- Cloud Security Newsletter
- Authors
- Shilpi Bhattacharjee
$10B SMS Fraud Bypasses Cloud Security - Why Finance Finds Out Too Late
Enterprises are losing $10 billion annually to SMS fraud — and security teams don’t even see it. By the time finance discovers millions in unexplained charges, it’s already too late. Worse, AI-powered ‘smart bots’ are scaling these attacks 500% faster than last year. This week's analysis reveals why traditional cloud security controls miss these threats and how enterprises can build comprehensive fraud detection programs.
🚨SentinelOne's $300M AI Security Bet: How Modern SOCs Are Pivoting from SIEMs to Data Lakes
Major AI security acquisition signals market shift, while security leaders at companies like Perplexity reveal why traditional SIEMs can't handle modern threat detection. Plus critical Windows vulnerabilities from DEF CON 2025 and expanding cloud compliance frameworks.
🚨 Palo Alto's $25B CyberArk Deal Exposes Identity Crisis | Lessons from Dropzone AI's SOC Automation Strategy
Palo Alto Networks' massive $25 billion CyberArk acquisition signals the end of standalone identity security while Dropzone AI's Edward Wu reveals how enterprises are using AI agents to cut SOC alert fatigue by 80% and reduce MTTR to under 10 minutes.
🚨 SharePoint Zero-Day Exploits Surge & Lessons from BT's 180-Year Journey to Zero-Trust Secret Management
This week's newsletter examines critical SharePoint vulnerabilities actively exploited by nation-state actors, alongside proven strategies for eliminating passwords at enterprise scale. Learn how British Telecom transformed 180 years of legacy infrastructure using threat modeling and intrinsic security motivation.
🚨 AI Dev Environments Under Siege: RCE in Oracle Cloud, Escalation in Azure ML, and Skynet Malware
The era of AI-native security threats is here. This week’s cloud security incidents expose how development workflows powered by AI are breaking traditional assumptions and why security programs need to evolve rapidly. From Skynet’s prompt injection malware to privilege escalations “by design,” we unpack the real risks and the blueprint to navigate them. Featured insights from Amit Chita of Mend.io reveal how organizations must adapt their security programs for AI-native software development lifecycles, including new licensing challenges, prompt injection threats, and the evolution from reactive security to AI-powered remediation at enterprise scale.
🚨 Azure Wormable Bug Exposes Cloud Infrastructure, Lessons from Booking.com's 2M+ Secrets at Scale
A wormable RCE hits Azure Monitor Agent. The Verizon DBIR shows known vulnerability exploits are catching up to credential theft. And Booking.com reveals the tipping point where cloud-native secrets management breaks.
🚨 Critical AI Tool RCE Exposes Developer Machines: Lessons from Block's Escape-Proof Cloud Environments
This week’s cloud security highlights expose a sharp rise in AI development tool vulnerabilities starting with a critical RCE in Anthropic’s MCP Inspector and a prompt injection flaw in GitLab Duo. But at the heart of it all is a bigger question: how do you keep sensitive data from leaking out of your environment?Our featured expert, Ramesh Ramani (Staff Security Engineer, Block), walks us through how Block built a scalable egress access control system that actually works across multi-cloud, developer tools, and real-world incident response.
Iranian Cyber Threats, AI Agent Risks & Detection Lessons from the Frontline Security Engineer
This week, we explore the latest on Iranian nation-state threats escalate against US infrastructure while AWS enhances threat intelligence automation and Google releases new AI security frameworks. We also learn practical approaches to building detection and response pipelines from scratch in cloud-native environments, featuring insights from security engineer from Lime, Geet Pradhan on scaling security operations with limited resources.
AWS re:inforce 2025 & Cloud Security Exception Management Automation: From Compliance Theater to Security Reality
This week's newsletter explores how automated exception management transforms security compliance from manual checkbox exercises into continuous monitoring systems, while major cloud providers roll out enhanced security capabilities including AWS's mandatory root MFA and Microsoft's AI prompt injection shields.
Why Building Your Own Cloud Security AI Agent May Not Be the Answer Today!
This week's newsletter examines the sobering reality behind AI agent development for vulnerability management in cloud, featuring insights from Harry Wetherald on why the "build vs buy" decision for AI cloud security tools requires more careful consideration than most organizations realize. We also cover critical supply chain attacks, the latest Chrome zero-day, and strategic acquisition trends reshaping the security landscape.