ch
Feedback
CloudSec Wine

CloudSec Wine

前往频道在 Telegram

All about cloud security Contacts: @AMark0f @dvyakimov About DevSecOps: @sec_devops

显示更多
俄罗斯202 478技术与应用29 512
2 227
订阅者
-124 小时
-37
-330

数据加载中...

相似频道
The Bug Bounty Hunter
47.9K
The Bug Bounty Hunter
r0 Crew (Channel)
9.2K
r0 Crew (Channel)
Security Harvester
8.9K
Security Harvester
Sysadmin Tools 🇺🇦
4.1K
Sysadmin Tools 🇺🇦
AWS feed. Русскій ваєнний карабль - іді нахуй.
637
AWS feed. Русскій ваєнний карабль - іді нахуй.
avatar
1
更多频道
标签云
aws36
microsoft23
gcp22
identity21
iam15
threat15
attack13
credential13
ec212
encryption11
kubernete11
infrastructure10
policy10
terraform10
api9
capability9
copilot9
instance9
vpc9
configuration7
进出提及
---
---
---
---
---
---
吸引订阅者
六月 '26
六月 '26
+21
在0个频道中
五月 '26
+41
在2个频道中
Get PRO
四月 '26
+38
在2个频道中
Get PRO
三月 '26
+81
在3个频道中
Get PRO
二月 '26
+34
在0个频道中
Get PRO
一月 '26
+38
在0个频道中
Get PRO
十二月 '25
+30
在0个频道中
Get PRO
十一月 '25
+31
在0个频道中
Get PRO
十月 '25
+27
在0个频道中
Get PRO
九月 '25
+20
在0个频道中
Get PRO
八月 '25
+31
在0个频道中
Get PRO
七月 '25
+15
在0个频道中
Get PRO
六月 '25
+28
在0个频道中
Get PRO
五月 '25
+24
在3个频道中
Get PRO
四月 '25
+26
在0个频道中
Get PRO
三月 '25
+17
在0个频道中
Get PRO
二月 '25
+29
在1个频道中
Get PRO
一月 '25
+11
在0个频道中
Get PRO
十二月 '24
+18
在0个频道中
Get PRO
十一月 '24
+33
在0个频道中
Get PRO
十月 '24
+35
在1个频道中
Get PRO
九月 '24
+44
在1个频道中
Get PRO
八月 '24
+47
在1个频道中
Get PRO
七月 '24
+39
在0个频道中
Get PRO
六月 '24
+27
在0个频道中
Get PRO
五月 '24
+27
在0个频道中
Get PRO
四月 '24
+55
在1个频道中
Get PRO
三月 '24
+42
在1个频道中
Get PRO
二月 '24
+49
在1个频道中
Get PRO
一月 '24
+47
在1个频道中
Get PRO
十二月 '23
+58
在1个频道中
Get PRO
十一月 '23
+43
在1个频道中
Get PRO
十月 '23
+25
在1个频道中
Get PRO
九月 '23
+50
在0个频道中
Get PRO
八月 '23
+45
在0个频道中
Get PRO
七月 '23
+40
在0个频道中
Get PRO
六月 '23
+52
在0个频道中
Get PRO
五月 '23
+131
在0个频道中
Get PRO
四月 '23
+27
在0个频道中
Get PRO
三月 '23
+59
在0个频道中
Get PRO
二月 '23
+23
在0个频道中
Get PRO
一月 '23
+20
在0个频道中
Get PRO
十二月 '22
+19
在0个频道中
Get PRO
十一月 '22
+29
在0个频道中
Get PRO
十月 '22
+32
在0个频道中
Get PRO
九月 '22
+28
在0个频道中
Get PRO
八月 '22
+48
在0个频道中
Get PRO
七月 '22
+48
在0个频道中
Get PRO
六月 '22
+38
在0个频道中
Get PRO
五月 '22
+69
在0个频道中
Get PRO
四月 '22
+27
在0个频道中
Get PRO
三月 '22
+16
在0个频道中
Get PRO
二月 '22
+24
在0个频道中
Get PRO
一月 '22
+90
在0个频道中
Get PRO
十二月 '21
+42
在0个频道中
Get PRO
十一月 '21
+22
在0个频道中
Get PRO
十月 '21
+27
在0个频道中
Get PRO
九月 '21
+97
在0个频道中
Get PRO
八月 '21
+53
在0个频道中
Get PRO
七月 '21
+61
在0个频道中
Get PRO
六月 '21
+86
在0个频道中
Get PRO
五月 '21
+10
在0个频道中
Get PRO
四月 '21
+15
在0个频道中
Get PRO
三月 '21
+29
在0个频道中
Get PRO
二月 '21
+93
在0个频道中
Get PRO
一月 '21
+52
在0个频道中
Get PRO
十二月 '20
+764
在0个频道中
日期
订阅者增长
提及
频道
25 六月+1
24 六月0
23 六月+2
22 六月0
21 六月0
20 六月0
19 六月0
18 六月+1
17 六月+1
16 六月+1
15 六月+2
14 六月+2
13 六月+1
12 六月+1
11 六月+1
10 六月+1
09 六月0
08 六月+1
07 六月+1
06 六月+1
05 六月+1
04 六月+2
03 六月0
02 六月0
01 六月+1
频道帖子
CloudSec Wine
🔶 Governing AI Assets at Scale with MCP Gateway and Registry Open source MCP Gateway and Registry (Apache 2.0) provides ente
🔶 Governing AI Assets at Scale with MCP Gateway and Registry Open source MCP Gateway and Registry (Apache 2.0) provides enterprise governance for AI assets (MCP servers, agents, skills) via centralized discovery, fine-grained RBAC, supply-chain security scanning, hybrid semantic/keyword search, OpenTelemetry observability, federation with external registries, and deployable on EKS/ECS/EC2. https://aws.amazon.com/ru/blogs/opensource/governing-ai-assets-at-scale-with-mcp-gateway-and-registry #aws

2
🔴 Mind the Gap: GCP serviceData in Logs Explorer vs. Exported Logs GCP's deprecated serviceData field gets silently stripped+1
🔴 Mind the Gap: GCP serviceData in Logs Explorer vs. Exported Logs GCP's deprecated serviceData field gets silently stripped when audit logs reach your SIEM, leaving detection rules blind to disabled logging. Here's the gap. https://permiso.io/blog/gcp-servicedata-officially-deprecated-actively-dangerous #gcp
147
3
👩‍💻 Holding blobs for ransom: Four methods for Azure Storage ransomware This post explores four vectors for threat actors t
👩‍💻 Holding blobs for ransom: Four methods for Azure Storage ransomware This post explores four vectors for threat actors to abuse Azure Storage to maliciously encrypt victim blobs, including step-by-step explanations and event codes for detection. https://securitylabs.datadoghq.com/articles/azure-blob-storage-ransomware-four-methods #azure
172
4
🤖 AI Agent Supply-Chain Malware in Instruction Files Mitiga Labs scanned 50,000+ AI instruction files across 7,000+ repos, f
🤖 AI Agent Supply-Chain Malware in Instruction Files Mitiga Labs scanned 50,000+ AI instruction files across 7,000+ repos, finding prompt-exfiltration malware, ANTHROPIC_BASE_URL MITM overrides, YOLO-mode permission bypasses, and 1,230+ hardcoded API keys. They released Skillgate, a free scanner, to detect these techniques. https://www.mitiga.io/blog/malware-in-ai-instruction-files-skillgate #AI
207
5
🔶 local-cloud-browser Mac-Native AWS GUI, enables you to perform some fundamental actions without a CLI mess. https://github
🔶 local-cloud-browser Mac-Native AWS GUI, enables you to perform some fundamental actions without a CLI mess. https://github.com/milan0x/local-cloud-browser #aws
289
6
🔶 local-cloud-browser Mac-Native AWS GUI, enables you to perform some fundamental actions without a CLI mess. https://github
🔶 local-cloud-browser Mac-Native AWS GUI, enables you to perform some fundamental actions without a CLI mess. https://github.com/milan0x/local-cloud-browser #aws
1
7
🤖 Entra Agent ID: The blueprint blast radius Entra Agent ID is an extension of Entra's application model that provides ident
🤖 Entra Agent ID: The blueprint blast radius Entra Agent ID is an extension of Entra's application model that provides identities for AI agents. Unlike applications, the agent identity model allows linking a single app registration (blueprint) to multiple identities and their associated privileges, increasing the potential blast radius of a compromised agent. https://securitylabs.datadoghq.com/articles/agent-id-blueprint-blast-radius #AI
285
8
🌩 Securing CI/CD in an agentic world: Claude Code Github action case Microsoft Threat Intelligence identified a prompt injec+1
🌩 Securing CI/CD in an agentic world: Claude Code Github action case Microsoft Threat Intelligence identified a prompt injection pathway in Claude Code GitHub Action that allowed access to workflow secrets under specific conditions. This research examines the attack chain, responsible disclosure process, Anthropic's mitigation, and guidance for securing AI-powered CI/CD workflows. https://www.microsoft.com/en-us/security/blog/2026/06/05/securing-ci-cd-in-agentic-world-claude-code-github-action-case #ClaudeCode
315
9
🔶 Operationalizing AWS security: A maturity roadmap A six-phase maturity roadmap for operationalizing AWS Security Hub and G
🔶 Operationalizing AWS security: A maturity roadmap A six-phase maturity roadmap for operationalizing AWS Security Hub and GuardDuty: assess current state, reduce alert noise via tuning, build tiered notification routing, implement automated remediation for high-confidence findings, establish recurring review cadences with metrics, then expand with Inspector, Macie, Security Lake, and preventive controls. https://aws.amazon.com/ru/blogs/security/operationalizing-aws-security-a-maturity-roadmap #aws
265
10
Identity-and-Access-Management-Whitepaper.pdf
302
11
