cloudsek.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-06-03.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-06-03 2026 | How an Unauthenticated MCP Server Led to SSRF LFI and AWS Credential TheftSSRF | Writeup of a real-world attack chaining Server-Side Request Forgery (SSRF), Local File Inclusion (LFI), and AWS credential theft via an unauthenticated Model Context Protocol (MCP) server. This finding highlights the rapid adoption of MCP for AI integrations, outpacing security maturity and leaving systems vulnerable to exploitation, as demonstrated by the theft of live AWS IAM credentials and database secrets from a customer environment. |
| 2026-06-02 2026 | How an Unauthenticated MCP Server Led to SSRF LFI and AWS Credential TheftSSRF | Library for discovering and analyzing security risks in AI integrations. It highlights vulnerabilities in Model Context Protocol (MCP) servers, such as Server-Side Request Forgery (SSRF) and Local File Inclusion (LFI), demonstrated by a real-world case study where an unauthenticated MCP server led to AWS credential theft. The library addresses the growing attack surface created by rapid AI adoption and the security maturity gap in new AI-native technologies. |
| 2026-05-14 2026 | Inside a Tor Backed Supply Chain WormSupply Chain | Library for detecting sophisticated npm supply chain attacks, featuring the `crypto-javascri` package that mimics `crypto-js`. This malicious package harvests npm and GitHub credentials, hijacks maintainer accounts to republish trojanized packages, and deploys a Tor-based command-and-control implant. The worm targets Linux developer systems and CI/CD environments, propagating by injecting itself into legitimate packages and updating their versions. |
| 2026-04-11 2026 | The Scanner Was the Weapon: 36 Months of Precision Supply Chain Attacks Against DevSecOps InfrastructureSupply Chain | Library detailing 36 months of precision supply chain attacks, highlighting compromises of DevSecOps tools like vulnerability scanners and CI/CD pipelines. It examines the XZ Utils backdoor (CVE-2024-3094), the reviewdog GitHub Actions compromise (CVE-2025-30066 / CVE-2025-30154), and the multi-stage infostealer targeting Aqua Security's Trivy. The analysis reveals attacker sophistication in targeting trusted software, leveraging build-time injection and automated trust exploitation. |
| 2026-04-06 2026 | 10 Best Threat Intelligence Tools In 2026OSINT | Library of threat intelligence tools for 2026, including CloudSEK, Recorded Future, CrowdStrike, Mandiant, and Microsoft, were evaluated for their predictive depth, contextual accuracy, and integration with operational security workflows. These platforms collect, analyze, and contextualize information about emerging cyber threats from various sources, including dark web communities and malware repositories. Key features reviewed include external attack surface monitoring, brand impersonation detection, infrastructure exposure tracking, and integration with SIEM, SOAR, and XDR systems for improved detection and response. |