en
Feedback
CloudSec Wine

CloudSec Wine

Open in Telegram

All about cloud security Contacts: @AMark0f @dvyakimov About DevSecOps: @sec_devops

Show more
2 238
Subscribers
No data24 hours
+117 days
+1430 days
Posts Archive
🔐 Identity and Access Management Whitepaper CNCF TAG Security released an IAM whitepaper targeting architects and platform engineers, covering zero-trust vs. perimeter models, PEP/PDP-based authorization, SPIFFE workload identity, and authentication patterns for stateful and stateless cloud native workloads. https://www.cncf.io/blog/2026/06/04/identity-and-access-management-whitepaper #iam

🌩 Hidden Gaps in Claude Code Security Reviews Claude Code's /security-review is vulnerable to model anchoring bias when run
🌩 Hidden Gaps in Claude Code Security Reviews Claude Code's /security-review is vulnerable to model anchoring bias when run in the same session that wrote the code. A new diff-scoped plugin avoids this but misses cross-commit vulnerability chains where each individual change appears benign in isolation. https://brainoverflow.blog/posts/claude-code-security-review-bias #ClaudeCode

🤖 Hermes-USB-Portable Run a fully self-contained, self-improving AI agent from a single folder or USB drive. https://github.
🤖 Hermes-USB-Portable Run a fully self-contained, self-improving AI agent from a single folder or USB drive. https://github.com/techjarves/hermes-usb-portable #AI

🤖 Hermes-USB-Portable Run a fully self-contained, self-improving AI agent from a single folder or USB drive. https://github.
🤖 Hermes-USB-Portable Run a fully self-contained, self-improving AI agent from a single folder or USB drive. https://github.com/techjarves/hermes-usb-portable #AI

👩‍💻 Azure’s Hidden Operators: A Threat Model for Platform-Level Managed Identities Post which explores, names, defines, and
👩‍💻 Azure’s Hidden Operators: A Threat Model for Platform-Level Managed Identities Post which explores, names, defines, and threat-models an Azure identity type that has quietly operated inside every customer tenant. Never documented under a single name, never owned by you, and never fully visible to you. https://www.vectra.ai/blog/azures-hidden-operators-a-threat-model-for-platform-level-managed-identities #azure

👩‍💻 Azure’s Hidden Operators: A Threat Model for Platform-Level Managed Identities Post which explores, names, defines, and
👩‍💻 Azure’s Hidden Operators: A Threat Model for Platform-Level Managed Identities Post which explores, names, defines, and threat-models an Azure identity type that has quietly operated inside every customer tenant. Never documented under a single name, never owned by you, and never fully visible to you. https://www.vectra.ai/blog/azures-hidden-operators-a-threat-model-for-platform-level-managed-identities #azure

🤖 ChatGPhish: The Page Is the Payload Any web page a victim asks ChatGPT to summarize can become a phishing payload. P0 Labs
🤖 ChatGPhish: The Page Is the Payload Any web page a victim asks ChatGPT to summarize can become a phishing payload. P0 Labs research reveals a Markdown rendering vulnerability in ChatGPT's response UI. https://permiso.io/blog/chatgpt-markdown-rendering-vulnerability #AI

🔶 Well-architected best practices for software supply chain security Aligned with the AWS Well-Architected Security Pillar,
+1
🔶 Well-architected best practices for software supply chain security Aligned with the AWS Well-Architected Security Pillar, the article recommends defending against npm supply chain attacks (e.g., Shai-Hulud) by using temporary credentials, least-privilege IAM, artifact signing via AWS Signer, centralized dependency management with CodeArtifact, continuous scanning via Amazon Inspector, and CloudTrail-based monitoring. https://aws.amazon.com/ru/blogs/security/well-architected-best-practices-for-software-supply-chain-security #aws

🤖 A Security Researcher’s Guide to Understanding Copilot Studio AI Agents A guide to understanding Copilot Studio AI agents,
🤖 A Security Researcher’s Guide to Understanding Copilot Studio AI Agents A guide to understanding Copilot Studio AI agents, their deeper architecture on Entra ID and APIM, and key security risks. https://www.beyondtrust.com/blog/entry/copilot-studio-ai-agents-security-risks #AI

ComparingAIApplicationSecurityTestingPlatforms_Doyensec (1).pdf4.77 MB

🤖 Comparing AI Application Security Testing Platforms Doyensec compared Aikido Attack AI Pentest and XBOW Lightspeed for web app vulnerability detection, evaluating true/false positives, configuration, report quality, cost, speed, and impact on tested applications. Full findings available as a PDF. #AI

