cloud_sec | Unsorted

Telegram-канал cloud_sec - CloudSec Wine

2225

All about cloud security Contacts: @AMark0f @dvyakimov About DevSecOps: @sec_devops

Subscribe to a channel

CloudSec Wine

🤖 NomShub: Weaponizing Cursor's Remote Tunnel Through Indirect Prompt Injection and Sandbox Breakout

NomShub is a critical vulnerability chain in the Cursor AI code editor where a malicious repository can silently hijack a developer's machine, combining indirect prompt injection, a sandbox escape via shell builtins, and Cursor's built-in remote tunnel to give attackers persistent, undetected shell access triggered simply by opening a repo.

https://www.straiker.ai/blog/nomshub-cursor-remote-tunneling-sandbox-breakout

#AI

Читать полностью…

CloudSec Wine

🔶 Launching S3 Files, making S3 buckets accessible as file system

Amazon S3 Files makes S3 buckets accessible as high-performance file systems on AWS compute resources, eliminating the tradeoff between object storage benefits and interactive file capabilities while enabling seamless data sharing with ~1ms latencies.

https://aws.amazon.com/ru/blogs/aws/launching-s3-files-making-s3-buckets-accessible-as-file-systems

#aws

Читать полностью…

CloudSec Wine

🤖 How Command Injection Vulnerability in OpenAI Codex Leads to GitHub Token Compromise

BeyondTrust Phantom Labs recently identified a critical command injection vulnerability in OpenAI Codex that allowed for the theft of GitHub User Access Tokens.

https://www.beyondtrust.com/blog/entry/openai-codex-command-injection-vulnerability-github-token

#AI

Читать полностью…

CloudSec Wine

🔶 aws-preflight

Check your AWS CLI commands for security risks before you run them.

https://github.com/gabrielPav/aws-preflight

#aws

Читать полностью…

CloudSec Wine

🔴 Double Agents: Exposing Security Blind Spots in GCP Vertex AI

Unit 42 researchers found that GCP Vertex AI Agent Engine's default P4SA service account has excessive permissions, enabling credential theft via the metadata service. This allows privilege escalation to read all consumer GCS buckets, access restricted Google-internal Artifact Registry container images, and expose internal source code.

https://unit42.paloaltonetworks.com/double-agents-vertex-ai

#gcp

Читать полностью…

CloudSec Wine

👨‍💻 Widespread GitHub Campaign Uses Fake VS Code Security Alerts to Deliver Malware

A large-scale phishing campaign is targeting developers directly inside GitHub, using fake Visual Studio Code security alerts posted through Discussions to trick users into installing malicious software.

https://socket.dev/blog/widespread-github-campaign-uses-fake-vs-code-security-alerts-to-deliver-malware

#github

Читать полностью…

CloudSec Wine

🔶 Locking down AWS principal tags with RCPs and SCPs

A post explaining how to use SCPs to restrict sensitive IAM actions to tagged principals, RCPs to block unauthorized "scp-*" session tags from external/non-tagger principals, and SCPs to protect the "tagger" role itself via CloudFormation StackSets.

https://awsteele.com/blog/2026/02/21/locking-down-aws-principal-tags-with-rcps-and-scps.html

#aws

Читать полностью…

CloudSec Wine

🔶 Cracks in the Bedrock: Bypassing SCP Enforcement with Long-Lived API Keys

Sonrai Security researcher discovered that AWS "bedrock-mantle" IAM permissions could bypass SCP enforcement when using long-lived Service Specific Credential API keys. IAM policy denials worked correctly, but SCP denials were bypassed. AWS patched this between Jan–Feb 2026; no customer action required.

https://sonraisecurity.com/blog/cracks-in-the-bedrock

#aws

Читать полностью…

CloudSec Wine

🤖 Securing our codebase with autonomous agents

Cursor's security team built a fleet of security agents to find and fix vulnerabilities across a fast-changing codebase.

https://cursor.com/blog/security-agents

#AI

Читать полностью…

CloudSec Wine

🔶 Pentesting a pentest agent - Here's what I've found in AWS Security Agent

A researcher pentested AWS Security Agent, finding 4 issues: DNS confusion enabling unauthorized domain pentesting, a full reverse shell/container escape chain to host root + AWS credentials via prompt injection, unnecessary destructive actions (e.g., DROP TABLE probes, exploit-based cleanup deleting /etc/crontab), and unredacted secrets in pentest reports.

