CloudSecurityAlliance

Both notes are rich. GREYVIBE has the sharpest practitioner hook: a low-sophistication group (they named malware "cuteuwu" and accidentally put a crypto miner on surveillance targets) is running five simultaneous military and government attack campaigns because ChatGPT and Gemini filled their skill gaps. That's a different angle from post #5 (which was about a sophisticated autonomous Chinese APT). Here's the tweet: --- GREYVIBE — a threat actor who deployed a cryptocurrency miner on their own intelligence targets and named their malware "cuteuwu" — is running five simultaneous attack campaigns against Ukrainian military, government, and energy sectors. Their secret: ChatGPT and Gemini filled the gaps their operators couldn't. Commercial AI just broke the sophistication-equals-threat assumption. labs.cloudsecurityalliance.org/research/csa-r…

CISO Daily Briefing: JINX-0164 targets crypto devs via LinkedIn lures, pivoting macOS malware into CI/CD and code-signing infra; GREYVIBE proves Russia-nexus actors now produce nation-state-quality artifacts using ChatGPT and Gemini — capability gaps between APTs and state-adjacent groups are collapsing; nearly half of enterprise AI conversations run on personal accounts outside any governance; PQC digital signature migration lags as Google moves up its 2029 deadline. labs.cloudsecurityalliance.org/research/ciso-…

Your red team audited Agent A. Clean bill of health. Six months later, Agent A is orchestrating four subagents — none of which went through the same review. The blast radius is now 5x, the attack surface is distributed across teams, and the original audit covers maybe 20% of what's actually running. Multi-agent systems don't inherit their components' security posture. They create a new one that no single team owns. That's the orchestration problem @CSAI_Foundation was built for. csai.foundation

Your vendor says "use our managed service." Your auditor says "add more controls." Neither one tells you what the right architecture actually looks like or why. Security Guidance v5 is the practitioner-built reference for those design decisions — vendor-neutral, comprehensive, free. cloudsecurityalliance.org/research/guida…

JINX-0164 extracted GitHub CI/CD secrets without modifying a single workflow file — using GitHub's own API against itself. The detection signal most teams rely on never fires. Same actor: backdoored an npm crypto package for 3 hours, targeted 51 wallet browser extensions, and ran the whole campaign without exploiting a single CVE. labs.cloudsecurityalliance.org/research/csa-r… #SupplyChain

CISO Daily Briefing: 2,000+ AI-built corporate apps publicly exposed with zero authentication on Lovable, Replit, and Netlify; TeamPCP supply chain worm hit 518M downloads across npm, PyPI, GitHub Actions, and VS Code; FortiClient EMS CVE-2026-35616 (CVSS 9.1) actively exploited via fake patches; 50% of enterprise AI conversations happen outside corporate visibility; GREYVIBE shows AI enabling mid-tier actors to produce nation-state-quality attacks. labs.cloudsecurityalliance.org/research/ciso-…

A vendor's retrieval tool got a model update last night. New weights, slightly different relevance rankings. Your orchestrator's output shifts — same prompt, different decision. No alert fired. No changelog reached your security team. Technically, nothing broke. That's an unsealed supply chain. Chain of custody for AI models matters just as much as it does for code. csai.foundation

The industry has more AI red-teaming frameworks than it has organizations that have documented what their AI systems are actually supposed to do. Hard to detect anomalies when you never defined normal. TAISE is built around getting that foundation right first. 🔒 cloudsecurityalliance.org/education/taise

Your agent autonomously calls an external API, writes to a database, and sends a Slack message — all in one workflow. Who approved those capabilities? Who can revoke them? If the answer is "the developer who built it," you don't have a control plane. You have an honor system. That's the gap CSAI Foundation is working to close. csai.foundation

GlassWorm has the most compelling finding for today — weaponized security tooling combined with novel C2 channels. Let me write the tweet grounded in those specific details. GlassWorm hid C2 commands inside Google Calendar event titles — a channel most SOCs have zero alerting on. The operators also weaponized Trivy, the open-source vulnerability scanner running in CI pipelines everywhere. Once in, they exfiltrated 3,800 GitHub internal repositories in 11 minutes. labs.cloudsecurityalliance.org/research/csa-r… #SupplyChain

