Cloud-Credential Worm Hit Red Hat & DoorDash's approach to Security at the Speed of Engineering

This week's Cloud Security Newsletter topic: Security at the Speed of Engineering — Guardrails, Not Gates (continue reading) 

Incase, this is your 1st Cloud Security Newsletter! You are in good company!
You are reading this issue along with your friends and colleagues from companies like Netflix, Citi, JP Morgan, Linkedin, Reddit, Github, Gitlab, CapitalOne, Robinhood, HSBC, British Airways, Airbnb, Block, Booking Inc & more who subscribe to this newsletter, who like you want to learn what’s new with Cloud Security each week from their industry peers like many others who listen to Cloud Security Podcast & AI Security Podcast every week.

Welcome to this week’s Cloud Security Newsletter

No single breach defined the week. What defined it was reuse and speed: offensive tooling getting mass-produced and recycled faster than defenders — or governments — can measure it, landing squarely on the identity edge and the container boundary. A credential-stealing worm rode a maintainer’s GitHub account straight past code review into Red Hat’s npm namespace. A three-year-old container-escape bug earned a fresh KEV listing the day after in-the-wild exploitation was reported. And Sophos pulled apart a ransomware crew’s AI-coordinated lab built to test malware against three named commercial EDRs.

This week’s conversation features Nick Reva, who runs global security engineering at DoorDash, and Shivani Doke, a GRC engineer, recorded live in front of a San Francisco audience and hosted by Ashish Rajan. The thread running through both the news and the episode: AI lowers the barrier on both sides of the fight, so the durable controls are the ones embedded in the development lifecycle and validated continuously, with humans in the loop only at the decisions that matter. [Listen to the episode]

⚡ TL;DR for Busy Readers

- Miasma worm hit Red Hat’s npm namespace. At least 32 
@redhat-cloud-services releases tampered to steal AWS/GCP/Azure 
keys, Kubernetes service-account tokens, and Vault tokens at 
install time. Rotate cloud and CI secrets on any host that 
pulled affected versions since June 1.

- Two KEV deadlines this week. PAN-OS GlobalProtect auth bypass
 (CVE-2026-0257, mitigate by June 1) and Linux cgroups v1 
container escape (CVE-2022-0492, due June 5). Triage by 
config and node image, not CVSS.

- AI-built EDR-evasion lab surfaced. Sophos documented a 
crew using AI agents to iterate payloads against Sophos, 
CrowdStrike, and Microsoft Defender. Treat EDR as a detection 
layer to validate, not trust.

- Prompt-injection metrics don’t compare across labs. No two 
of the four major AI providers measure injection resistance 
the same way. Demand a vendor’s test methodology before 
deploying agents in sensitive workflows.

- Reva + Doke’s frame: run security at engineering speed. 
Embed small security pods in product teams, surface findings 
on the pull request, triage AI-generated bug-bounty noise with 
AI, and reserve humans for the novel work.

 THIS WEEK'S TOP SECURITY HEADLINES

Each story includes why it matters and what to do next — no vendor fluff.

1. Miasma Supply-Chain Worm Compromises @redhat-cloud-services npm Packages and Harvests Cloud Credentials

Primary source: Wiz Research
Reporting: BleepingComputer · Cybersecurity Dive · Aikido
Analysis: Palo Alto Unit 42

What happened: Wiz Research reported on June 1 that at least 32 package releases under the @redhat-cloud-services npm namespace carried unauthorized modifications that didn’t match their source repositories. The payload is “Miasma,” a new variant of the Mini Shai-Hulud credential-stealing worm whose code TeamPCP previously open-sourced. A compromised Red Hat employee GitHub account was used to push malicious orphan commits to two RedHatInsights repositories, bypassing code review; the tampered packages ran obfuscated preinstall scripts at install time, attempting to collect GitHub Actions tokens; AWS, Google Cloud, and Azure credentials; HashiCorp Vault tokens; Kubernetes service-account tokens and kubeconfig files; npm and PyPI publishing tokens; SSH keys; Docker registry credentials; and .env files. Affected packages average ~80,000 weekly downloads. Wiz called the TeamPCP link TTP overlap, not definitive attribution.

