⭐ IaC Ownership - Tag-based Approach ✍️ By Dan Abramov Who owns this Terraform resource? Dan Abramov tackles one of the most underrated but essential challenges in cloud security and ops: tracking resource ownership in Infrastructure as Code. 🧩 Why this article is worth your

API Gateway Restricting Resource Path with IP Allow Listing with WAF By Lee Gilmore Lee Gilmore walks through a practical security pattern to restrict specific resource paths in API Gateway using AWS WAF IP allow listing—even though API Gateway doesn’t natively support this

Threat Modeling a Batch Job System By Teri Radichel Teri Radichel breaks down how to systematically threat model a batch job system running on AWS — offering a detailed, real-world walkthrough that bridges theory and application. 🔍 Key technical takeaways and insights: 🛠️

The Cat Flap — How to Really Purrsist in AWS Accounts By Michael Gschwender Michael Gschwender introduces "The Cat Flap" — a creative and highly stealthy method for long-term persistence inside AWS accounts that can survive even major incident response cleanups. 🔍 Highlights

🛎️ AWS Security Digest 226 is out! 1️⃣ Credential Exfiltration Paths in AWS Code Interpreters by Nigel Sood 2️⃣ Simulating Ransomware with AWS KMS by Alexis Obeng 3️⃣ GCP Workload Identity Federation with AWS ECS Tasks by Abhishek Agarwal 🦴 From Compromised Keys to Phishing

🛡️ Living-off-the-land Dynamic DNS for Route 53 ✍️By Dhruv Ahuja What if you could manage dynamic DNS without deploying a single piece of custom infrastructure? Dhruv Ahuja breaks down how AWS Route 53 APIs can be abused for stealthy dynamic DNS updates — giving attackers the

IngressNightmare: CVE-2025-1974 – Critical 9.8 RCE Vulnerabilities in Ingress-NGINX By Nir Ohfeld, Ronen Shustin, Sagi Tzadik, and Hillai Ben-Sasson A critical vulnerability (CVSS 9.8) has been uncovered in Ingress-NGINX—the most popular Kubernetes ingress controller—leading

🛡️ Next.js and the Corrupt Middleware: Exploiting the Authorizing Artifact By Rachid Allam Middleware in Next.js is supposed to secure and validate—but what happens when it becomes the attack surface itself? Rachid Allam’s latest research shows how corrupted middleware artifacts

🔐 Beyond Configuration Perfection: Redefining ‘Cloud Security’ By Kat Traxler Chasing "perfect" configurations won’t save your cloud environment. Kat Traxler explains why traditional checklist-based cloud security models are broken — and what a better approach looks like.

🛎️ AWS Security Digest 225 is out! 1️⃣ AWS CDK and SaaS Provider Takeover by Ryan Gerstenkorn 2️⃣ AWS Detection Engineering — Architecting Security Logging at Scale in AWS by Muh. Fani Akbar 3️⃣ Build a Real Time Threat Detector with IaC by Rich Mogull https://t.co/XJywZWDhl1

📡 How to Use the New CloudTrail Network Activity Events for AWS VPC Endpoints By Rami McCarthy and Scott Piper AWS just made it a lot easier to detect suspicious activity on VPC Endpoints — if you know how to tap into the new CloudTrail network activity events. Rami McCarthy

🔎 AWS CloudWatch Log Ingestion to Microsoft Sentinel By Paul Schwarzenberger If you need to stream AWS CloudWatch logs into Microsoft Sentinel — without deploying complex third-party tools — this guide has you covered. Paul Schwarzenberger lays out a direct integration method

🔒 Secure a Role Chain on Both Sides: Why One-Way Trust Isn't Enough By Rich Mogull If you’re managing cross-account roles in AWS (or any cloud), you’re probably missing a critical security step: securing the entire role chain, not just the trust policy. Rich Mogull breaks

The State of Cloud Remediation: Why Fixing Security Issues Is So Hard By Idan Perez, Michael St.Onge & Joseph Barringhaus Security teams are drowning in cloud misconfigurations, yet remediation efforts often fail. Why? This research breaks down the biggest obstacles to effective

🛎️ AWS Security Digest 224 is out! 1️⃣ Using AWS Certificate Manager as a covert exfiltration mechanism by Costas Kourmpoglou 2️⃣ Another ECS Privilege Escalation Path by Mohit Gupta, Tom Taylor-MacLean 3️⃣ Evading Detection with Public S3 Buckets and Potential Data Exfiltration

Cloud Vulnerability Teardown: What’s Important & What You Can Ignore By Ethan Chen Not all vulnerabilities are worth your time. Some look critical but aren’t exploitable, while others seem low risk but can escalate fast. This deep dive into cloud vulnerability management breaks

whoAMI: A Cloud Image Name Confusion Attack By Seth Art Can a simple naming trick let attackers take control of your cloud workloads? Yes. The "whoAMI" attack abuses container image name confusion to trick systems into running malicious images instead of trusted ones. ⚠️ Key

PowerUserAccess vs. AdministratorAccess: An Attacker’s Perspective By Eduard Agavriloae AWS PowerUserAccess might seem safer than AdministratorAccess, but is it really? This deep dive explores how attackers can still escalate privileges, exfiltrate data, and compromise cloud

How to Succeed in Your Senior Cloud Security Engineer Interview By Chandrapal Badshah Cloud security interviews are tough, but this guide breaks down exactly what hiring managers look for—from technical deep dives to strategy-level thinking. 🔑 Key takeaways: 🛡️ Threat modeling

🛎️ AWS Security Digest 223 is out! 1️⃣ A tag to rule them all: Using AWS tags to enumerate cloud resources by Bleon Proko 2️⃣ Bedrock’s New API Keys: Convenience at a Hidden Security Cost by Sergio Garcia 3️⃣ Datadog threat roundup: Top insights for Q2 2025 by Greg Foss, Andy