cloud_sec | Unsorted

Telegram-канал cloud_sec - CloudSec Wine

2225

All about cloud security Contacts: @AMark0f @dvyakimov About DevSecOps: @sec_devops

Subscribe to a channel

CloudSec Wine

👩‍💻 The expendable extension name: Azure VMAccess naming chaos, password resets, and a detection gap

The Sysdig Threat Research Team uncovered a detection gap in Azure VM password resets that allows attackers to evade name-based detections by assigning arbitrary VM extension names. Learn how the flaw works, why Microsoft's documented detection guidance failed during testing, and what defenders should monitor instead.

https://www.sysdig.com/blog/the-expendable-extension-name-azure-vmaccess-naming-chaos-password-resets-and-a-detection-gap

#azure

Читать полностью…

CloudSec Wine

🔶 CISA Admin Leaked AWS GovCloud Keys on Github

A Nightwing contractor's public GitHub repo ("Private-CISA"), active since November 2025, exposed plaintext AWS GovCloud admin keys, Firefox-saved passwords, kubeconfig, and Artifactory credentials for CISA internal systems, with GitHub's secret-scanning protections deliberately disabled.

https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github

#aws

Читать полностью…

CloudSec Wine

🌩 Skill Issues: Compromising Claude Code with malicious skills & agents

With the increasing usage of AI Coding agents, can coding agent skill files be exploited as an initial access mechanism, and how? This is part 1 of a 3 part series exploring the attack surface and defensive recommendations.

https://labs.reversec.com/posts/2026/05/skill-issues-compromising-claude-code-with-malicious-skills-agents-part-1

#ClaudeCode

Читать полностью…

CloudSec Wine

🔶 Authorization Bypass in Amazon Quick: Unauthorized AI Chat Agent Usage

An authorization bypass in Amazon Quick's AI Chat Agents that allowed users to access and interact with AI agents despite explicit administrative restrictions. AWS responded by deploying a fix without notifying customers, classified the issue as “none,” and did not publish an advisory.

https://www.fogsecurity.io/blog/authorization-bypass-in-amazon-quick-ai-agents

#aws

Читать полностью…

CloudSec Wine

🔶 The AWS Bedrock API Keys Security Guide Part 2: Detection, Prevention, and Response

The second part of a guide to AWS Bedrock API key security, this research builds off of the risks of AWS Bedrock API keys introduced in part one to cover detection, prevention, incident response, and migration to STS.

https://www.beyondtrust.com/blog/entry/aws-bedrock-security-guide-api-keys-detection-response

#aws

Читать полностью…

CloudSec Wine

20 мая в 12:00 (мск) пройдёт бесплатный вебинар «Автоматизация процессов безопасности в Kubernetes: опыт MWS Cloud Platform». 

Руководитель направления облачной безопасности Алексей Федулаев расскажет: 
- Какие есть подводные камни при переходе с ручных сканов 
- Как покрыть тепловыми картами кластеры и отслеживать нарушения
- Как находить аномалии в поведении пользователей 
- И наконец, как это всё подружить с центром безопасности

Вебинар будет полезен директорам по ИТ и ИБ, ИБ-специалистам и инженерам, работающим в облачных средах. 

Регистрируйтесь, подключайтесь к прямому эфиру и задавайте вопросы в чате. 

📆 20 мая в 12:00

#advertising

Читать полностью…

CloudSec Wine

🤖 LeakyLM: AI Assistants Are Leaking Your Conversations

Research disclosing that ChatGPT, Claude, Grok, and Perplexity embed third-party trackers (Meta, Google, TikTok) that leak conversation URLs, email hashes, and user identifiers, often bypassing cookie consent. via client-side pixels and server-side forwarding.

https://leakylm.github.io

#AI

Читать полностью…

CloudSec Wine

🤖 Building an AI Ready Vulnerability Management Program After NVD Changes and Claude Mythos

NVD's April 2026 scope reduction (enriching only KEVs and critical federal software) collides with AI-accelerated vulnerability discovery (e.g., Claude Mythos), creating a dangerous gap in OSS CVE coverage.

https://pulse.latio.tech/p/building-an-ai-ready-vulnerability

#AI

Читать полностью…

CloudSec Wine

🔎 How We Scaled Security Reviews Without Slowing Down Engineering

Postman is sharing the evolution of their Security Review Process (SRP). What didn't work, what they changed, and how they built SRP v2, a risk-based, automation-first security model embedded directly into their SDLC.