Why it matters: Once Shai-Hulud was open-sourced, the worm became commodity code anyone can fork — so “is this TeamPCP?” stops being the useful question. The intrusion rode a maintainer’s account and orphan commits past code review into a trusted vendor namespace, and the theft executes at npm install on developer and CI hosts, not at runtime. The credential target list reads like a cloud-platform team’s secret store.

2. CISA Adds PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) to KEV — June 1 Federal Deadline

Primary source: CISA KEV Catalog · Rapid7
Reporting: BleepingComputer · The Hacker News
Vendor advisory: Palo Alto Networks

What happened: CISA added CVE-2026-0257, an authentication bypass in PAN-OS and Prisma Access GlobalProtect, to the KEV catalog on May 29 with a June 1 federal mitigation deadline. Rapid7 MDR observed exploitation across multiple customers, earliest activity on May 17, and reported no successful lateral movement from affected devices. The flaw lets an unauthenticated remote attacker establish a VPN connection through the GlobalProtect gateway when authentication-override cookies are enabled alongside a specific certificate configuration.

Why it matters: The bypass turns the remote-access gateway — the control meant to gate who reaches the network — into an unauthenticated entry path. Exposure depends on a specific configuration, not mere presence of the product, so CVSS-only triage won’t tell a team which appliances are actually reachable. The disclosure-to-KEV interval was short (exploitation observed May 17, listed May 29), ahead of normal monthly patch rhythms.

3. CISA Adds Linux Kernel cgroups Container-Escape Flaw (CVE-2022-0492) to KEV — Due June 5

Primary source: CISA alert
Reporting: SecurityWeek
Analysis: Palo Alto Unit 42 · Aqua Security

What happened: On June 2, CISA added CVE-2022-0492 — a privilege-escalation flaw in the Linux kernel’s cgroups v1 control-groups feature — to the KEV catalog with a June 5 federal remediation deadline (the same alert added Android Framework zero-day CVE-2025-48595). The cgroups bug lets a process modify the release_agent file, which executes as root in the host namespace; combined with a new user namespace, it allows container escape to the host. Only cgroups v1 is affected. Technical details were published roughly three years ago, but in-the-wild exploitation was reported only recently — one day before CISA’s alert.

Why it matters: A three-year-old kernel flaw earning a fresh KEV listing is the week’s quiet but pointed item: the payoff is escape from a container to its host, which on a shared Kubernetes node means crossing the tenancy boundary teams treat as a containment line. The operative signal is recency-of-exploitation, not recency-of-disclosure.

4. Sophos Uncovers an AI-Coordinated Lab Built to Test Malware Against Named EDRs

Primary source: Sophos research (via BleepingComputer)
Reporting: Help Net Security · CyberSecurityNews

What happened: Sophos disclosed a threat actor’s Git repository containing an automated Active Directory discovery panel and a lab that iteratively develops and tests malware against Sophos, CrowdStrike, and Microsoft Defender EDR agents. Per Sophos, the framework used multiple AI agents coordinated by a Claude Opus 4.5 agent, connected via Model Context Protocol to Git repositories and built with tools including Cursor and Ludus, testing a Python payload tool’s ~80 modules and 70-plus evasion techniques across dedicated VMs. Sophos linked the activity to ransomware and data-theft operations but didn’t name the group. It also noted the lab’s own documentation claimed the evasion modules improved with refinement, but the test data didn’t support those claims — likely LLM hallucination in the attacker’s tooling.