🔐 Identity and Access Management Whitepaper CNCF TAG Security released an IAM whitepaper targeting architects and platform engineers, covering zero-trust vs. perimeter models, PEP/PDP-based authorization, SPIFFE workload identity, and authentication patterns for stateful and stateless cloud native workloads. https://www.cncf.io/blog/2026/06/04/identity-and-access-management-whitepaper #iam
302
12
🌩 Hidden Gaps in Claude Code Security Reviews Claude Code's /security-review is vulnerable to model anchoring bias when run
🌩 Hidden Gaps in Claude Code Security Reviews Claude Code's /security-review is vulnerable to model anchoring bias when run in the same session that wrote the code. A new diff-scoped plugin avoids this but misses cross-commit vulnerability chains where each individual change appears benign in isolation. https://brainoverflow.blog/posts/claude-code-security-review-bias #ClaudeCode
430
13
🤖 Hermes-USB-Portable Run a fully self-contained, self-improving AI agent from a single folder or USB drive. https://github.
🤖 Hermes-USB-Portable Run a fully self-contained, self-improving AI agent from a single folder or USB drive. https://github.com/techjarves/hermes-usb-portable #AI
362
14
🤖 Hermes-USB-Portable Run a fully self-contained, self-improving AI agent from a single folder or USB drive. https://github.
🤖 Hermes-USB-Portable Run a fully self-contained, self-improving AI agent from a single folder or USB drive. https://github.com/techjarves/hermes-usb-portable #AI
1
15
👩‍💻 Azure’s Hidden Operators: A Threat Model for Platform-Level Managed Identities Post which explores, names, defines, and
👩‍💻 Azure’s Hidden Operators: A Threat Model for Platform-Level Managed Identities Post which explores, names, defines, and threat-models an Azure identity type that has quietly operated inside every customer tenant. Never documented under a single name, never owned by you, and never fully visible to you. https://www.vectra.ai/blog/azures-hidden-operators-a-threat-model-for-platform-level-managed-identities #azure
358
16
👩‍💻 Azure’s Hidden Operators: A Threat Model for Platform-Level Managed Identities Post which explores, names, defines, and
👩‍💻 Azure’s Hidden Operators: A Threat Model for Platform-Level Managed Identities Post which explores, names, defines, and threat-models an Azure identity type that has quietly operated inside every customer tenant. Never documented under a single name, never owned by you, and never fully visible to you. https://www.vectra.ai/blog/azures-hidden-operators-a-threat-model-for-platform-level-managed-identities #azure
1
17
🤖 ChatGPhish: The Page Is the Payload Any web page a victim asks ChatGPT to summarize can become a phishing payload. P0 Labs
🤖 ChatGPhish: The Page Is the Payload Any web page a victim asks ChatGPT to summarize can become a phishing payload. P0 Labs research reveals a Markdown rendering vulnerability in ChatGPT's response UI. https://permiso.io/blog/chatgpt-markdown-rendering-vulnerability #AI
352
18
🔶 Well-architected best practices for software supply chain security Aligned with the AWS Well-Architected Security Pillar,+1
🔶 Well-architected best practices for software supply chain security Aligned with the AWS Well-Architected Security Pillar, the article recommends defending against npm supply chain attacks (e.g., Shai-Hulud) by using temporary credentials, least-privilege IAM, artifact signing via AWS Signer, centralized dependency management with CodeArtifact, continuous scanning via Amazon Inspector, and CloudTrail-based monitoring. https://aws.amazon.com/ru/blogs/security/well-architected-best-practices-for-software-supply-chain-security #aws
421
19
🤖 A Security Researcher’s Guide to Understanding Copilot Studio AI Agents A guide to understanding Copilot Studio AI agents,
🤖 A Security Researcher’s Guide to Understanding Copilot Studio AI Agents A guide to understanding Copilot Studio AI agents, their deeper architecture on Entra ID and APIM, and key security risks. https://www.beyondtrust.com/blog/entry/copilot-studio-ai-agents-security-risks #AI
357
20
ComparingAIApplicationSecurityTestingPlatforms_Doyensec (1).pdf
360
查看所有帖子