- Cloud Security Newsletter
- Authors
- Shilpi Bhattacharjee
🚨 Azure Wormable Bug Exposes Cloud Infrastructure, Lessons from Booking.com's 2M+ Secrets at Scale
A wormable RCE hits Azure Monitor Agent. The Verizon DBIR shows known vulnerability exploits are catching up to credential theft. And Booking.com reveals the tipping point where cloud-native secrets management breaks.

🚨 Critical AI Tool RCE Exposes Developer Machines: Lessons from Block's Escape-Proof Cloud Environments
This week’s cloud security highlights expose a sharp rise in AI development tool vulnerabilities starting with a critical RCE in Anthropic’s MCP Inspector and a prompt injection flaw in GitLab Duo. But at the heart of it all is a bigger question: how do you keep sensitive data from leaking out of your environment?Our featured expert, Ramesh Ramani (Staff Security Engineer, Block), walks us through how Block built a scalable egress access control system that actually works across multi-cloud, developer tools, and real-world incident response.

Iranian Cyber Threats, AI Agent Risks & Detection Lessons from the Frontline Security Engineer
This week, we explore the latest on Iranian nation-state threats escalate against US infrastructure while AWS enhances threat intelligence automation and Google releases new AI security frameworks. We also learn practical approaches to building detection and response pipelines from scratch in cloud-native environments, featuring insights from security engineer from Lime, Geet Pradhan on scaling security operations with limited resources.

AWS re:inforce 2025 & Cloud Security Exception Management Automation: From Compliance Theater to Security Reality
This week's newsletter explores how automated exception management transforms security compliance from manual checkbox exercises into continuous monitoring systems, while major cloud providers roll out enhanced security capabilities including AWS's mandatory root MFA and Microsoft's AI prompt injection shields.

Why Building Your Own Cloud Security AI Agent May Not Be the Answer Today!
This week's newsletter examines the sobering reality behind AI agent development for vulnerability management in cloud, featuring insights from Harry Wetherald on why the "build vs buy" decision for AI cloud security tools requires more careful consideration than most organizations realize. We also cover critical supply chain attacks, the latest Chrome zero-day, and strategic acquisition trends reshaping the security landscape.

Netskope $5 Billion Potential IPO & AI-Powered Threats Meet Traditional Security Gaps: When Copilots Become Attack Vectors
This week's newsletter examines the explosive growth of AI security risks in enterprise environments, featuring expert insights on how Microsoft Copilot and agentic AI are fundamentally changing the threat landscape. We also cover critical zero-day exploitations, nation-state campaigns targeting cloud infrastructure, and the largest healthcare data breaches of 2025.

$4B Cloud Security Consolidation Move & The AI Security Revolution Continues: AI-Powered Detection & Response Meets Enterprise Reality
This week's newsletter explores how AI transforms cloud security operations through practical detection engineering insights from Anthropic and Canva security leaders, while analyzing major industry consolidation moves and critical vulnerabilities affecting enterprise cloud infrastructure.

AI Native Security: Securing the Future as Applications Evolve with AI | Google Cloud Functions Vulnerability
This week's newsletter explores how AI is reshaping enterprise security architecture, with expert insights from Ankur Shah of Straiker. From unstructured data challenges to the rise of AI agents, cloud security leaders must understand why traditional security approaches are no longer sufficient for protecting AI-enabled applications.


Cloud Transition Challenges - From Posture Management to AI-Ready SOCs
This week's newsletter explores the evolving landscape of cloud security with insights from Palo Alto Networks executive Elad Koren. We cover critical developments including SAP zero-day patches, Kubernetes service account token integration, vulnerable Helm charts, and Steam's alleged 2FA breach, while examining how security operations centers must evolve to handle cloud-native incidents.

Cloud Security Rundown: RSA Highlights, UK Retail Sector Under Siege, and Shadow AI Risks
Discover key CyberSecurity insights from RSA Conference 2025, including AI-native security tools, runtime protection strategies, and emerging shadow AI risks. Plus, analysis of major UK retail cyberattacks and how cloud security teams should respond to these evolving threats.
