CloudSec Wine

🤖 LeakyLM: AI Assistants Are Leaking Your Conversations Research disclosing that ChatGPT, Claude, Grok, and Perplexity embed third-party trackers (Meta, Google, TikTok) that leak conversation URLs, email hashes, and user identifiers, often bypassing cookie consent. via client-side pixels and server-side forwarding. https://leakylm.github.io/ #AI

🔶 The Danger of Multi-SSO AWS Cognito User Pools This post explores security anti-patterns in multi-SSO AWS Cognito User Pools: ghost identity injection via misconfigured Lambda triggers, "triggerSource" blind spots, sub-splitting attacks on "event.userName", and IdP identifier hijacks. It also introduces "maSSO", a weaponized OIDC/SAML IdP for pentesting. https://blog.doyensec.com/2026/05/05/cloudsectidbits-masso-cognito-sso.html #aws

🤖 Building an AI Ready Vulnerability Management Program After NVD Changes and Claude Mythos NVD's April 2026 scope reduction (enriching only KEVs and critical federal software) collides with AI-accelerated vulnerability discovery (e.g., Claude Mythos), creating a dangerous gap in OSS CVE coverage. https://pulse.latio.tech/p/building-an-ai-ready-vulnerability #AI

💻 Proof, Not Promises: Evaluating Code Scanner Efficacy How Block built benchmrk, a harness for measuring SAST scanner efficacy against ground truth you control. https://engineering.block.xyz/blog/proof-not-promises-evaluating-code-scanner-efficacy #SAST

🔎 How We Scaled Security Reviews Without Slowing Down Engineering Postman is sharing the evolution of their Security Review Process (SRP). What didn't work, what they changed, and how they built SRP v2, a risk-based, automation-first security model embedded directly into their SDLC. https://blog.postman.com/how-we-scaled-security-reviews-without-slowing-down-engineering #SRP

🤖 OpenShell OpenShell is the safe, private runtime for autonomous AI agents. https://github.com/NVIDIA/OpenShell #AI

👨‍💻 GitHub RCE Vulnerability: CVE-2026-3854 Breakdown Wiz Research discovered CVE-2026-3854 (CVSS 8.7): an unsanitized semicolon injection in GitHub's X-Stat internal header allows any authenticated user to override security fields via git push -o, achieving RCE on GitHub com and full GHES server compromise. https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854 #github

🤖 redai AI-driven vulnerability discovery and live validation. https://github.com/kpolley/redai #AI

🤖 magika Fast and accurate AI powered file content types detection. https://github.com/google/magika #AI

🌩 My Claude Code Setup (2026 Edition) A walkthrough of my Claude Code setup across a multi-project monorepo: global settings, safety guardrails, a context/plan/code workflow, subagents and plugins, and the StarCraft-themed customisations that make the terminal feel like mine. https://blog.marcolancini.it/2026/blog-my-claude-code-setup #ClaudeCode

🤖 Orchestrating AI Code Review at scale Cloudflare built a CI-native, plugin-based AI code review system using OpenCode, orchestrating up to 7 specialised agents (security, performance, code quality, etc.) per merge request. It processed 131K reviews across 48K MRs, averaging $0.98/review at 3m39s median latency, with an 85.7% prompt cache hit rate. https://blog.cloudflare.com/ai-code-review #AI

🤖 How Amazon uses agentic AI for vulnerability detection at global scale Amazon's RuleForge is a multi-agent AI system that auto-generates CVE detection rules from exploit PoC code. It uses parallel generation (via Amazon Bedrock/Fargate), a separate judge model (reducing false positives by 67%), and multistage validation, achieving 336% faster rule production than manual workflows while keeping humans in the final approval loop. https://www.amazon.science/blog/how-amazon-uses-agentic-ai-for-vulnerability-detection-at-global-scale #AI

🔐 Passkeys are Your New Best Friend A lightweight intro to passkeys from Google. https://bughunters.google.com/blog/passkeys-are-your-new-best-friend #iam

👨‍💻 GitHub Actions Security Pt 1: Attacks & Defenses Part one of a two-part series on GitHub Actions security, covering the core threat model, common misconfigurations, and real-world attack examples. https://www.wiz.io/blog/github-actions-security-threat-model-and-defenses #github

🌩 All Your Claude Are Belong To Us: Reversing Claude Code's Remote Control Protocol Researchers reverse-engineered Claude Code's ("claude.exe") undocumented "--sdk-url" flag, fully mapped its CCRv1 WebSocket remote control protocol (NDJSON over WebSockets), and implemented a Python C2 server. The flag accepts arbitrary URLs with no authentication, enabling post-compromise beaconing. https://www.originhq.com/blog/reversing-remote-control #ClaudeCode

🤖 The “AI Vulnerability Storm”: Building a “Mythos-ready” Security Program AI, as demonstrated by Anthropic's Mythos, has significantly increased the likelihood of attackers discovering new vulnerabilities, creating new exploits, and using them in complex automated attacks at scale. While AI also increases the speed of patch development and reduces defects in new software, defenders still face a heavier relative burden due to the inherent limitations of patching. Attackers gain asymmetric benefits. #AI

🔶 A framework for securely collecting forensic artifacts into S3 buckets Blog presenting an AWS architecture for securely collecting forensic artifacts into S3, using IAM least-privilege session policies, STS time-limited credentials scoped per case prefix, KMS encryption, S3 versioning, and an automated Step Functions/Lambda/SSM workflow deployable via AWS CDK. https://aws.amazon.com/ru/blogs/security/a-framework-for-securely-collecting-forensic-artifacts-into-s3-buckets #aws

🤖 Claude & Control: An Introduction to Agentic C2 with Computer Use Agents This blog explores how computer use agents can be used to build an agentic command-and-control framework. By combining LLM reasoning with desktop interaction tools, attackers could automate endpoint control while blending into normal system behavior. Here, we break down the architecture, abuse scenarios, and detection opportunities. https://www.beyondtrust.com/blog/entry/claude-control-agentic-c2-computer-use-agent #AI

🤖 NomShub: Weaponizing Cursor's Remote Tunnel Through Indirect Prompt Injection and Sandbox Breakout NomShub is a critical vulnerability chain in the Cursor AI code editor where a malicious repository can silently hijack a developer's machine, combining indirect prompt injection, a sandbox escape via shell builtins, and Cursor's built-in remote tunnel to give attackers persistent, undetected shell access triggered simply by opening a repo. https://www.straiker.ai/blog/nomshub-cursor-remote-tunneling-sandbox-breakout #AI