🔶 CISA Admin Leaked AWS GovCloud Keys on Github
A Nightwing contractor's public GitHub repo ("Private-CISA"), active since November 2025, exposed plaintext AWS GovCloud admin keys, Firefox-saved passwords, kubeconfig, and Artifactory credentials for CISA internal systems, with GitHub's secret-scanning protections deliberately disabled.
https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github
#aws
A Nightwing contractor's public GitHub repo ("Private-CISA"), active since November 2025, exposed plaintext AWS GovCloud admin keys, Firefox-saved passwords, kubeconfig, and Artifactory credentials for CISA internal systems, with GitHub's secret-scanning protections deliberately disabled.
https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github
#aws
❤1👍1🔥1
Аудитные логи в облаке — отдельная распределённая система со своими требованиями к надёжности и стоимости хранения, а не «таблица с событиями».
Команда MWS Cloud Platform выложила подробный разбор архитектуры своего сервиса: от библиотеки, которую подключают сервисы облака, до хранилища на Apache Iceberg и движка StarRocks, с объяснением, почему выбрали именно такой набор технологий и где спрятаны неочевидные грабли.
Полезно всем, кто разрабатывает ИБ-инструменты, работает с большим количеством событий или просто интересуется инструментами безопасности в облаке.
Читать статью на Хабре
#реклама
Команда MWS Cloud Platform выложила подробный разбор архитектуры своего сервиса: от библиотеки, которую подключают сервисы облака, до хранилища на Apache Iceberg и движка StarRocks, с объяснением, почему выбрали именно такой набор технологий и где спрятаны неочевидные грабли.
Полезно всем, кто разрабатывает ИБ-инструменты, работает с большим количеством событий или просто интересуется инструментами безопасности в облаке.
Читать статью на Хабре
#реклама
❤2👍2🔥2
The Sysdig Threat Research Team uncovered a detection gap in Azure VM password resets that allows attackers to evade name-based detections by assigning arbitrary VM extension names. Learn how the flaw works, why Microsoft's documented detection guidance failed during testing, and what defenders should monitor instead.
https://www.sysdig.com/blog/the-expendable-extension-name-azure-vmaccess-naming-chaos-password-resets-and-a-detection-gap
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2👍1🔥1
🔶 Global S3: Another C2 Channel for AgentCore Code Interpreters
AWS AgentCore Code Interpreters in Sandbox mode allow unrestricted global S3 access (including cross-account, public/presigned URLs), enabling a bidirectional C2 channel via S3 polling, demonstrated as a full reverse shell PoC. Mitigation: use VPC mode with S3 Gateway Endpoints and strict endpoint policies.
https://sonraisecurity.com/blog/global-s3-another-c2-channel-for-agentcore-code-interpreters
#aws
AWS AgentCore Code Interpreters in Sandbox mode allow unrestricted global S3 access (including cross-account, public/presigned URLs), enabling a bidirectional C2 channel via S3 polling, demonstrated as a full reverse shell PoC. Mitigation: use VPC mode with S3 Gateway Endpoints and strict endpoint policies.
https://sonraisecurity.com/blog/global-s3-another-c2-channel-for-agentcore-code-interpreters
#aws
❤2👍1🔥1
Claude Code's background sessions, supervisor process, CLAUDE_CONFIG_DIR override, scheduled tasks, and Markdown-based agent definitions can be chained post-foothold to deploy a persistent, nearly invisible C2 agent evading standard EDR binary-focused detection.
https://www.originhq.com/research/background-c2-agent
#ClaudeCode
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
🔴 Securing Your Gemini and Google API Keys
Protect your Gemini API keys with this guide on API restrictions, secure storage in Secret Manager, and key hygiene to prevent hijacking and unauthorized use.
https://cloud.google.com/blog/topics/developers-practitioners/api-keys-are-open-secrets
#gcp
Protect your Gemini API keys with this guide on API restrictions, secure storage in Secret Manager, and key hygiene to prevent hijacking and unauthorized use.
https://cloud.google.com/blog/topics/developers-practitioners/api-keys-are-open-secrets
#gcp
❤2👍1🔥1
Doyensec compared Aikido Attack AI Pentest and XBOW Lightspeed for web app vulnerability detection, evaluating true/false positives, configuration, report quality, cost, speed, and impact on tested applications. Full findings available as a PDF.
#AI
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
A guide to understanding Copilot Studio AI agents, their deeper architecture on Entra ID and APIM, and key security risks.
https://www.beyondtrust.com/blog/entry/copilot-studio-ai-agents-security-risks
#AI
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
🔶 Well-architected best practices for software supply chain security
Aligned with the AWS Well-Architected Security Pillar, the article recommends defending against npm supply chain attacks (e.g., Shai-Hulud) by using temporary credentials, least-privilege IAM, artifact signing via AWS Signer, centralized dependency management with CodeArtifact, continuous scanning via Amazon Inspector, and CloudTrail-based monitoring.
https://aws.amazon.com/ru/blogs/security/well-architected-best-practices-for-software-supply-chain-security
#aws
Aligned with the AWS Well-Architected Security Pillar, the article recommends defending against npm supply chain attacks (e.g., Shai-Hulud) by using temporary credentials, least-privilege IAM, artifact signing via AWS Signer, centralized dependency management with CodeArtifact, continuous scanning via Amazon Inspector, and CloudTrail-based monitoring.
https://aws.amazon.com/ru/blogs/security/well-architected-best-practices-for-software-supply-chain-security
#aws
👍3❤2🔥1
Any web page a victim asks ChatGPT to summarize can become a phishing payload. P0 Labs research reveals a Markdown rendering vulnerability in ChatGPT's response UI.
https://permiso.io/blog/chatgpt-markdown-rendering-vulnerability
#AI
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
Post which explores, names, defines, and threat-models an Azure identity type that has quietly operated inside every customer tenant. Never documented under a single name, never owned by you, and never fully visible to you.
https://www.vectra.ai/blog/azures-hidden-operators-a-threat-model-for-platform-level-managed-identities
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
Run a fully self-contained, self-improving AI agent from a single folder or USB drive.
https://github.com/techjarves/hermes-usb-portable
#AI
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
Claude Code's /security-review is vulnerable to model anchoring bias when run in the same session that wrote the code. A new diff-scoped plugin avoids this but misses cross-commit vulnerability chains where each individual change appears benign in isolation.
https://brainoverflow.blog/posts/claude-code-security-review-bias
#ClaudeCode
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1