Why it matters: The signal isn’t “AI writes malware” — it’s that the crew built an automated test rig against three named commercial EDRs, compressing the develop-test-refine loop that previously demanded a skilled operator. The hallucination caveat runs in the defender’s favor: the self-reported evasion rates were inflated, so the real capability may trail what the repo advertises. Two of the three targeted EDRs are widely deployed across cloud-hosted endpoint estates.

5. Cross-Lab Review: The Four Major AI Providers Measure Prompt Injection With Incompatible Metrics

Primary source: VentureBeat Security
Related coverage: VentureBeat

What happened: A VentureBeat comparison published June 1 found that Anthropic, OpenAI, Google, and Meta each released prompt-injection disclosures in 2026, but no two used the same metrics — different test conditions, attack types, and success-rate definitions, with no shared adversarial test suite. Anthropic reported browser-agent hijacking rates; other labs focused on indirect injection in tool-calling or document-summarization tasks. The review advised teams to treat each lab’s numbers on their own terms and to request methodology before deploying agents in sensitive workflows.

Why it matters: Enterprises evaluating AI agents have no common denominator — a “31% before safeguards engaged” figure from one lab and a tool-calling success rate from another aren’t comparable, so procurement can’t rank models on injection resistance the way it ranks a CVSS score. With agents now writing and testing offensive code (story 4) and propagating through package ecosystems (story 1), the measurement gap sits on a control teams increasingly depend on.

6. White House Executive Order Sets Voluntary Federal Review and Cyber-Capability Benchmarking for Frontier AI Models

Primary source: The White House
Reporting: Roll Call · Council on Foreign Relations

What happened: On June 2 the White House issued “Promoting Advanced Artificial Intelligence Innovation and Security.” It directs Treasury, the NSA, and CISA to design, within 60 days, a voluntary framework under which developers may submit a frontier model for federal evaluation; “covered frontier models” would be made available to the government for up to 30 days before public release. The order establishes a classified NSA-led benchmarking process for offensive cyber capabilities and a voluntary AI cybersecurity clearinghouse to coordinate vulnerability discovery and patching. It explicitly creates no mandatory licensing, preclearance, or permitting requirement.

Why it matters: The load-bearing elements for security teams are the clearinghouse and the cyber-capability benchmark, not a compliance mandate — this is the government building a pre-release read on what frontier models can do offensively, the same measurement the Sophos lab (story 4) and the prompt-injection gap (story 5) show the private sector can’t yet produce consistently. Framing it as “increased regulatory scrutiny” overstates an order that imposes no obligation today.

7. Cisco Restructures Vulnerability Disclosure Around the AI-Compressed Exploit Gap, Adds Runtime Live Protect

Primary source (reporting): Axios · Help Net Security
Vendor primary: Cisco — disclosure cadence · Cisco — Live Protect

What happened: At Cisco Live 2026, Cisco said it will move to scheduled twice-monthly security advisories on the first and third Wednesdays of each month starting in July, with seven days’ advance notice of which technologies each release covers and a stronger risk-based emphasis on flaws under active exploitation. Cisco cited Talos data showing the interval between disclosure and first observed exploitation is compressing as attackers adopt AI automation. It also introduced Live Protect, which applies runtime compensating controls to shield a device against exploitation of a newly disclosed flaw — no reboot or upgrade required — while a permanent patch is staged.

Why it matters: The disclosure-cadence change is the signal, not the product: a major infrastructure vendor is rebuilding how it releases advisories because the disclosure-to-exploitation window is shrinking — the same dynamic the PAN-OS (story 2) and cgroups (story 3) KEV timelines show this week. Predictable windows let teams pre-stage change windows, but they also concentrate patch load on dates adversaries can anticipate. Live Protect is a bet that runtime compensating controls, not patching speed alone, become the near-term answer.

🎯 Cloud Security Topic of the Week:

Security at the Speed of Engineering — Guardrails, Not Gates

Every story above shares a clock problem. The Miasma worm executed at install time, the PAN-OS and cgroups flaws hit KEV faster than monthly patch cycles, the Sophos lab compressed the malware develop-test loop, and Cisco is rebuilding disclosure cadence specifically because the disclosure-to-exploitation window is shrinking. The week’s news is, in aggregate, a story about offense moving faster than the controls built to catch it.

