CloudSec Wine

🔴 Mind the Gap: GCP serviceData in Logs Explorer vs. Exported Logs GCP's deprecated serviceData field gets silently stripped when audit logs reach your SIEM, leaving detection rules blind to disabled logging. Here's the gap. https://permiso.io/blog/gcp-servicedata-officially-deprecated-actively-dangerous #gcp

👩‍💻 Holding blobs for ransom: Four methods for Azure Storage ransomware This post explores four vectors for threat actors to abuse Azure Storage to maliciously encrypt victim blobs, including step-by-step explanations and event codes for detection. https://securitylabs.datadoghq.com/articles/azure-blob-storage-ransomware-four-methods #azure

🤖 AI Agent Supply-Chain Malware in Instruction Files Mitiga Labs scanned 50,000+ AI instruction files across 7,000+ repos, finding prompt-exfiltration malware, ANTHROPIC_BASE_URL MITM overrides, YOLO-mode permission bypasses, and 1,230+ hardcoded API keys. They released Skillgate, a free scanner, to detect these techniques. https://www.mitiga.io/blog/malware-in-ai-instruction-files-skillgate #AI

🔶 local-cloud-browser Mac-Native AWS GUI, enables you to perform some fundamental actions without a CLI mess. https://github.com/milan0x/local-cloud-browser #aws

🔶 local-cloud-browser Mac-Native AWS GUI, enables you to perform some fundamental actions without a CLI mess. https://github.com/milan0x/local-cloud-browser #aws

🤖 Entra Agent ID: The blueprint blast radius Entra Agent ID is an extension of Entra's application model that provides identities for AI agents. Unlike applications, the agent identity model allows linking a single app registration (blueprint) to multiple identities and their associated privileges, increasing the potential blast radius of a compromised agent. https://securitylabs.datadoghq.com/articles/agent-id-blueprint-blast-radius #AI

🌩 Securing CI/CD in an agentic world: Claude Code Github action case Microsoft Threat Intelligence identified a prompt injection pathway in Claude Code GitHub Action that allowed access to workflow secrets under specific conditions. This research examines the attack chain, responsible disclosure process, Anthropic's mitigation, and guidance for securing AI-powered CI/CD workflows. https://www.microsoft.com/en-us/security/blog/2026/06/05/securing-ci-cd-in-agentic-world-claude-code-github-action-case #ClaudeCode

🔶 Operationalizing AWS security: A maturity roadmap A six-phase maturity roadmap for operationalizing AWS Security Hub and GuardDuty: assess current state, reduce alert noise via tuning, build tiered notification routing, implement automated remediation for high-confidence findings, establish recurring review cadences with metrics, then expand with Inspector, Macie, Security Lake, and preventive controls. https://aws.amazon.com/ru/blogs/security/operationalizing-aws-security-a-maturity-roadmap #aws

🔐 Identity and Access Management Whitepaper CNCF TAG Security released an IAM whitepaper targeting architects and platform engineers, covering zero-trust vs. perimeter models, PEP/PDP-based authorization, SPIFFE workload identity, and authentication patterns for stateful and stateless cloud native workloads. https://www.cncf.io/blog/2026/06/04/identity-and-access-management-whitepaper #iam

🌩 Hidden Gaps in Claude Code Security Reviews Claude Code's /security-review is vulnerable to model anchoring bias when run in the same session that wrote the code. A new diff-scoped plugin avoids this but misses cross-commit vulnerability chains where each individual change appears benign in isolation. https://brainoverflow.blog/posts/claude-code-security-review-bias #ClaudeCode

🤖 Hermes-USB-Portable Run a fully self-contained, self-improving AI agent from a single folder or USB drive. https://github.com/techjarves/hermes-usb-portable #AI

🤖 Hermes-USB-Portable Run a fully self-contained, self-improving AI agent from a single folder or USB drive. https://github.com/techjarves/hermes-usb-portable #AI

👩‍💻 Azure’s Hidden Operators: A Threat Model for Platform-Level Managed Identities Post which explores, names, defines, and threat-models an Azure identity type that has quietly operated inside every customer tenant. Never documented under a single name, never owned by you, and never fully visible to you. https://www.vectra.ai/blog/azures-hidden-operators-a-threat-model-for-platform-level-managed-identities #azure

👩‍💻 Azure’s Hidden Operators: A Threat Model for Platform-Level Managed Identities Post which explores, names, defines, and threat-models an Azure identity type that has quietly operated inside every customer tenant. Never documented under a single name, never owned by you, and never fully visible to you. https://www.vectra.ai/blog/azures-hidden-operators-a-threat-model-for-platform-level-managed-identities #azure

🤖 ChatGPhish: The Page Is the Payload Any web page a victim asks ChatGPT to summarize can become a phishing payload. P0 Labs research reveals a Markdown rendering vulnerability in ChatGPT's response UI. https://permiso.io/blog/chatgpt-markdown-rendering-vulnerability #AI

🔶 Well-architected best practices for software supply chain security Aligned with the AWS Well-Architected Security Pillar, the article recommends defending against npm supply chain attacks (e.g., Shai-Hulud) by using temporary credentials, least-privilege IAM, artifact signing via AWS Signer, centralized dependency management with CodeArtifact, continuous scanning via Amazon Inspector, and CloudTrail-based monitoring. https://aws.amazon.com/ru/blogs/security/well-architected-best-practices-for-software-supply-chain-security #aws

🤖 A Security Researcher’s Guide to Understanding Copilot Studio AI Agents A guide to understanding Copilot Studio AI agents, their deeper architecture on Entra ID and APIM, and key security risks. https://www.beyondtrust.com/blog/entry/copilot-studio-ai-agents-security-risks #AI

🤖 Comparing AI Application Security Testing Platforms Doyensec compared Aikido Attack AI Pentest and XBOW Lightspeed for web app vulnerability detection, evaluating true/false positives, configuration, report quality, cost, speed, and impact on tested applications. Full findings available as a PDF. #AI