CloudSecurityAlliance

Friday confession: those access permissions you flagged for review "this sprint" have been sitting in the queue since last quarter. Zero Trust architecture doesn't fix the backlog — but it does mean fewer people had excess access while you weren't looking. 🔒 CCZT: https://t.co/FQ0RKRE1Y3

Post-incident retrospective. Two hours in, someone asks: "What should our baseline have been for this environment?" Nobody has a clean answer. Security Guidance v5 is the reference that answers that question before the incident happens — not after. Vendor-neutral, practitioner-built, and comprehensive across the decisions teams actually argue about. https://t.co/BNHaB086pX

Stolen AI compute isn't just being resold anymore — attackers are weaponizing it directly. A new LLMjacking framework embeds hijacked inference as an autonomous reasoning engine, chaining service fingerprinting through exploit synthesis without human involvement. A full 4-pivot intrusion — RCE to database exfiltration — completed in 22 seconds. Your compromised endpoint becomes their attack platform. https://t.co/iZusZS6Jbk #AISecurity

CISO Daily Briefing: Defender CVE-2026-50656 ("RoguePlanet") has a working public exploit hitting 100% success on some hardware with no patch available; 15 JetBrains marketplace plugins silently drained LLM API keys from 25K+ developer installs since October; US government suspended Fable 5/Mythos 5 access for all foreign nationals — the first model-level AI export control order, with the EU already advancing AI sovereignty legislation in response. https://t.co/8B7WQg2xI3

Model vendors ship silent updates. No alert fires. No changelog hits your monitoring stack. But your agent's reasoning just changed — the same prompt now yields a different decision. That's not a bug. It's expected behavior. And most orgs have no process for detecting it. Chain of custody for autonomous decisions is the supply chain gap nobody's tracking yet. https://t.co/T5By1tI4Ex

Handing developers a security checklist and calling it "shift left" isn't a training strategy — it's liability reassignment. The people shipping code to the cloud need to actually understand what they're responsible for, not just what box to check. CCSK is built to create that foundation. 🔒 https://t.co/d9kwHN8smX

CISO Daily Briefing: Mastra AI supply chain — 144 backdoored npm packages deployed in 88 min via hijacked contributor account; Joomla JCE CVE-2026-48907 (CVSS 10.0) actively exploited, patch now; FortiBleed leaked 73,000 VPN credentials — rotate; stolen AI compute now drives autonomous offensive tooling; U.S. Commerce suspended frontier AI model access in a first-ever capability-level revocation; PCI DSS v4.0.1 third-party script controls now in effect. https://t.co/EDQwV3ClFk

Your identity governance scales to the number of identities you've catalogued. That assumption just broke. Agentic AI creates ephemeral identities mid-task — sub-agents, delegated tool sessions, scoped contexts that exist for minutes then vanish. No ticket. No record. No offboarding. Non-human identities already outnumber human ones. The ones your directory never saw are where the risk lives. Runtime monitoring isn't optional. It's the only governance layer that reaches them. https://t.co/T5By1tI4Ex

Can you name — off the top of your head — which security controls your cloud provider handles and which ones your team owns? Most people have a rough answer. The edge cases are where misconfigurations live, and those edge cases are exactly where incidents start. CCSK is built around knowing that line cold. https://t.co/d9kwHN7Uxp

Your procurement team is about to sign a 3-year contract with a cloud provider. Legal reviewed the SLA. Finance approved the spend. Security got a completed questionnaire back from the vendor. That questionnaire is self-reported. STAR Registry is where providers publish — and third parties verify — their actual security posture. World's largest cloud assurance program, publicly searchable before you sign anything. https://t.co/wXQchgAKfG

The AUR/eBPF story is the sharper practitioner hook — the finding that forensic tools report "clean" on an actively compromised host is genuinely counterintuitive, it's supply chain targeting developer tooling (fitting Wednesday's criteria), and it hasn't been tweeted despite being considered previously. The Federal Reserve/BOD story is policy territory we can save for later. Attackers didn't find a vulnerability in the AUR — they claimed 1,500 orphaned packages through the official adoption workflow. The payload drops an eBPF rootkit that hides itself from getdents64() and kills debugger attachments on contact, so forensic tools report clean on an actively compromised host. Only defensible remediation is full OS reinstall from trusted media. https://t.co/5JrqCnRB4h #SupplyChain

CISO Daily Briefing: Fortinet FortiSandbox took three CVSS 9.1 unauthenticated RCE hits within 24 hours — one CVE had been patched just a week earlier; CISA BOD 26-04 supersedes BOD 22-01 and 19-02 with a four-factor risk model now binding on federal contractors; Microsoft's June Patch Tuesday hit a record 206 CVEs — engineers attribute the volume to AI-assisted discovery, exposing a widening gap in remediation capacity. https://t.co/2RVGYPB0Ko

Your infra team provisions a compute cluster: change ticket, peer review, documented scope. Your product team ships an agent in the same sprint: no ticket, no review. Tool access expands two weeks later without a second glance. Same enterprise. Two completely different security realities. That's not a culture problem. That's a missing control plane. https://t.co/T5By1tI4Ex #AgenticAI

Feeding sensitive documents into a public AI tool is like dictating your board meeting notes to a transcription service without reading the terms of service. The information gets where you need it — and potentially a few other places too. TAISE is built to help you understand exactly these kinds of risks. 🔒 https://t.co/rZNoyh0BoC

When your AI vendor sends over a security questionnaire response, what are you actually comparing it against? Most teams fall back on frameworks built before generative AI existed. AICM v1.0.3 gives you 243 control objectives across 18 domains built specifically for how AI systems fail — so vendor reviews are grounded in current risk, not retrofitted app security controls. https://t.co/4xQxvDvtFp

The LiteLLM finding has the sharpest practitioner hook — security tools themselves (Trivy, Checkmarx KICS) became the attack entry point, leading to an AI gateway that holds every upstream provider's credentials simultaneously. That's a genuinely counterintuitive supply chain angle that hasn't appeared in recent posts. Your Trivy vulnerability scanner and Checkmarx KICS GitHub Action were the entry point — not LiteLLM itself. CI/CD-privileged security tooling got compromised first, then used to reach the AI gateway holding credentials for every upstream provider at once. AI gateways are the new credential aggregation risk. Treat them like your IdP. CISA agrees — federal remediation deadline is June 22. https://t.co/SrWEanmveh #AISecurity

CISO Daily Briefing: LiteLLM CVE-2026-47101 (CVSS 9.9) three-CVE chain: low-priv to RCE, 100+ AI provider keys exposed — patch to v1.83.14; M365 Copilot CVE-2026-42824 exfiltrates email, OneDrive, and MFA codes from a single legitimate Microsoft click, server-side mitigated; OMB M-26-14 mandates continuous AI monitoring, ending point-in-time audits; U.S. suspended Anthropic Fable 5/Mythos 5 for foreign nationals — AI BCP gaps are now operational risk. https://t.co/keQSHq4XvT

Agentjacking is the stronger pick — the "authorized intent chain" finding is more counterintuitive than the AUR rootkit, and it hasn't been covered in the recent posts. Writing the tweet now from the specific Sentry DSN injection findings. No credentials needed to hijack your AI coding agent. An attacker posts a fake Sentry error event with embedded "fix" instructions → your agent reads it via MCP → executes a malicious npx payload. Every hop is authorized — EDR, WAF, and IAM see nothing unusual. 85% success rate across Claude Code, Cursor, and Codex. Sentry says the problem is "not defensible" at the platform level. https://t.co/UzoDHIZfzD #AppSec