Release Date: 21/06/2026 | Issue: 343
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

How to secure AI without losing innovation

Organizations are increasingly dealing with AI usage outside of formal processes and governance. This shift is creating new visibility, control, and risk management challenges across security and IT teams.
On June 24, join security leaders from Jamf, Datadog, and Nebulock as they break down how their organizations are safely adopting and scaling AI - using the right policies, tools, and training to reduce risks while driving innovation.

Register now!

This week's articles


Cybercrime Breaches Klue: Salesforce Data Impacted for Many Victims, including Huntress
Threat actor "Icarus" exploited a stale credential in Klue (market intelligence platform) starting June 11, 2025, stealing OAuth tokens to access customers' CRM systems (Salesforce, Gong, etc.). Huntress confirmed exfiltration of sales/contact data only; no product, credential, or threat telemetry data was impacted.


AI Agent Supply-Chain Malware in Instruction Files
Mitiga Labs scanned 50,000+ AI instruction files across 7,000+ repos, finding prompt-exfiltration malware, ANTHROPIC_BASE_URL MITM overrides, YOLO-mode permission bypasses, and 1,230+ hardcoded API keys. They released Skillgate, a free scanner, to detect these techniques.


Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign
A large-scale npm supply chain attack compromised over 90 versions of @redhat-cloud-services packages, silently infecting CI/CD environments and developer systems.


Holding blobs for ransom: Four methods for Azure Storage ransomware
This post explores four vectors for threat actors to abuse Azure Storage to maliciously encrypt victim blobs, including step-by-step explanations and event codes for detection.


Mind the Gap: GCP serviceData in Logs Explorer vs. Exported Logs
GCP's deprecated serviceData field gets silently stripped when audit logs reach your SIEM, leaving detection rules blind to disabled logging. Here's the gap.


140+ Mastra npm Packages Compromised in Coordinated Supply Chain Attack
A compromised npm account published 140+ malicious @mastra/* packages on 2026-06-17, injecting a typosquatted dependency (easy-day-js) that runs a cross-platform infostealer at install time, stealing browser data, crypto wallet extensions, and exfiltrating to attacker C2 servers.


Mapping out your unknown: A threat hunterโ€™s guide to Salesforce
Datadog's Security Research team has analyzed current Salesforce threats, logging, and detection opportunities. This post provides the queries and context you need to begin hunting for attacker behavior across your Salesforce environment.

Tools


ponytail
Makes your AI agent think like the laziest senior dev in the room. The best code is the code you never wrote.


burp-session-switcher
A Burp extension that easily allows for switching a request's session (headers, cookies) on the fly. You can also check out the companion blog post.


package-proxy
Inline proxy for software package registries to provide observability and policy controls to installs. You can also check out the companion blog post.


bagel
A CLI that inventories security-relevant metadata on developer workstations.

From the cloud providers


#AWS   Governing AI Assets at Scale with MCP Gateway and Registry
Open source MCP Gateway and Registry (Apache 2.0) provides enterprise governance for AI assets (MCP servers, agents, skills) via centralized discovery, fine-grained RBAC, supply-chain security scanning, hybrid semantic/keyword search, OpenTelemetry observability, federation with external registries, and deployable on EKS/ECS/EC2.


#AWS   Introducing AWS Continuum: Security at machine speed
AWS Continuum is a new agentic security product in gated preview that addresses code vulnerability lifecycles at machine speed. It uses multiple frontier models to perform discovery, prioritization, validation, and automated remediation, with graduated trust from human-in-the-loop to enforce mode.


#AWS   Amazon S3 annotations: attach rich, queryable context directly to your object
Amazon S3 now lets you attach up to 1 GB of rich, mutable, and queryable context directly to your objects using annotations, purpose-built for AI agents and autonomous workflows that need to discover, understand, and act on data at scale without maintaining separate metadata systems.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini