CloudSec Wine

🔶AWS Security Agent on-demand penetration testing now generally availableAWS Security Agent on-demand penetration testing is now GA, offering autonomous 24/7 multi-cloud pen testing combining SAST, DAST, and context-aware agentic AI.https://aws.amazon.com/ru/blogs/security/aws-security-agent-on-demand-penetration-testing-now-generally-available/#aws

🔶aws-preflightCheck your AWS CLI commands for security risks before you run them.https://github.com/gabrielPav/aws-preflight#aws

🔶Enforcing AI Governance Across AWS OrganizationsLearn how to enforce AI governance across AWS organizations using Bedrock guardrails, MCP server controls, model availability rules, and API restrictions to reduce risk and improve security.https://sonraisecurity.com/enforcing-ai-governance-across-aws-orgs#aws

🔴Double Agents: Exposing Security Blind Spots in GCP Vertex AIUnit 42 researchers found that GCP Vertex AI Agent Engine's default P4SA service account has excessive permissions, enabling credential theft via the metadata service. This allows privilege escalation to read all consumer GCS buckets, access restricted Google-internal Artifact Registry container images, and expose internal source code....

📤Threat Actors AbuseRailway.comPaaS as Microsoft 365 Token Attack InfrastructureRailway PaaS is being weaponized as a clean token replay engine in an active AiTM and device code phishing campaign impacting 268+ M365 organizations and 100+ MSPs.https://www.huntress.com/blog/railway-paas-m365-token-replay-campaign#PaaS

👨‍💻Widespread GitHub Campaign Uses Fake VS Code Security Alerts to Deliver MalwareA large-scale phishing campaign is targeting developers directly inside GitHub, using fake Visual Studio Code security alerts posted through Discussions to trick users into installing malicious software.https://socket.dev/blog/widespread-github-campaign-uses-fake-vs-code-security-alerts-to-deliver-malware#github

🔴Remote Command Execution in Google Cloud with Single Directory Deletion - GMO Flatt Security ResearchA race condition in Google Cloud Looker's directory deletion API allows deleting the ".git" directory while concurrent Git operations proceed, causing Git to use attacker-controlled worktree configs for RCE. Kubernetes service account misconfigurations further enabled cross-instance privilege esc...

🔶Locking down AWS principal tags with RCPs and SCPsA post explaining how to use SCPs to restrict sensitive IAM actions to tagged principals, RCPs to block unauthorized "scp-*" session tags from external/non-tagger principals, and SCPs to protect the "tagger" role itself via CloudFormation StackSets.https://awsteele.com/blog/2026/02/21/locking-down-aws-principal-tags-with-rcps-and-scps.html#aws

🔶Simulating Ransomware with AWS KMSPost that demonstrates how attackers can abuse AWS KMS by importing malicious key material to encrypt RDS/EBS resources, then deleting the material to make data inaccessible without ransom payment.https://heilancoos.github.io/research/2025/09/02/aws-kms-ransomware.html#aws

🔶Cracks in the Bedrock: Bypassing SCP Enforcement with Long-Lived API KeysSonrai Security researcher discovered that AWS "bedrock-mantle" IAM permissions could bypass SCP enforcement when using long-lived Service Specific Credential API keys. IAM policy denials worked correctly, but SCP denials were bypassed. AWS patched this between Jan–Feb 2026; no customer action required.https://sonraisecurit...

🤖OpenSandboxOpenSandbox is a general-purpose sandbox platform for AI applications, offering multi-language SDKs, unified sandbox APIs, and Docker/Kubernetes runtimes for scenarios like Coding Agents, GUI Agents, Agent Evaluation, AI Code Execution, and RL Training.https://github.com/alibaba/OpenSandbox#AI

🤖Securing our codebase with autonomous agentsCursor's security team built a fleet of security agents to find and fix vulnerabilities across a fast-changing codebase.https://cursor.com/blog/security-agents#AI

🔶Pwning AI Code Interpreters in AWS Bedrock AgentCorePhantom Labs discovered that AWS Bedrock AgentCore Code Interpreter's sandbox mode allows DNS queries, enabling bypass of network isolation through DNS-based command-and-control. This research details the discovery, proof-of-concept exploit, disclosure timeline, and defensive guidance for organizations using Code Interpreter workloads.https://w...

🔶Pentesting a pentest agent - Here's what I've found in AWS Security AgentA researcher pentested AWS Security Agent, finding 4 issues: DNS confusion enabling unauthorized domain pentesting, a full reverse shell/container escape chain to host root + AWS credentials via prompt injection, unnecessary destructive actions (e.g., DROP TABLE probes, exploit-based cleanup deleting /etc/crontab), and unre...

🔶AWS Incident Response: IAM Containment That Survives Eventual ConsistencyStandard AWS IR containment fails against attackers exploiting IAM eventual consistency. This article presents an SCP-enforced technique that makes identity-level containment attacker-resistant.https://www.offensai.com/blog/eventual-consistency-resistant-iam-containment-aws-incident-response(Use VPN to open from Russia)#aws

🤖caterpillarCaterpillar is a security scanning library for AI agent skill files (e.g., Claude Code skills) for dangerous or malicious behavior.https://github.com/alice-dot-io/caterpillar#AI

🤖MCP Server Security: The Hidden AI Attack SurfaceMCP servers connecting AI assistants to external tools create significant attack surfaces enabling arbitrary code execution, data exfiltration, and social engineering. Both local and remote MCP servers can be exploited through server chaining, supply chain attacks, and malicious tool implementations.https://www.praetorian.com/blog/mcp-server-secur...

🔶🤖Building an AI-powered defense-in-depth security architecture for serverless microservicesThis AWS blog demonstrates implementing a seven-layer AI-powered defense-in-depth security architecture for serverless microservices using AWS Shield, WAF, Cognito, API Gateway, VPC, Lambda, Secrets Manager, and DynamoDB, enhanced with GuardDuty and Amazon Bedrock for intelligent threat detection and auto...

🤖3 Principles for Designing Agent SkillsBlock Engineering discusses designing agent skills using three principles: make deterministic outputs script-based, let agents handle interpretation and conversation, and write explicit constitutional constraints. Skills codify tribal knowledge into executable documentation for AI agents across their organization.https://engineering.block.xyz/blog/3-princip...

🤖augustusLLM security testing framework for detecting prompt injection, jailbreaks, and adversarial attacks. See also thecompanion blog post.https://github.com/praetorian-inc/augustus#AI