That is exactly the problem Nick Reva designs around at DoorDash. His answer isn’t a new product — it’s a placement decision: put small security teams inside the product teams, and make the security signal arrive where engineers already work, on the pull request, at the speed they ship. Shivani Doke makes the parallel case for governance: stop treating GRC as an annual document refresh and start embedding controls in the lifecycle, validated at runtime. Two halves of one argument about where a control has to live to survive a faster attacker. [Listen to the full episode →]

Featured Experts This Week 🎤

• Nick Reva — Global Security Engineering lead, DoorDash (previously Snapchat, SpaceX)

• Shivani Doke — GRC Engineer

• Ashish Rajan - CISO | Co-Host AI Security Podcast , Host of Cloud Security Podcast

Definitions and Core Concepts 📚

Before diving into our insights, let's clarify some key terms:

• Shift far left: Nick Reva’s extension of “shift left” — embedding small (3–5 person) security tiger teams directly into the product teams building AI features, hardening each surface in its own context with guardrails rather than approval gates.

• Forward-deployed security teams / pods: Small embedded security teams that own the highest-priority product areas, credited on stage to Jason Chan’s “Netflix model.” Distinct from a central AppSec-tooling team that lacks per-team, per-month context.

• Promptfoo: An open-source prompt-injection testing framework Reva likened to Burp Suite for AI — packaged rules you tweak to test for prompt injection, model efficacy, and model ethics, run as an integration test on the pull request.

• “Claude Kiddies”: Reva’s coinage (a play on “script kiddies”) for low-skill actors who use AI to generate bug-bounty reports — and then to argue back against triage teams.

• Security Knowledge Graph: Reva’s runtime control-validation system built on the open-source Cartography framework — it aggregates cloud and endpoint telemetry into a node graph, checks whether a designed control is operating against live runtime data (via eBPF probes observing pod security and Docker exposure), and auto-routes drift to the owning team via Slack or Jira.

• GRC engineering: Shivani Doke’s discipline — moving GRC from point-in-time PDF-policy refreshes to controls embedded in the development lifecycle and validated continuously (runtime monitoring, RASP, attack-surface and supply-chain scanning, compliance enforced as code).

• Nth-party / transitive vendor risk: Third-party vendors carry their own vendors (fourth-, fifth-, Nth-party); a breach anywhere in the transitive dependency chain can expose your data. Current Nth-party monitoring tooling is immature.

• Human-in-the-loop: Reva’s design pattern for autonomous offensive/defensive agents — humans gate the critical decision points; the main-line work is mostly automated.

This week's issue is sponsored by CheckPoint

77% have an AI strategy. Only 26% can enforce it.

Enterprises are adopting AI faster than security can keep up. GenAI, copilots, and autonomous agents are getting greenlit at the top — then landing on teams with no way to see, govern, or stop them when something goes wrong.

The strategy exists. The enforcement doesn't.

Join Ashish Rajan with Check Point's David Haber and Paul Barbosa to work through where traditional security models fall short on AI, and what real-time enforcement actually takes across cloud, SaaS, endpoint, and hybrid.

[Register here for to join the LIVE Event]

💡Our Insights from this Practitioner 🔍

1. Shift far left: guardrails, not gates

The reason the week’s news keeps beating monthly patch cycles is that the attacker’s loop now runs at engineering speed. Reva’s response is to move security to where the engineers already are. Beyond the familiar “shift left,” he frames it as “shift far left”: small security teams embedded inside the product teams building AI features.

“far left means you embed small teams, small tiger teams of security engineers into the development teams are working on the AI initiatives to harden the AI initiatives.”  — Nick Reva

The mechanism is deliberately not a gate. At a three-sided marketplace — dashers, merchants, customers — each surface carries a different AI experience and so a different threat model, and the control has to fit the way each team ships:

“the shift far left is establishing guardrails not gates into your product development story.”  — Nick Reva

Concretely, that means integrating Promptfoo into every repo where AI development happens, writing lint-style rules that look for prompt injections in the agent frameworks in use, and building middle-tier service layers that filter both the prompt and the response. The connection to this week’s news is direct: story 5’s finding that the four major labs can’t agree on how to measure prompt-injection resistance is the strategic version of the same problem Reva solves tactically — if you can’t buy a comparable injection metric, you test injection yourself, in your own pipeline, against your own tool-calling paths.

2. Make the security signal arrive on the pull request

Guardrails beat gates because engineering teams move at engineering speed and won’t stop to ask permission. Reva’s design puts the security check inline, where an engineer is already looking:

“if, for example, an engineer opens up a PR on the repo for one of the… agent frameworks and Promptfoo runs as an integration test and gives them direct feedback on the PR, they’re gonna respond to it like, no, no engineer wants to ship… an agent framework that has prompt injection.”  — Nick Reva

“You have to meet the team at the speed of that the team is operating at.”  — Nick Reva

He noted the open-source version of Promptfoo is powerful enough that buying the commercial tier hasn’t been necessary, though they make it fit their SDLC — and that the same framework does double duty for model-efficacy and model-ethics testing. This is the practitioner answer to Cisco’s story-7 bet: when the disclosure-to-exploitation window shrinks, the control has to be already running where the work happens, not staged for a future change window.

3. Scale scarce security pods with AI-assisted threat modeling

Headcount never matches engineering scale, so the move is to make a small number of forward-deployed engineers far more productive.

“I have 2,500 engineers and I have three of these security pods… I don’t have 10, I don’t have 20, I probably never will from a headcount perspective. So how do I make those three people like really good at their job?”  — Nick Reva

The experiment is AI-assisted threat modeling and product-security review — not generic ChatGPT, but context-specific models wired into the GitHub repos under review. The maturity sequence Reva described: make the human pods better first, iterate the model, then expose it to product teams as self-service.

“the idea is to make the forward deployed security engineer more productive. And then later the idea is to take this and give it to the product teams as like a Chrome extension… this agentic security review framework… we’ll have a virtual security engineer that’ll give you feedback that’s like really calibrated.”  — Nick Reva

An audience practitioner described the same shape from the other side: a “baseline automated prodsec” approach that democratizes a SAST/DAST/SCA/threat-model baseline so every feature gets immediate early feedback, with humans reserved for complex code reviews, complex threat models, and tabletop exercises, gated by risk-based acceptance criteria before production.

4. Security decisions are business decisions — fund and own them accordingly

The forward-deployed model only works if everyone agrees on who owns the call. Reva is blunt that the security team isn’t the decision-maker:

“We’re led to believe security decisions are a security team responsibility. They’re not, they’re a business decision ultimately… The security team is the fact finder about risk and we help them provide technical solutions to solve problems, right? But ultimately the business makes the decision on what we wanna do.”  — Nick Reva

The pod model itself he credits to a lineage:

“Jason Chan invented this idea of forward deployed security teams… that were deployed into the product areas in small tiger teams… And I’ve adopted this at DoorDash.”  — Nick Reva

The budgeting takeaway he offered: align the pod’s funding ask with whatever business line security reports into (DoorDash’s reports into Legal, which he said works fine), and treat AI risk as one novel, complex category of business risk the board must hear about — not a siloed security cost.

