appsec.fyi · Sources

cloudsek.com

7 curated AppSec resources from cloudsek.com across 4 topics on appsec.fyi.

cloudsek.com

Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-07-08.

Date Added Resource Excerpt
2026-07-08 2026What is Prompt Injection? How it Works and How to Prevent ItAILibrary for understanding and defending against prompt injection attacks, a top risk for LLM Applications, including techniques like EchoLeak (CVE-2025-32711) impacting Microsoft 365 Copilot and the OWASP LLM Top 10 designation. It details how instruction-overriding, natural-language-based, model-agnostic, and hard-to-eliminate attacks work, differentiating them from jailbreaking, and covers risks such as data theft and remote code execution. The library also explores methods to reduce this threat in connected systems and agentic AI.
2026-07-02 202615 Best Practices to Prevent Supply Chain Attacks in 2026Supply ChainReference on best practices to prevent supply chain attacks in 2026, detailing how attackers exploit trusted relationships through compromised third-party vendors or software dependencies. It covers real-world examples like SolarWinds, MOVEit Transfer, 3CX Desktop App, Kaseya VSA, Codecov, Target, and XZ Utils, and outlines 15 preventative measures including Zero Trust Architecture, SBOM maintenance, vendor risk management, MFA, least privilege, third-party activity monitoring, securing the SDLC, and code signing.
2026-06-03 2026How an Unauthenticated MCP Server Led to SSRF LFI and AWS Credential TheftSSRFWriteup of a real-world attack chaining Server-Side Request Forgery (SSRF), Local File Inclusion (LFI), and AWS credential theft via an unauthenticated Model Context Protocol (MCP) server. This finding highlights the rapid adoption of MCP for AI integrations, outpacing security maturity and leaving systems vulnerable to exploitation, as demonstrated by the theft of live AWS IAM credentials and database secrets from a customer environment.
2026-06-02 2026How an Unauthenticated MCP Server Led to SSRF LFI and AWS Credential TheftSSRFLibrary for discovering and analyzing security risks in AI integrations. It highlights vulnerabilities in Model Context Protocol (MCP) servers, such as Server-Side Request Forgery (SSRF) and Local File Inclusion (LFI), demonstrated by a real-world case study where an unauthenticated MCP server led to AWS credential theft. The library addresses the growing attack surface created by rapid AI adoption and the security maturity gap in new AI-native technologies.
2026-05-14 2026Inside a Tor Backed Supply Chain WormSupply ChainLibrary for detecting sophisticated npm supply chain attacks, featuring the `crypto-javascri` package that mimics `crypto-js`. This malicious package harvests npm and GitHub credentials, hijacks maintainer accounts to republish trojanized packages, and deploys a Tor-based command-and-control implant. The worm targets Linux developer systems and CI/CD environments, propagating by injecting itself into legitimate packages and updating their versions.
2026-04-11 2026The Scanner Was the Weapon: 36 Months of Precision Supply Chain Attacks Against DevSecOps InfrastructureSupply ChainLibrary detailing 36 months of precision supply chain attacks, highlighting compromises of DevSecOps tools like vulnerability scanners and CI/CD pipelines. It examines the XZ Utils backdoor (CVE-2024-3094), the reviewdog GitHub Actions compromise (CVE-2025-30066 / CVE-2025-30154), and the multi-stage infostealer targeting Aqua Security's Trivy. The analysis reveals attacker sophistication in targeting trusted software, leveraging build-time injection and automated trust exploitation.
2026-04-06 202610 Best Threat Intelligence Tools In 2026OSINTLibrary of threat intelligence tools for 2026, including CloudSEK, Recorded Future, CrowdStrike, Mandiant, and Microsoft, were evaluated for their predictive depth, contextual accuracy, and integration with operational security workflows. These platforms collect, analyze, and contextualize information about emerging cyber threats from various sources, including dark web communities and malware repositories. Key features reviewed include external attack surface monitoring, brand impersonation detection, infrastructure exposure tracking, and integration with SIEM, SOAR, and XDR systems for improved detection and response.