https://blog.postman.com/how-we-scaled-security-reviews-without-slowing-down-engineering

#SRP

Читать полностью…

CloudSec Wine

👨‍💻 GitHub RCE Vulnerability: CVE-2026-3854 Breakdown

Wiz Research discovered CVE-2026-3854 (CVSS 8.7): an unsanitized semicolon injection in GitHub's X-Stat internal header allows any authenticated user to override security fields via git push -o, achieving RCE on GitHub com and full GHES server compromise.

https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

#github

Читать полностью…

CloudSec Wine

🤖 magika

Fast and accurate AI powered file content types detection.

https://github.com/google/magika

#AI

Читать полностью…

CloudSec Wine

🤖 Orchestrating AI Code Review at scale

Cloudflare built a CI-native, plugin-based AI code review system using OpenCode, orchestrating up to 7 specialised agents (security, performance, code quality, etc.) per merge request. It processed 131K reviews across 48K MRs, averaging $0.98/review at 3m39s median latency, with an 85.7% prompt cache hit rate.

https://blog.cloudflare.com/ai-code-review

#AI

Читать полностью…

CloudSec Wine

🔐 Passkeys are Your New Best Friend

A lightweight intro to passkeys from Google.

https://bughunters.google.com/blog/passkeys-are-your-new-best-friend

#iam

Читать полностью…

CloudSec Wine

🌩 All Your Claude Are Belong To Us: Reversing Claude Code's Remote Control Protocol

Researchers reverse-engineered Claude Code's ("claude.exe") undocumented "--sdk-url" flag, fully mapped its CCRv1 WebSocket remote control protocol (NDJSON over WebSockets), and implemented a Python C2 server. The flag accepts arbitrary URLs with no authentication, enabling post-compromise beaconing.

https://www.originhq.com/blog/reversing-remote-control

#ClaudeCode

Читать полностью…

CloudSec Wine

🔶 A framework for securely collecting forensic artifacts into S3 buckets

Blog presenting an AWS architecture for securely collecting forensic artifacts into S3, using IAM least-privilege session policies, STS time-limited credentials scoped per case prefix, KMS encryption, S3 versioning, and an automated Step Functions/Lambda/SSM workflow deployable via AWS CDK.

https://aws.amazon.com/ru/blogs/security/a-framework-for-securely-collecting-forensic-artifacts-into-s3-buckets

#aws

Читать полностью…

CloudSec Wine

Аудитные логи в облаке — отдельная распределённая система со своими требованиями к надёжности и стоимости хранения, а не «таблица с событиями».

Команда MWS Cloud Platform выложила подробный разбор архитектуры своего сервиса: от библиотеки, которую подключают сервисы облака, до хранилища на Apache Iceberg и движка StarRocks, с объяснением, почему выбрали именно такой набор технологий и где спрятаны неочевидные грабли.

Полезно всем, кто разрабатывает ИБ-инструменты, работает с большим количеством событий или просто интересуется инструментами безопасности в облаке.

Читать статью на Хабре

#реклама

Читать полностью…

CloudSec Wine

🌩 Automating Security Operations with AI: Triaging Renovate PR

A Claude Code Routine that triages every Renovate PR by risk, flags dead deps, and catches deprecated framework configs before I touch the diff.

https://blog.marcolancini.it/2026/blog-automating-security-operations-with-ai-triage-renovate

#ClaudeCode

Читать полностью…

CloudSec Wine

🌩 Claude Code MCP Token Theft: MitM Attack Explained

Mitiga Labs shows how Claude Code MCP configuration can be hijacked through ~/.claude.json to steal OAuth tokens, persist through rotation, and hide in trusted SaaS activity.

https://www.mitiga.io/blog/claude-code-mcp-token-theft-mitm

#ClaudeCode

Читать полностью…

CloudSec Wine

🤖 AI Threat Readiness Framework

Wiz proposes a 4-pillar AI Threat Readiness Framework: (1) reduce attack surface and AI-scan all exposures; (2) accelerate CVE patching and zero-day response; (3) perform deep AI-driven code analysis; (4) automate real-time threat detection and containment.

https://www.wiz.io/blog/ai-threat-readiness-framework

#AI

Читать полностью…

CloudSec Wine

🤖 Skill Issues: How We Discovered Supply Chain Attack Vectors in an AI Agent Skills Marketplace

Orca Security identified four supply chain attack primitives in an AI agent skills marketplace: unauthenticated install count inflation, non-deterministic security scanning, silent skill name override, and blind bulk updates. All enabling bait-and-switch, nested skill injection, and delayed weaponization attacks achieving real-world RCE.

https://orca.security/resources/blog/ai-agent-skill-supply-chain-security

#AI

Читать полностью…

CloudSec Wine

🤖 The (In)security Landscape of AI-Powered GitHub Actions (Part 2/2)

Wiz researchers analysed popular AI GitHub Actions (Anthropic, OpenAI, Google) and found: bot permission-check bypasses enabling untrusted external apps to trigger AI workflows, novel credential-file exfiltration vectors unrecognised by LLMs as sensitive, and widespread misconfigurations in repos with 200,000+ combined stars.

https://www.wiz.io/blog/github-actions-security-ai-powered-actions-vulnerabilities

#AI

Читать полностью…

CloudSec Wine

🔶 The Danger of Multi-SSO AWS Cognito User Pools

This post explores security anti-patterns in multi-SSO AWS Cognito User Pools: ghost identity injection via misconfigured Lambda triggers, "triggerSource" blind spots, sub-splitting attacks on "event.userName", and IdP identifier hijacks. It also introduces "maSSO", a weaponized OIDC/SAML IdP for pentesting.

https://blog.doyensec.com/2026/05/05/cloudsectidbits-masso-cognito-sso.html

#aws

Читать полностью…

CloudSec Wine

🖥 Proof, Not Promises: Evaluating Code Scanner Efficacy

How Block built benchmrk, a harness for measuring SAST scanner efficacy against ground truth you control.

https://engineering.block.xyz/blog/proof-not-promises-evaluating-code-scanner-efficacy

#SAST

Читать полностью…

CloudSec Wine

🤖 OpenShell

OpenShell is the safe, private runtime for autonomous AI agents.

https://github.com/NVIDIA/OpenShell

#AI

Читать полностью…

CloudSec Wine

🤖 redai

AI-driven vulnerability discovery and live validation.

https://github.com/kpolley/redai

#AI

Читать полностью…

CloudSec Wine

🌩 My Claude Code Setup (2026 Edition)

A walkthrough of my Claude Code setup across a multi-project monorepo: global settings, safety guardrails, a context/plan/code workflow, subagents and plugins, and the StarCraft-themed customisations that make the terminal feel like mine.

https://blog.marcolancini.it/2026/blog-my-claude-code-setup

#ClaudeCode

Читать полностью…

CloudSec Wine

🤖 How Amazon uses agentic AI for vulnerability detection at global scale

Amazon's RuleForge is a multi-agent AI system that auto-generates CVE detection rules from exploit PoC code. It uses parallel generation (via Amazon Bedrock/Fargate), a separate judge model (reducing false positives by 67%), and multistage validation, achieving 336% faster rule production than manual workflows while keeping humans in the final approval loop.

https://www.amazon.science/blog/how-amazon-uses-agentic-ai-for-vulnerability-detection-at-global-scale

#AI

Читать полностью…

CloudSec Wine

👨‍💻 GitHub Actions Security Pt 1: Attacks & Defenses

Part one of a two-part series on GitHub Actions security, covering the core threat model, common misconfigurations, and real-world attack examples.

https://www.wiz.io/blog/github-actions-security-threat-model-and-defenses

#github

Читать полностью…

CloudSec Wine

🤖 The “AI Vulnerability Storm”: Building a “Mythos-ready” Security Program

AI, as demonstrated by Anthropic's Mythos, has significantly increased the likelihood of attackers discovering new vulnerabilities, creating new exploits, and using them in complex automated attacks at scale. While AI also increases the speed of patch development and reduces defects in new software, defenders still face a heavier relative burden due to the inherent limitations of patching. Attackers gain asymmetric benefits.

#AI

Читать полностью…

CloudSec Wine

🤖 Claude & Control: An Introduction to Agentic C2 with Computer Use Agents

This blog explores how computer use agents can be used to build an agentic command-and-control framework. By combining LLM reasoning with desktop interaction tools, attackers could automate endpoint control while blending into normal system behavior. Here, we break down the architecture, abuse scenarios, and detection opportunities.

https://www.beyondtrust.com/blog/entry/claude-control-agentic-c2-computer-use-agent

#AI

Читать полностью…
Subscribe to a channel