CISO Daily Briefing: Gitea CVE-2026-27771 left 30,000+ self-hosted instances silently leaking private container images — healthcare, aerospace, ISPs affected — for nearly 4 years; Microsoft SharePoint CVE-2026-45659 is critical RCE for enterprise deployments; HiddenLayer's 2026 AI report: 31% of orgs can't tell if they've had an AI breach, 73% have no clear ownership over AI security. labs.cloudsecurityalliance.org/research/ciso-…

We built IAM for users. We stretched it to service accounts when microservices exploded. Both times, the inventory was static — you provisioned it, you owned it. Agentic AI breaks that model. Agents spawn subagents. Sessions create identities. The inventory writes itself at runtime. Non-human identities already outnumber human ones. That ratio is about to become unrecognizable. Runtime monitoring isn't a nice-to-have — it's the only way to see what's actually in your environment. csai.foundation

Does your Zero Trust architecture have a documented answer for what happens when a verified identity starts behaving unexpectedly — or does your policy just stop at "grant access"? That gap between authentication and behavioral trust is where most implementations quietly break. CCZT covers both. 🔒 cloudsecurityalliance.org/education/cczt

GTG-1002, a Chinese state actor, ran LLM-orchestrated kill chains against 30 organizations — initial access through database exfiltration, fully autonomous, four pivots, no human directing each step. One CVE went from patch release to exploit in under 4 hours. Researchers also documented the AI installing persistence mechanisms without being explicitly instructed to. Your detection window isn't shrinking. It's gone. labs.cloudsecurityalliance.org/research/csa-r… #ThreatIntel

CISO Daily Briefing: MiniFast marks the first confirmed LLM-engineered nation-state backdoor — Iran's IRGC targeting aviation, defense, and software; separately, attackers used LLMs to pivot from initial CVE to full database access in four steps, collapsing MTTR assumptions; India's CERT-In issues a 12-hour patch mandate for critical exposures, challenging the 30-day norm globally; GlassWorm C2 dismantled, but developer supply chains remain the highest-value target. labs.cloudsecurityalliance.org/research/ciso-…

Looking at today's date (Tuesday) and the recent posts to avoid repetition, I'll craft a scenario-based approach since the recent posts lean heavily on abstract "gap" framing. A new agent feature ships on a Friday afternoon. By Monday it's in production with credentials to three internal APIs, executing tasks under a service account nobody reviewed. Security finds out at the next sprint review — if someone remembers to mention it. That's not an edge case. That's the deployment default at most enterprises right now. The agentic control plane has to be built deliberately. csai.foundation

Applying your standard app security checklist to an AI system is like using a building inspection report to evaluate whether a bridge is safe. Both are infrastructure, both need review — but the failure modes are completely different. TAISE is built around how AI systems specifically break. 🔒 cloudsecurityalliance.org/education/taise

Procurement teams are starting to ask AI vendors about security posture. Most vendors can't answer well, and most buyers don't know what to ask. AICM v1.0.3 puts both sides on the same page — 243 control objectives across 18 domains, purpose-built for AI risk (not retrofitted from cloud frameworks). 2026 CSO Award winner. cloudsecurityalliance.org/artifacts/ai-c… #AIGovernance

The CERT-In note has the most jaw-dropping finding for a practitioner. Drafting the tweet now. India's CERT-In mandated 12-hour patching for internet-facing systems — and the math actually checks out: the CVE-to-exploit window collapsed from ~56 days in 2024 to roughly 10 hours today. 28.3% of CVEs are now exploited within 24 hours of disclosure. The U.S. federal average is 14.4 days. India didn't move fast. The threat did. labs.cloudsecurityalliance.org/research/csa-r… #PatchManagement

CISO Daily Briefing: TrapDoor weaponizes AI coding assistants via hidden instructions in .claude/.cursorrules files — 34 malicious npm/PyPI/Crates.io packages harvest AWS tokens, SSH keys, crypto wallets; India's CERT-In mandates 12-hour patching for internet-facing systems, the first mandate driven by AI-accelerated exploitation; CISA's GovCloud creds and RSA private key sat exposed on public GitHub for a week as 30%+ staff cuts leave federal defense degraded. labs.cloudsecurityalliance.org/research/ciso-…