Release Date: 17/05/2026 | Issue: 338
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Things you've said this week:
  • "is this the same CVE in a trench coat"
  • "tenable says critical, wiz says medium, qualys is having a moment"
  • "asset owner: idk, ask brian. brian left in 2023."
  • "we patched it. it came back. it brought friends."
  • "the exec just slacked me a techcrunch link at 11pm"
  • "i need a real tool for this"

That last one.
JupiterOne UVM unifies every scanner, dedupes findings, scores real exploitability and what matters (oh, did you know you can customize this?), and tells you who owns the asset. So "what do we patch first" takes 30 seconds.
Get Started

This week's articles


Malicious Coding Agent Skills and the Risk of Dynamic Context
Learn how malicious Claude Code skills can abuse dynamic context commands to execute before model-level prompt injection defenses can intervene.


Skill Issues: Compromising Claude Code with malicious skills & agents
With the increasing usage of AI Coding agents, can coding agent skill files be exploited as an initial access mechanism, and how? This is part 1 of a 3 part series exploring the attack surface and defensive recommendations.


Running Codex safely at OpenAI
A look at the controls, boundaries, and telemetry OpenAI uses to govern coding agents in real workflows.


Claude Code MCP Token Theft: MitM Attack Explained
Mitiga Labs shows how Claude Code MCP configuration can be hijacked through ~/.claude.json to steal OAuth tokens, persist through rotation, and hide in trusted SaaS activity.


AI Threat Readiness Framework
Wiz proposes a 4-pillar AI Threat Readiness Framework: (1) reduce attack surface and AI-scan all exposures; (2) accelerate CVE patching and zero-day response; (3) perform deep AI-driven code analysis; (4) automate real-time threat detection and containment.


Authorization Bypass in Amazon Quick: Unauthorized AI Chat Agent Usage
An authorization bypass in Amazon Quick's AI Chat Agents that allowed users to access and interact with AI agents despite explicit administrative restrictions. AWS responded by deploying a fix without notifying customers, classified the issue as β€œnone,” and did not publish an advisory.


The AWS Bedrock API Keys Security Guide Part 2: Detection, Prevention, and Response
The second part of a guide to AWS Bedrock API key security, this research builds off of the risks of AWS Bedrock API keys introduced in part one to cover detection, prevention, incident response, and migration to STS.


Shai-Hulud Goes Open Source
A static analysis of the open-sourced Shai-Hulud offensive framework attributed to TeamPCP, covering its credential harvesting, supply chain poisoning, and exfiltration capabilities.

Tools


vmm
A Docker-like experience for VMs using libkrun.


entra-ca-insight
Discover gaps in Entra Conditional Access policies before attackers do.


SCAM
Open-source benchmark that tests AI agents' security awareness during realistic, multi-turn workplace tasks.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present CloudSecList Β· Marco Lancini