Release Date: 07/06/2026 | Issue: 341
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

This week's articles


Slack AI: The Path to Multi-Cloud
Slack AI evolved over four phases from AWS SageMaker to Amazon Bedrock (provisioned then on-demand) and finally GCP Vertex AI, building an intelligent multi-cloud routing layer with circuit breakers, A/B testing, and hybrid provisioning to ensure resilience, model-best-fit, and zero provider lock-in.


The sorry state of skill distribution
Trail of Bits bypassed malicious skill scanners from ClawHub, Cisco, and skills.sh using simple techniques: newline padding, .pyc bytecode poisoning, .docx indirection, and prompt injection. Existing scanners are structurally broken; organizations should use curated, trusted skill sources instead.


ChatGPhish: The Page Is the Payload
Any web page a victim asks ChatGPT to summarize can become a phishing payload. P0 Labs research reveals a Markdown rendering vulnerability in ChatGPT's response UI.


Azure’s Hidden Operators: A Threat Model for Platform-Level Managed Identities
Post which explores, names, defines, and threat-models an Azure identity type that has quietly operated inside every customer tenant. Never documented under a single name, never owned by you, and never fully visible to you.


Red Hat npm Packages Compromised to Spread a Credential-Stealing Worm
Multiple official @redhat-cloud-services npm packages were compromised with a credential-stealing worm derived from the open-sourced Mini Shai-Hulud malware, targeting cloud credentials, and developer tooling across CI/CD pipelines.


Prevent account takeovers with Device Bound Session Credentials (DBSC), now generally available in Chrome
DBSC (Device Bound Session Credentials) is now GA and on by default in Chrome for Windows for all Google Workspace users. It binds session cookies to the authenticated device, mitigating session theft even if malware is present.


Hidden Gaps in Claude Code Security Reviews
Claude Code's /security-review is vulnerable to model anchoring bias when run in the same session that wrote the code. A new diff-scoped plugin avoids this but misses cross-commit vulnerability chains where each individual change appears benign in isolation.


1-Click GitHub Token Stealing via a VSCode Bug
A VSCode bug allows stealing GitHub OAuth tokens via a malicious repo opened in github.dev. JavaScript in a Jupyter notebook webview abuses postMessage keydown forwarding to install a local workspace extension, which exfiltrates the token granting full repo access.

Tools


pocketbase
Open Source realtime backend in 1 file.


beszel
Lightweight server monitoring with historical data, docker stats, and alerts.


Hermes-USB-Portable
Run a fully self-contained, self-improving AI agent from a single folder or USB drive.


agent-governance-toolkit
Policy enforcement, zero-trust identity, execution sandboxing, and reliability engineering for autonomous AI agents.

Upcoming Events


CONF   OWASP Global AppSec EU 2026
Jun 22-26, 2026 | Vienna, Austria

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present CloudSecList Β· Marco Lancini