https://blog.richardfan.xyz/2026/03/14/pentesting-a-pentest-agent-heres-what-ive-found-in-aws-security-agent.html

#aws

Читать полностью…

CloudSec Wine

🤖 When an AI agent came knocking: Catching malicious contributions in Datadog’s open source repos

How Datadog discovered malicious issues and PRs in two of their public repositories as the result of attacks by hackerbot-claw, an AI agent designed to target GitHub Actions and LLM-powered workflows.

https://www.datadoghq.com/blog/engineering/stopping-hackerbot-claw-with-bewaire

#AI

Читать полностью…

CloudSec Wine

🔶 Behind the console: Active phishing campaign targeting AWS console credentials

Datadog Security Research identified an active adversary-in-the-middle (AiTM) phishing campaign targeting AWS Console credentials via typosquatted domains that mimic AWS infrastructure.

https://securitylabs.datadoghq.com/articles/behind-the-console-aws-aitm-phishing-campaign

#aws

Читать полностью…

CloudSec Wine

🤖 How AI Agents Automate CVE Vulnerability Research

A technical deep-dive into Praetorian's multi-agent CVE research pipeline, exploring how orchestrated AI agents transform vulnerability data into validated detection templates.

https://www.praetorian.com/blog/how-ai-agents-automate-cve-vulnerability-research/

#AI

Читать полностью…

CloudSec Wine

🤖 hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub Actions

A week-long automated attack campaign targeted CI/CD pipelines across major open source repositories, achieving remote code execution in at least 4 out of 5 targets. The attacker, an autonomous bot called hackerbot-claw, used 5 different exploitation techniques and successfully exfiltrated a GitHub token with write permissions from one of the most popular repositories on GitHub. This post breaks down each attack, shows the evidence, and explains what you can do to protect your workflows.

https://www.stepsecurity.io/blog/hackerbot-claw-github-actions-exploitation#attack-6-aquasecuritytrivy---evidence-cleared

#AI

Читать полностью…

CloudSec Wine

🤖 Running OpenClaw safely: identity, isolation, and runtime risk

OpenClaw, a self-hosted agent runtime, lacks built-in security controls, enabling credential exfiltration, memory/state manipulation, and host compromise via indirect prompt injection and malicious skills. Microsoft recommends isolated deployment, least-privilege identities, continuous monitoring, and Defender XDR hunting queries.

https://www.microsoft.com/en-us/security/blog/2026/02/19/running-openclaw-safely-identity-isolation-runtime-risk/

#AI

Читать полностью…

CloudSec Wine

🔶 Amazon S3 starts rolling out new security best practice to new and existing buckets by default

S3 is now deploying a new default bucket security setting which will automatically disable server-side encryption with customer-provided keys (SSE-C) for all new general purpose buckets.

https://aws.amazon.com/ru/about-aws/whats-new/2026/04/s3-default-bucket-security-setting

#aws

Читать полностью…

CloudSec Wine

🔶 Unexpected Routing Behaviour in AWS with VPC Peering and NAT Gateway

When routing VPC peering traffic through an internal NAT gateway in AWS, response traffic bypasses route tables via connection tracking, making all subnets in the peered VPC reachable even without return routes configured. AWS confirmed this is "expected behaviour.".

https://labs.reversec.com/posts/2026/03/unexpected-routing-behaviour-in-aws-with-vpc-peering-and-nat-gateway

#aws

Читать полностью…

CloudSec Wine

🔶 AWS Security Agent on-demand penetration testing now generally available

AWS Security Agent on-demand penetration testing is now GA, offering autonomous 24/7 multi-cloud pen testing combining SAST, DAST, and context-aware agentic AI.

https://aws.amazon.com/ru/blogs/security/aws-security-agent-on-demand-penetration-testing-now-generally-available/

#aws

Читать полностью…

CloudSec Wine

🔶 Enforcing AI Governance Across AWS Organizations

Learn how to enforce AI governance across AWS organizations using Bedrock guardrails, MCP server controls, model availability rules, and API restrictions to reduce risk and improve security.

https://sonraisecurity.com/enforcing-ai-governance-across-aws-orgs

#aws

Читать полностью…

CloudSec Wine

📤 Threat Actors Abuse Railway.com PaaS as Microsoft 365 Token Attack Infrastructure

Railway PaaS is being weaponized as a clean token replay engine in an active AiTM and device code phishing campaign impacting 268+ M365 organizations and 100+ MSPs.

