This week's articles
Leaky Serverless Framework
raising an issue by which it seems the Serverless Framework will in some cases copy your API credentials to their own systems and execute things on your behalf.
GCP .actAs d-day > How not to remediate
#gcp, #defend, #explain
Blog post detailing the .actAs permission, a little ditty on the history of this vulnerability and how to remediate before Google does it for you.
AWS Lambda $LATEST is dangerous
You should always use function versioning. You should almost always use function aliases, which have a handful of benefits involving metrics in CloudWatch, IAM permissions, traffic-shifting, etc.