Release Date: 19/07/2026 | Issue: 347
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

CISO Alert: AI has reached operational saturation. Identity has not.

88% of technology leaders admit AI agent adoption has completely outrun their identity infrastructure. Autonomous agents are now actively making production API calls, running workflows, and accessing sensitive files. Security policies cannot regulate runtime machine actions or prove what an agent did.
Your architecture is now your only effective security control.
Our 2026 State of AI and Identity Report includes a 10-point CISO evaluation checklist to secure your non-human attack surface.

Get the AI Identity Benchmark Report

This week's articles


The Two Mitigations for the Service-Account Confused Deputy in the Cloud
Two mitigations exist for cloud service-account confused deputy attacks: for customer-managed identities, an attachment gate (GCP actAs, AWS iam:PassRole, Azure assign/action) controls bind-time authorization; for provider-managed identities, the CSP enforces internal checks, with AWS uniquely exposing this via Forward Access Sessions and condition keys.


No single pane of glass: Anatomy of an Azure permission takeover
Sysdig TRT observed an attacker use one leaked service principal (with RoleManagement.ReadWrite.Directory) to self-grant Global Administrator, then elevateAccess to root RBAC Owner, harvest storage/Event Hub/Key Vault keys, and plant backdoors on 26 app registrations.


AsyncAPI Supply Chain Compromise via GitHub Actions
Detect and mitigate malicious @asyncapi npm packages linked to the latest npm supply chain attack.


New IAM Condition Keys for DynamoDB GSIs Failed Silently: Authorization Bypass
How four DynamoDB IAM condition keys for Global Secondary Indexes silently failed to enforce item-level access, the test cases that proved it, and the full disclosure timeline with AWS.


Defending SaaS-based applications against ShinyHunters OAuth abuse
Microsoft Threat Intelligence identified threat actor activity with overlapping tradecraft commonly associated with ShinyHunters, including voice phishing (vishing), supply-chain compromise, and misconfigured guest access targeting SaaS-based applications.


OIDC tokens can now restrict which AWS roles they assume
AWS STS now supports a new OIDC claim that restricts which role ARNs a token can assume. Enforced before trust policy evaluation. The boolean condition key sts:RoleAuthorizedByIdp enables mandatory enforcement via trust policies or RCPs.


Not-so-anonymous telemetry: The @injectivelabs/sdk-ts backdoor
A malicious commit disguised as SDK telemetry briefly compromised @injectivelabs/sdk-ts, exfiltrating wallet mnemonics and private keys.


Hunting malware and malicious MCPs in memory on Kubernetes with FleetDM + Osquery + YARA
A post demonstrating how to use FleetDM's authenticated YARA rule distribution with Osquery's yara_process table to scan Kubernetes container process memory, detecting in-memory Sliver C2 implants and credential-stealing malicious MCP servers via live SQL queries.

Tools


pipdeptree
A command line utility to display dependency tree of the installed Python packages.


maSSO
The malicious IdP you were looking for. A weaponized Single Sign-On (SSO) Identity Provider (IdP) for security testing of OIDC and SAML 2.0 Service Providers, also supporting SCIM protocol.


frp
A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.


plannotator
Annotate and review coding agent plans and code diffs visually, share with your team, send feedback to agents with one click.


destructive_command_guard
The Destructive Command Guard (dcg) is for blocking dangerous git and shell commands from being executed by agents.

From the cloud providers


#AWS   Introducing OAuth Support for AWS MCP Server
AWS MCP Server now supports OAuth-based sign-in using existing AWS credentials (IAM, IAM Identity Center, federated). Includes dynamic client registration, headless token API, new IAM condition keys, token introspection/revocation, and CloudTrail logging for OAuth events.


#AWS   Authenticate legitimate AI agent traffic with AWS WAF Bot Control
AWS WAF Bot Control now supports Web Bot Authentication (WBA), using ed25519 cryptographic signatures (RFC 9421) to verify AI agent identities. It introduces new WAF labels (verified, invalid, expired, unknown_bot) enabling granular allow/block rules, replacing unreliable IP-based bot filtering.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini