Release Date: 05/04/2026 | Issue: 332
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Cloud attacks have a new entry point. It's your running applications.

That’s why a new category is emerging: Cloud Application Detection and Response (CADR). This guide breaks down what CADR is, why runtime is the only place real attacks can be detected, and how security teams are protecting applications, cloud infrastructure, and AI systems in production.
If you’re responsible for securing modern cloud workloads, this is a concept you’ll want to understand.

Get the Guide

This week's articles


How Command Injection Vulnerability in OpenAI Codex Leads to GitHub Token Compromise
BeyondTrust Phantom Labs recently identified a critical command injection vulnerability in OpenAI Codex that allowed for the theft of GitHub User Access Tokens.


Leveling Up Secure Code Reviews with Claude Code
Post which discusses how to leverage Claude Code to produce digestible output that helps up better understand analyzed code base while surfacing secure and insecure coding patterns.


Double Agents: Exposing Security Blind Spots in GCP Vertex AI
Unit 42 researchers found that GCP Vertex AI Agent Engine's default P4SA service account has excessive permissions, enabling credential theft via the metadata service. This allows privilege escalation to read all consumer GCS buckets, access restricted Google-internal Artifact Registry container images, and expose internal source code.


Tracking TeamPCP: Investigating Post-Compromise Attacks Seen in the Wild
How TeamPCP are leveraging stolen secrets from the recent supply chain attacks to compromise cloud environments.


axios Compromised on npm - Malicious Versions Drop Remote Access Trojan
A compromised axios maintainer account published malicious [email protected] and [email protected] to npm on March 31, 2026. Both injected a phantom dependency ([email protected]) that executes a postinstall RAT dropper targeting macOS, Windows, and Linux, contacting C2 at sfrclak.com:8000, then self-destructs to evade forensic detection.


New widespread EvilTokens kit: device code phishing as-a-service
EvilTokens is a Microsoft device code PhaaS (active since Feb 2026) that harvests OAuth access/refresh tokens, auto-converts them to PRTs, and supports full BEC post-exploitation (Outlook, Graph, SharePoint, Azure). Over 1,000 domains identified; campaigns globally targeting finance, HR, and logistics sectors.


Legacy Image Provider to Cloudflare Images: Traffic Estimation and Safe Rollout
Mercari migrated a legacy image pipeline to Cloudflare Images, preserving existing URLs. Key challenges addressed: S3 HTTPS access via host-header-style routing, image quality/egress cost validation (adjusting quality settings), and zero-downtime rollout using regex-based deterministic traffic ramping with cache rebuild monitoring.


Enforcing AI Governance Across AWS Organizations
Learn how to enforce AI governance across AWS organizations using Bedrock guardrails, MCP server controls, model availability rules, and API restrictions to reduce risk and improve security.

Tools


url-content-auditor
Audit content (pdfs, media files, images) sensitivity on urls.


npm-security-best-practices
Collection of npm package manager Security Best Practices.


hadrian
API security testing framework for REST, GraphQL, and gRPC that validates authorization logic using role-based testing and YAML-driven templates. You can also check out the companion blog post.


aws-preflight
Check your AWS CLI commands for security risks before you run them.

From the cloud providers


#AWS   Session policies for Amazon EKS Pod Identity
How to use session policies to dynamically scope down IAM permissions for your Kubernetes pods without creating additional IAM roles.


#AWS   AWS Security Agent on-demand penetration testing now generally available
AWS Security Agent on-demand penetration testing is now GA, offering autonomous 24/7 multi-cloud pen testing combining SAST, DAST, and context-aware agentic AI.


#GCP   Google Workspace Updates: Ransomware detection and file restoration for Google Drive now generally available
Google Drive's ransomware detection and file restoration are now GA (March 30, 2026). The updated AI model detects 14x more infections than beta. Drive for desktop pauses sync on detection; users can bulk-restore files. Available across Business Standard+, Enterprise, and Education tiers.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini