu/Debian.

Tools


claudetop
Htop for your Claude Code sessions: real-time cost, cache efficiency, model comparison, and smart alerts.


augustus
LLM security testing framework for detecting prompt injection, jailbreaks, and adversarial attacks. You can also check out the companion blog post.


pius
Organizational asset discovery tool with 20+ plugins covering certificate transparency, passive DNS, and all 5 Regional Internet Registries. You can also check out the companion blog post.


NemoClaw
NVIDIA plugin for secure installation of OpenClaw.


OpenSandbox
OpenSandbox is a general-purpose sandbox platform for AI applications, offering multi-language SDKs, unified sandbox APIs, and Docker/Kubernetes runtimes for scenarios like Coding Agents, GUI Agents, Agent Evaluation, AI Code Execution, and RL Training.

Upcoming Events


CONF   VulnCon 2026
Apr 13-16, 2026 | Scottsdale, United States

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present CloudSecList Β· Marco Lancini