Release Date: 14/06/2026 | Issue: 342
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

This week's articles


Identity and Access Management Whitepaper
CNCF TAG Security released an IAM whitepaper targeting architects and platform engineers, covering zero-trust vs. perimeter models, PEP/PDP-based authorization, SPIFFE workload identity, and authentication patterns for stateful and stateless cloud native workloads.


Securing CI/CD in an agentic world: Claude Code Github action case
Microsoft Threat Intelligence identified a prompt injection pathway in Claude Code GitHub Action that allowed access to workflow secrets under specific conditions. This research examines the attack chain, responsible disclosure process, Anthropic's mitigation, and guidance for securing AI-powered CI/CD workflows.


GitHub Actions Security Checklist for Supply Chain Attacks
A practical GitHub Actions security checklist covering permissions, secrets, OIDC, pull_request_target, SHA-pinned actions, runners, artifacts, and CI/CD supply chain defense.


Entra Agent ID: The blueprint blast radius
Entra Agent ID is an extension of Entra's application model that provides identities for AI agents. Unlike applications, the agent identity model allows linking a single app registration (blueprint) to multiple identities and their associated privileges, increasing the potential blast radius of a compromised agent.


Oops, I Weaponized the Database: Abusing AI Features in SQL Server 2025
New native AI features in Microsoft SQL Server 2025 provide a practical channel for data exfiltration and C2 transport within the database engine itself.


Shai-Hulud Descends to Hades: Miasma Worm Campaign Spreads with New PyPI Wave
Socket found 37 malicious PyPI wheels that abuse Python startup hooks to launch a Bun-powered credential stealer tied to Mini Shai-Hulud/Miasma.

Tools


docker-mailserver
Production-ready fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) running inside a container.


warpgate
Fully transparent SSH, HTTPS, Kubernetes, MySQL and Postgres bastion/PAM that doesn't need additional client-side software.


local-cloud-browser
Mac-Native AWS GUI, enables you to perform some fundamental actions without a CLI mess.


EvidenceForge
Generate realistic synthetic security logs for cybersecurity threat hunting training and research.


visa-vulnerability-agentic-harness
Visa's open-source agentic SAST pipeline using frontier AI models for autonomous vulnerability discovery, with multi-agent voting, threat modeling, and SARIF output.

From the cloud providers


#AWS   Operationalizing AWS security: A maturity roadmap
A six-phase maturity roadmap for operationalizing AWS Security Hub and GuardDuty: assess current state, reduce alert noise via tuning, build tiered notification routing, implement automated remediation for high-confidence findings, establish recurring review cadences with metrics, then expand with Inspector, Macie, Security Lake, and preventive controls.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini