Release Date: 24/05/2026 | Issue: 339
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

The IT and security field guide to AI adoption
AI is everywhere right now. But for many teams, the reality hasn’t matched the promise. What’s actually working?
Tines just released a new guide that takes a more practical look at AI adoption for security and IT teams. Inside, you’ll get:
  • A practical framework for evaluating tools beyond the demo
  • A step-by-step approach to selecting tools that hold up in production
  • Key questions to ask before committing to a vendor
  • Best practices for keeping humans in the loop
Get the guide

This week's articles


Automating Security Operations with AI: Triaging Renovate PR
A Claude Code Routine that triages every Renovate PR by risk, flags dead deps, and catches deprecated framework configs before I touch the diff.


Investigating unauthorized access to GitHub-owned repositories
On May 18, a compromised employee device via a poisoned VS Code extension led to exfiltration of GitHub-internal repositories (~3,800). No evidence of customer data impact outside internal repos. Critical secrets were rotated; investigation is ongoing.


CISA Admin Leaked AWS GovCloud Keys on Github
A Nightwing contractor's public GitHub repo ("Private-CISA"), active since November 2025, exposed plaintext AWS GovCloud admin keys, Firefox-saved passwords, kubeconfig, and Artifactory credentials for CISA internal systems, with GitHub's secret-scanning protections deliberately disabled.


durabletask: TeamPCP's Latest PyPi Compromise
TeamPCP's ongoing supply chain campaign compromised PyPI package "durabletask" (Microsoft's Durable Task Python client), deploying "rope.pyz" malware with credential theft (AWS/Azure/GCP/K8s), password manager brute-forcing, shell history scraping, and worm-based lateral movement via AWS SSM and Kubernetes.


Mini Shai-Hulud Hits @antv Ecosystem, 639 Compromised npm Package Versions
Active npm supply chain attack compromises @antv packages in a fast-moving malicious publish wave tied to Mini Shai-Hulud.


Global S3: Another C2 Channel for AgentCore Code Interpreters
AWS AgentCore Code Interpreters in Sandbox mode allow unrestricted global S3 access (including cross-account, public/presigned URLs), enabling a bidirectional C2 channel via S3 polling, demonstrated as a full reverse shell PoC. Mitigation: use VPC mode with S3 Gateway Endpoints and strict endpoint policies.


The expendable extension name: Azure VMAccess naming chaos, password resets, and a detection gap
The Sysdig Threat Research Team uncovered a detection gap in Azure VM password resets that allows attackers to evade name-based detections by assigning arbitrary VM extension names. Learn how the flaw works, why Microsoft's documented detection guidance failed during testing, and what defenders should monitor instead.

Tools


ax
Google's open source distributed agent runtime. You can also check out the companion blog post.


keyledger
Unified TUI for inventory, health-check, and track every API key issued across your AI providers. You can also check out the companion blog post.


scopeshift
An automated tool to test AI models against scope manipulation (deceiving an AI agent about its real target). You can also check out the companion blog post.


pathfinding.cloud
A collection of intentionally vulnerable AWS environments that can be deployed into a sandbox account, exploited, and torn down. You can also check out the companion blog post.

From the cloud providers


#AWS   The AWS AI Security Framework: Securing AI with the right controls, at the right layers, at the right phases
The AWS AI Security Framework structures AI security across 3 use cases (answers, connects, acts), 3 layers (infrastructure, identity/data, AI application), and 3 phases (foundational → production → scale), applying cumulative, least-privilege controls.


#AWS   Governing infrastructure as code using pattern-based policy as code
The article describes using Open Policy Agent (OPA) in CI/CD pipelines to validate Terraform IaC changes pre-deployment. It organizes checks around five control patterns: required metadata, allowed configuration, exposure restriction, protection enforcement, and privilege constraint, with phased rollout guidance.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini