2199
All about cloud security Contacts: @AMark0f @dvyakimov About DevSecOps: @sec_devops
🤖 magika
Fast and accurate AI powered file content types detection.
https://github.com/google/magika
#AI
🤖 Orchestrating AI Code Review at scale
Cloudflare built a CI-native, plugin-based AI code review system using OpenCode, orchestrating up to 7 specialised agents (security, performance, code quality, etc.) per merge request. It processed 131K reviews across 48K MRs, averaging $0.98/review at 3m39s median latency, with an 85.7% prompt cache hit rate.
https://blog.cloudflare.com/ai-code-review
#AI
🔐 Passkeys are Your New Best Friend
A lightweight intro to passkeys from Google.
https://bughunters.google.com/blog/passkeys-are-your-new-best-friend
#iam
🌩 All Your Claude Are Belong To Us: Reversing Claude Code's Remote Control Protocol
Researchers reverse-engineered Claude Code's ("claude.exe") undocumented "--sdk-url" flag, fully mapped its CCRv1 WebSocket remote control protocol (NDJSON over WebSockets), and implemented a Python C2 server. The flag accepts arbitrary URLs with no authentication, enabling post-compromise beaconing.
https://www.originhq.com/blog/reversing-remote-control
#ClaudeCode
🔶 A framework for securely collecting forensic artifacts into S3 buckets
Blog presenting an AWS architecture for securely collecting forensic artifacts into S3, using IAM least-privilege session policies, STS time-limited credentials scoped per case prefix, KMS encryption, S3 versioning, and an automated Step Functions/Lambda/SSM workflow deployable via AWS CDK.
https://aws.amazon.com/ru/blogs/security/a-framework-for-securely-collecting-forensic-artifacts-into-s3-buckets
#aws
🤖 NomShub: Weaponizing Cursor's Remote Tunnel Through Indirect Prompt Injection and Sandbox Breakout
NomShub is a critical vulnerability chain in the Cursor AI code editor where a malicious repository can silently hijack a developer's machine, combining indirect prompt injection, a sandbox escape via shell builtins, and Cursor's built-in remote tunnel to give attackers persistent, undetected shell access triggered simply by opening a repo.
https://www.straiker.ai/blog/nomshub-cursor-remote-tunneling-sandbox-breakout
#AI
🔶 Launching S3 Files, making S3 buckets accessible as file system
Amazon S3 Files makes S3 buckets accessible as high-performance file systems on AWS compute resources, eliminating the tradeoff between object storage benefits and interactive file capabilities while enabling seamless data sharing with ~1ms latencies.
https://aws.amazon.com/ru/blogs/aws/launching-s3-files-making-s3-buckets-accessible-as-file-systems
#aws
🤖 How Command Injection Vulnerability in OpenAI Codex Leads to GitHub Token Compromise
BeyondTrust Phantom Labs recently identified a critical command injection vulnerability in OpenAI Codex that allowed for the theft of GitHub User Access Tokens.
https://www.beyondtrust.com/blog/entry/openai-codex-command-injection-vulnerability-github-token
#AI
🔶 aws-preflight
Check your AWS CLI commands for security risks before you run them.
https://github.com/gabrielPav/aws-preflight
#aws
🔴 Double Agents: Exposing Security Blind Spots in GCP Vertex AI
Unit 42 researchers found that GCP Vertex AI Agent Engine's default P4SA service account has excessive permissions, enabling credential theft via the metadata service. This allows privilege escalation to read all consumer GCS buckets, access restricted Google-internal Artifact Registry container images, and expose internal source code.
https://unit42.paloaltonetworks.com/double-agents-vertex-ai
#gcp
👨💻 Widespread GitHub Campaign Uses Fake VS Code Security Alerts to Deliver Malware
A large-scale phishing campaign is targeting developers directly inside GitHub, using fake Visual Studio Code security alerts posted through Discussions to trick users into installing malicious software.
https://socket.dev/blog/widespread-github-campaign-uses-fake-vs-code-security-alerts-to-deliver-malware
#github
🔶 Locking down AWS principal tags with RCPs and SCPs
A post explaining how to use SCPs to restrict sensitive IAM actions to tagged principals, RCPs to block unauthorized "scp-*" session tags from external/non-tagger principals, and SCPs to protect the "tagger" role itself via CloudFormation StackSets.
https://awsteele.com/blog/2026/02/21/locking-down-aws-principal-tags-with-rcps-and-scps.html
#aws
🔶 Cracks in the Bedrock: Bypassing SCP Enforcement with Long-Lived API Keys
Sonrai Security researcher discovered that AWS "bedrock-mantle" IAM permissions could bypass SCP enforcement when using long-lived Service Specific Credential API keys. IAM policy denials worked correctly, but SCP denials were bypassed. AWS patched this between Jan–Feb 2026; no customer action required.
https://sonraisecurity.com/blog/cracks-in-the-bedrock
#aws
🤖 Securing our codebase with autonomous agents
Cursor's security team built a fleet of security agents to find and fix vulnerabilities across a fast-changing codebase.
https://cursor.com/blog/security-agents
#AI
🔶 Pentesting a pentest agent - Here's what I've found in AWS Security Agent
A researcher pentested AWS Security Agent, finding 4 issues: DNS confusion enabling unauthorized domain pentesting, a full reverse shell/container escape chain to host root + AWS credentials via prompt injection, unnecessary destructive actions (e.g., DROP TABLE probes, exploit-based cleanup deleting /etc/crontab), and unredacted secrets in pentest reports.
https://blog.richardfan.xyz/2026/03/14/pentesting-a-pentest-agent-heres-what-ive-found-in-aws-security-agent.html
#aws
🌩 My Claude Code Setup (2026 Edition)
A walkthrough of my Claude Code setup across a multi-project monorepo: global settings, safety guardrails, a context/plan/code workflow, subagents and plugins, and the StarCraft-themed customisations that make the terminal feel like mine.
https://blog.marcolancini.it/2026/blog-my-claude-code-setup
#ClaudeCode
🤖 How Amazon uses agentic AI for vulnerability detection at global scale
Amazon's RuleForge is a multi-agent AI system that auto-generates CVE detection rules from exploit PoC code. It uses parallel generation (via Amazon Bedrock/Fargate), a separate judge model (reducing false positives by 67%), and multistage validation, achieving 336% faster rule production than manual workflows while keeping humans in the final approval loop.
https://www.amazon.science/blog/how-amazon-uses-agentic-ai-for-vulnerability-detection-at-global-scale
#AI
👨💻 GitHub Actions Security Pt 1: Attacks & Defenses
Part one of a two-part series on GitHub Actions security, covering the core threat model, common misconfigurations, and real-world attack examples.
https://www.wiz.io/blog/github-actions-security-threat-model-and-defenses
#github
🤖 The “AI Vulnerability Storm”: Building a “Mythos-ready” Security Program
AI, as demonstrated by Anthropic's Mythos, has significantly increased the likelihood of attackers discovering new vulnerabilities, creating new exploits, and using them in complex automated attacks at scale. While AI also increases the speed of patch development and reduces defects in new software, defenders still face a heavier relative burden due to the inherent limitations of patching. Attackers gain asymmetric benefits.
#AI
🤖 Claude & Control: An Introduction to Agentic C2 with Computer Use Agents
This blog explores how computer use agents can be used to build an agentic command-and-control framework. By combining LLM reasoning with desktop interaction tools, attackers could automate endpoint control while blending into normal system behavior. Here, we break down the architecture, abuse scenarios, and detection opportunities.
https://www.beyondtrust.com/blog/entry/claude-control-agentic-c2-computer-use-agent
#AI
🔶 Amazon S3 starts rolling out new security best practice to new and existing buckets by default
S3 is now deploying a new default bucket security setting which will automatically disable server-side encryption with customer-provided keys (SSE-C) for all new general purpose buckets.
https://aws.amazon.com/ru/about-aws/whats-new/2026/04/s3-default-bucket-security-setting
#aws
🔶 Unexpected Routing Behaviour in AWS with VPC Peering and NAT Gateway
When routing VPC peering traffic through an internal NAT gateway in AWS, response traffic bypasses route tables via connection tracking, making all subnets in the peered VPC reachable even without return routes configured. AWS confirmed this is "expected behaviour.".
https://labs.reversec.com/posts/2026/03/unexpected-routing-behaviour-in-aws-with-vpc-peering-and-nat-gateway
#aws
🔶 AWS Security Agent on-demand penetration testing now generally available
AWS Security Agent on-demand penetration testing is now GA, offering autonomous 24/7 multi-cloud pen testing combining SAST, DAST, and context-aware agentic AI.
https://aws.amazon.com/ru/blogs/security/aws-security-agent-on-demand-penetration-testing-now-generally-available/
#aws
🔶 Enforcing AI Governance Across AWS Organizations
Learn how to enforce AI governance across AWS organizations using Bedrock guardrails, MCP server controls, model availability rules, and API restrictions to reduce risk and improve security.
https://sonraisecurity.com/enforcing-ai-governance-across-aws-orgs
#aws
📤 Threat Actors Abuse Railway.com PaaS as Microsoft 365 Token Attack Infrastructure
Railway PaaS is being weaponized as a clean token replay engine in an active AiTM and device code phishing campaign impacting 268+ M365 organizations and 100+ MSPs.
https://www.huntress.com/blog/railway-paas-m365-token-replay-campaign
#PaaS
🔴 Remote Command Execution in Google Cloud with Single Directory Deletion - GMO Flatt Security Research
A race condition in Google Cloud Looker's directory deletion API allows deleting the ".git" directory while concurrent Git operations proceed, causing Git to use attacker-controlled worktree configs for RCE. Kubernetes service account misconfigurations further enabled cross-instance privilege escalation.
https://flatt.tech/research/posts/remote-command-execution-in-google-cloud-with-single-directory-deletion
#gcp
🔶 Simulating Ransomware with AWS KMS
Post that demonstrates how attackers can abuse AWS KMS by importing malicious key material to encrypt RDS/EBS resources, then deleting the material to make data inaccessible without ransom payment.
https://heilancoos.github.io/research/2025/09/02/aws-kms-ransomware.html
#aws
🤖 OpenSandbox
OpenSandbox is a general-purpose sandbox platform for AI applications, offering multi-language SDKs, unified sandbox APIs, and Docker/Kubernetes runtimes for scenarios like Coding Agents, GUI Agents, Agent Evaluation, AI Code Execution, and RL Training.
https://github.com/alibaba/OpenSandbox
#AI
🔶 Pwning AI Code Interpreters in AWS Bedrock AgentCore
Phantom Labs discovered that AWS Bedrock AgentCore Code Interpreter's sandbox mode allows DNS queries, enabling bypass of network isolation through DNS-based command-and-control. This research details the discovery, proof-of-concept exploit, disclosure timeline, and defensive guidance for organizations using Code Interpreter workloads.
https://www.beyondtrust.com/blog/entry/pwning-aws-agentcore-code-interpreter
#aws
⚙ trajan
A multi-platform CI/CD vulnerability detection and attack automation tool for identifying security weaknesses in pipeline configurations. You can also check out the companion blog post.
https://github.com/praetorian-inc/trajan
#cicd