5. “Claude Kiddies”: AI collapses the attacker skill floor — so triage with AI

Asked what AI attack actually keeps him up, Reva’s answer wasn’t novel malware. It was volume and the disappearance of the skill bar for low-end offense:

“the hobbyist level people are getting involved… There used to be like a… level of technical proficiency that you have to have to do this kind of work. It’s gone… ’cause they’re vibe coding the bug bounty reports.”  — Nick Reva

His coinage for them — a play on “script kiddies” — was the line of the night: they’re “Claude Kiddies.” An audience member noted curl recently closed its bug-bounty program over an influx of AI-generated reports. Reva’s response is symmetric, and maps onto the Sophos lab in story 4 (offense automated, defense automates back):

“if they’re using Claude to generate bug bounty reports, we have to use Claude to triage those reports.”  — Nick Reva

The nuance worth keeping: he argued bug bounties absolutely should still exist, because the genuinely novel, high-complexity vulnerabilities still won’t be found by automated pentest tooling, and “there shouldn’t be a race to the bottom in every category.” Triage the AI noise with AI; reserve human researchers for the consequential, novel work.

6. Human-in-the-loop at the critical decision points, automation on the main line

The bug-bounty discussion ran into the harder question: an autonomous offensive agent has no “rules of engagement” the way a human pentester does — you can’t easily tell it “this is far enough.” Reva’s model, which he tied to the Anthropic framing, is to gate the decisions that matter and automate the rest:

“it’s human in the loop for the critical decision points. And then… maybe like the main line aspects of it are… mostly automated, right?”  — Nick Reva

For teams deploying offensive or autonomous security agents, the design pattern is to place explicit human approval at the consequential points — scope expansion, exploitation, lateral movement — rather than trying to encode complete rules of engagement up front, and automate the routine work between those gates. It’s the same principle the story-6 executive order reaches for at national scale: build the measurement and the review checkpoint, don’t pretend full autonomy is safe.

7. GRC engineering: move off the annual PDF refresh and embed controls in the lifecycle

Shivani Doke’s half of the conversation reframes governance the same way Reva reframes appsec. The reputation problem, she argued, comes from GRC being a point-in-time, document discipline:

“that’s where the beef… against the GRC folks really comes because we mostly focus on having all these policies. There’s this annual policy refresh where we just make some edits in the Word document in the PDFs… But we have to move away from that towards… really embedding these security controls within our development life cycles.”  — Shivani Doke

On ownership, she rejects a one-team answer:

“who owns AI risk really depends on the use case.”  — Shivani Doke

A business unit that requests an AI-forward vendor owns that vendor’s risk (via third-party assessment, model cards, continuous scanning); an in-house fine-tuned or foundational model puts ownership on the IT or developer-experience team building it. The concrete GRC-engineering control she described: if policy says no AI-agent-authored code can be merged, implement an automated flag — a two-person control — that blocks that code in the pipeline rather than attesting it in a document. An audience practitioner added the audit-automation angle: run a “SOC 2 every morning at 10:00 AM” to check whether built controls are still intact, and tie breaks to business risk before they become audit risk.

7. Continuous validation across an Nth-party attack surface

The most cloud-relevant control of the night ties both speakers together. Reva offered his “Security Knowledge Graph” — built on the open-source Cartography framework — as GRC engineering in practice: aggregate cloud and endpoint telemetry into a node graph and check, at runtime, whether a designed control is actually operating.

“you can even take controls that you’ve designed and say, is this control operating based on real time runtime data? So you have like eBPF probes, like observing your pod security… you can actually do that at runtime to see if that control is implemented. And if it isn’t… then you can fire a Slack notification or a Jira ticket to that owning team.”  — Nick Reva

Doke supplied the reason that runtime validation now has to reach down the supply chain — the vendor surface is transitive:

“when you onboard a third party vendor, you’re also onboarding that third party vendor’s other dependencies, other vendors. So basically that becomes a transitive dependency. So if something happens to my data that’s been hosted on the third party’s cloud and the third party’s cloud security provider has a breach, then my data has been breached.”  — Shivani Doke

This is the conversation’s tightest link to the week’s lead story. The Miasma worm (story 1) is exactly an Nth-party compromise — a trusted vendor’s namespace, poisoned upstream, stealing Kubernetes service-account tokens at install time — and the cgroups escape (story 3) is exactly the pod-boundary failure Reva’s eBPF probes are watching for. Doke flagged that current Nth-party monitoring tooling is “not… state of the art” and can’t yet be fully relied on; the practical posture is to interrogate each vendor’s own AI dependencies and downstream sub-processors, and to validate the controls you depend on against live runtime data rather than a signed attestation.