🔴 Securing Your Gemini and Google API Keys Protect your Gemini API keys with this guide on API restrictions, secure storage
+1
🔴 Securing Your Gemini and Google API Keys Protect your Gemini API keys with this guide on API restrictions, secure storage in Secret Manager, and key hygiene to prevent hijacking and unauthorized use. https://cloud.google.com/blog/topics/developers-practitioners/api-keys-are-open-secrets #gcp

🌩 When Background AI Agents Become a Security Boundary Problem Claude Code's background sessions, supervisor process, CLAUDE
+1
🌩 When Background AI Agents Become a Security Boundary Problem Claude Code's background sessions, supervisor process, CLAUDE_CONFIG_DIR override, scheduled tasks, and Markdown-based agent definitions can be chained post-foothold to deploy a persistent, nearly invisible C2 agent evading standard EDR binary-focused detection. https://www.originhq.com/research #ClaudeCode

🔶 Global S3: Another C2 Channel for AgentCore Code Interpreters AWS AgentCore Code Interpreters in Sandbox mode allow unrest
+1
🔶 Global S3: Another C2 Channel for AgentCore Code Interpreters AWS AgentCore Code Interpreters in Sandbox mode allow unrestricted global S3 access (including cross-account, public/presigned URLs), enabling a bidirectional C2 channel via S3 polling, demonstrated as a full reverse shell PoC. Mitigation: use VPC mode with S3 Gateway Endpoints and strict endpoint policies. https://sonraisecurity.com/blog/global-s3-another-c2-channel-for-agentcore-code-interpreters #aws

👩‍💻 The expendable extension name: Azure VMAccess naming chaos, password resets, and a detection gap The Sysdig Threat Rese
+1
👩‍💻 The expendable extension name: Azure VMAccess naming chaos, password resets, and a detection gap The Sysdig Threat Research Team uncovered a detection gap in Azure VM password resets that allows attackers to evade name-based detections by assigning arbitrary VM extension names. Learn how the flaw works, why Microsoft's documented detection guidance failed during testing, and what defenders should monitor instead. https://www.sysdig.com/blog/the-expendable-extension-name-azure-vmaccess-naming-chaos-password-resets-and-a-detection-gap #azure

Аудитные логи в облаке — отдельная распределённая система со своими требованиями к надёжности и стоимости хранения, а не «таб
Аудитные логи в облаке — отдельная распределённая система со своими требованиями к надёжности и стоимости хранения, а не «таблица с событиями». Команда MWS Cloud Platform выложила подробный разбор архитектуры своего сервиса: от библиотеки, которую подключают сервисы облака, до хранилища на Apache Iceberg и движка StarRocks, с объяснением, почему выбрали именно такой набор технологий и где спрятаны неочевидные грабли. Полезно всем, кто разрабатывает ИБ-инструменты, работает с большим количеством событий или просто интересуется инструментами безопасности в облаке. Читать статью на Хабре #реклама

🔶 CISA Admin Leaked AWS GovCloud Keys on Github A Nightwing contractor's public GitHub repo ("Private-CISA"), active since N
+1
🔶 CISA Admin Leaked AWS GovCloud Keys on Github A Nightwing contractor's public GitHub repo ("Private-CISA"), active since November 2025, exposed plaintext AWS GovCloud admin keys, Firefox-saved passwords, kubeconfig, and Artifactory credentials for CISA internal systems, with GitHub's secret-scanning protections deliberately disabled. https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github #aws

🌩 Automating Security Operations with AI: Triaging Renovate PR A Claude Code Routine that triages every Renovate PR by risk,
+2
🌩 Automating Security Operations with AI: Triaging Renovate PR A Claude Code Routine that triages every Renovate PR by risk, flags dead deps, and catches deprecated framework configs before I touch the diff. https://blog.marcolancini.it/2026/blog-automating-security-operations-with-ai-triage-renovate #ClaudeCode

🌩 Skill Issues: Compromising Claude Code with malicious skills & agents With the increasing usage of AI Coding agents, can c
🌩 Skill Issues: Compromising Claude Code with malicious skills & agents With the increasing usage of AI Coding agents, can coding agent skill files be exploited as an initial access mechanism, and how? This is part 1 of a 3 part series exploring the attack surface and defensive recommendations. https://labs.reversec.com/posts/2026/05/skill-issues-compromising-claude-code-with-malicious-skills-agents-part-1 #ClaudeCode

🌩 Claude Code MCP Token Theft: MitM Attack Explained Mitiga Labs shows how Claude Code MCP configuration can be hijacked thr
🌩 Claude Code MCP Token Theft: MitM Attack Explained Mitiga Labs shows how Claude Code MCP configuration can be hijacked through ~/.claude.json to steal OAuth tokens, persist through rotation, and hide in trusted SaaS activity. https://www.mitiga.io/blog/claude-code-mcp-token-theft-mitm #ClaudeCode