https://www.huntress.com/blog/railway-paas-m365-token-replay-campaign

#PaaS

Читать полностью…

CloudSec Wine

🔴 Remote Command Execution in Google Cloud with Single Directory Deletion - GMO Flatt Security Research

A race condition in Google Cloud Looker's directory deletion API allows deleting the ".git" directory while concurrent Git operations proceed, causing Git to use attacker-controlled worktree configs for RCE. Kubernetes service account misconfigurations further enabled cross-instance privilege escalation.

https://flatt.tech/research/posts/remote-command-execution-in-google-cloud-with-single-directory-deletion

#gcp

Читать полностью…

CloudSec Wine

🔶 Simulating Ransomware with AWS KMS

Post that demonstrates how attackers can abuse AWS KMS by importing malicious key material to encrypt RDS/EBS resources, then deleting the material to make data inaccessible without ransom payment.

https://heilancoos.github.io/research/2025/09/02/aws-kms-ransomware.html

#aws

Читать полностью…

CloudSec Wine

🤖 OpenSandbox

OpenSandbox is a general-purpose sandbox platform for AI applications, offering multi-language SDKs, unified sandbox APIs, and Docker/Kubernetes runtimes for scenarios like Coding Agents, GUI Agents, Agent Evaluation, AI Code Execution, and RL Training.

https://github.com/alibaba/OpenSandbox

#AI

Читать полностью…

CloudSec Wine

🔶 Pwning AI Code Interpreters in AWS Bedrock AgentCore

Phantom Labs discovered that AWS Bedrock AgentCore Code Interpreter's sandbox mode allows DNS queries, enabling bypass of network isolation through DNS-based command-and-control. This research details the discovery, proof-of-concept exploit, disclosure timeline, and defensive guidance for organizations using Code Interpreter workloads.

https://www.beyondtrust.com/blog/entry/pwning-aws-agentcore-code-interpreter

#aws

Читать полностью…

CloudSec Wine

trajan

A multi-platform CI/CD vulnerability detection and attack automation tool for identifying security weaknesses in pipeline configurations. You can also check out the companion blog post.

https://github.com/praetorian-inc/trajan

#cicd

Читать полностью…

CloudSec Wine

🔶 Introducing account regional namespaces for Amazon S3 general purpose bucket

AWS launches a new feature of Amazon S3 that lets you create general purpose buckets in your own account regional namespace simplifying bucket creation and management as your data storage needs grow in size and scope.

https://aws.amazon.com/ru/blogs/aws/introducing-account-regional-namespaces-for-amazon-s3-general-purpose-buckets

#aws

Читать полностью…

CloudSec Wine

🔶 Bucketsquatting is (Finally) Dead

AWS introduced account-regional namespaces for S3 (<prefix> - <accountid> - <region> - an) to eliminate bucketsquatting, where attackers claim deleted bucket names.

https://onecloudplease.com/blog/bucketsquatting-is-finally-dead

#aws

Читать полностью…

CloudSec Wine

🤖 The Reach Pattern

The "Reach" pattern is a personal CLI that hijacks existing browser sessions to query SaaS APIs (Slack, Jira, Confluence, etc.) on your behalf, feeding structured organizational context to your AI coding assistant.

https://jackdanger.com/the-reach-pattern

#AI

Читать полностью…

CloudSec Wine

🔶 Inside AWS Security Agent: A multi-agent architecture for automated penetration testing

AWS Security Agent's penetration testing uses a multi-agent architecture: specialized swarm agents handle reconnaissance, managed/guided exploration, and exploit validation. The system achieves 80% attack success rate on CVE Bench under real-world conditions, with assertion-based validation reducing false positives and CVSS-scored reporting.

https://aws.amazon.com/ru/blogs/security/inside-aws-security-agent-a-multi-agent-architecture-for-automated-penetration-testing/

(Use VPN to open from Russia)

#aws

Читать полностью…

CloudSec Wine

🤖 How "Clinejection" Turned an AI Bot into a Supply Chain Attack

A prompt injection in a GitHub issue title gave attackers code execution inside Cline's CI/CD pipeline, leading to cache poisoning, stolen npm credentials, and an unauthorized package publish affecting the popular AI coding tool's 5 million users. Here's the full technical breakdown and what developers should do now.

https://snyk.io/blog/cline-supply-chain-attack-prompt-injection-github-actions/

(Use VPN to open from Russia)

#AI

Читать полностью…
Subscribe to a channel