Practical takeaways for cloud security leaders

A few things senior cloud security leaders can act on in the next 30–60 days:

• Put the security signal on the pull request. Run prompt-injection testing (e.g., Promptfoo) as an integration test in every repo where AI development happens, so engineers get inline feedback rather than a gate they route around.

• Test injection yourself — don’t buy a comparable metric. The labs don’t agree on how to measure it, so run adversarial tests against your own tool-calling and retrieval paths before deploying an agent in a sensitive workflow.

• Validate controls at runtime, not on paper. Stand up control-validation against live telemetry (eBPF pod-security probes, cloud + endpoint graph) and auto-route drift to the owning team via Slack or Jira.

• Triage AI bug-bounty noise with AI. Use automation to clear the low-skill, AI-generated report volume and reserve human researchers for novel, high-complexity findings.

• Reach down the supply chain. Treat install-time scripts and transitive (Nth-party) dependencies as a credential-theft surface — monitor preinstall/postinstall execution and interrogate each vendor’s own AI dependencies and sub-processors.

🧠 Mental Model — The Vendor List Was the Inventory. The Inventory Is Now the Vendor List.

For 20 years, security ran on gates: a review step that work had to pass through before it shipped. The gate worked because the attacker’s loop was slower than the approval cycle — there was time to stop, inspect, and sign off.

That timing assumption is now inverted. The Miasma worm executed at install time, the KEV deadlines beat monthly patch cycles, the Sophos lab compressed the malware develop-test loop, and Cisco is rebuilding its disclosure cadence around a shrinking disclosure-to-exploitation window. When offense runs at engineering speed, a gate is just a place the attacker has already passed.

The control that survives is the one already running where the work happens — on the pull request, in the pipeline, against live runtime telemetry — with a human reserved only for the consequential decision. Guardrails, not gates. Embed the control in the lifecycle, validate it continuously, and put the human at the point of risk acceptance, not at the door.

📚 RELATED RESOURCES 🎧

• Wiz Research — Miasma supply-chain attack on Red Hat npm packages

• Palo Alto Unit 42 — Monitoring npm supply-chain attacks

• CISA Known Exploited Vulnerabilities (KEV) Catalog

• Palo Alto Unit 42 — CVE-2022-0492 cgroups container-escape analysis

• Aqua Security — Escaping containers by abusing cgroups

• Sophos research (via BleepingComputer) — AI-built ransomware toolkit automates EDR evasion

• The White House — Promoting Advanced AI Innovation and Security (executive order)

• Promptfoo — open-source prompt-injection / LLM testing framework 

• Cartography — open-source asset/relationship security graph framework

Podcast Episode

• Full Episode with Nick Reva and Shivani Doke — Complete transcript and audio for this week's featured conversation

Question for you? (Reply to this email)

🤔 Is your security signal arriving on the pull request, or still waiting at a gate the attacker already ran past?

Next week, we'll explore another critical aspect of cloud security. Stay tuned!

📬 Want weekly expert takes on AI & Cloud Security? [Subscribe here]”

We would love to hear from you📢 for a feature or topic request or if you would like to sponsor an edition of Cloud Security Newsletter.

Thank you for continuing to subscribe and Welcome to the new members in tis newsletter community💙

Peace!

Shilpi Bhattacharjee

Was this forwarded to you? You can Sign up here, to join our growing readership.

Want to sponsor the next newsletter edition! Lets make it happen

Have you joined our FREE Monthly Cloud Security Bootcamp yet?

checkout our sister podcast AI Security Podcast