Datadog Security Labs
LightNews LightNews
banner
securitylabs.datadoghq.com
Datadog Security Labs
@securitylabs.datadoghq.com
570 followers 36 following 40 posts
Read our Security Labs blog: https://securitylabs.datadoghq.com

Subscribe to our monthly newsletter: https://securitylabs.datadoghq.com/newsletters/
Posts Replies Media Videos
securitylabs.datadoghq.com
MUT-4831: Trojanized npm packages deliver Vidar infostealer malware

securitylabs.datadoghq.com/articles/mut...
MUT-4831: Trojanized npm packages deliver Vidar infostealer malware | Datadog Security Labs
Analysis of a threat actor campaign targeting Windows users with Vidar infostealer malware via malicious npm packages
securitylabs.datadoghq.com
November 6, 2025 at 10:57 AM
securitylabs.datadoghq.com
A runtime security approach to detecting supply chain attacks

securitylabs.datadoghq.com/articles/sup...

by Lorenzo Susini, Detection Engineer
A runtime security approach to detecting supply chain attacks | Datadog Security Labs
Detecting software supply chain attacks through runtime security.
securitylabs.datadoghq.com
November 5, 2025 at 2:59 PM
securitylabs.datadoghq.com
Datadog threat roundup: Top insights for Q3 2025

securitylabs.datadoghq.com/articles/202...
Datadog threat roundup: Top insights for Q3 2025 | Datadog Security Labs
Threat insights from Datadog Security Labs for Q3 2025.
securitylabs.datadoghq.com
November 3, 2025 at 3:42 PM
securitylabs.datadoghq.com
Learnings from recent npm supply chain compromises

securitylabs.datadoghq.com/articles/lea...
Learnings from recent npm supply chain compromises | Datadog Security Labs
A look at recent npm supply chain compromises and how we can learn from them to better prepare for future incidents.
securitylabs.datadoghq.com
October 30, 2025 at 7:44 PM
securitylabs.datadoghq.com
The October edition of the Datadog Security Digest is out!

securitylabs.datadoghq.com/newsletters/...
The State of Cloud Security, MCP Risks, and Azure vulnerabilities | Datadog Security Labs
This edition covers The State of Cloud Security, MCP Risks, and Azure vulnerabilities
securitylabs.datadoghq.com
October 30, 2025 at 12:44 PM
securitylabs.datadoghq.com
CoPhish: Using Microsoft Copilot Studio as a wrapper for OAuth phishing

securitylabs.datadoghq.com/articles/cop...

by @siigil.bsky.social
CoPhish: Using Microsoft Copilot Studio as a wrapper for OAuth phishing | Datadog Security Labs
Copilot Studio links look benign, but they can host content to redirect users to arbitrary URLs. In this post, we document a method by which a Copilot Studio agent's login settings can redirect a user...
securitylabs.datadoghq.com
October 28, 2025 at 1:12 PM
securitylabs.datadoghq.com
Our State of Cloud Security 2025 study is out!

www.datadoghq.com/state-of-clo...

• On AWS, 40% of organizations leverage data perimeters
• 11% of Google Cloud GKE and 23% of Google Cloud VMs are overprivileged
• On Azure, 1.3% of storage containers are public, 58% proactively block public access
State of Cloud Security | Datadog
For our 2025 report, we analyzed AWS, Google Cloud, and Azure data from thousands of organizations to understand the latest trends in cloud security posture.
www.datadoghq.com
October 8, 2025 at 9:10 PM
securitylabs.datadoghq.com
The September edition of the Datadog Security Digest is out: securitylabs.datadoghq.com/newsletters/...
npm supply chain attacks, Amazon Bedrock security, and MCP vulnerabilities | Datadog Security Labs
This edition covers three major supply chain attacks targeting npm, two MCP security vulnerabilities, and multiple posts related to the Amazon Bedrock service.
securitylabs.datadoghq.com
October 2, 2025 at 9:06 AM
securitylabs.datadoghq.com
In case you missed it, the August edition of the Datadog Security Digest went out last week!

securitylabs.datadoghq.com/newsletters/...
Q2 threat report, prompt injection, and fwd:cloudsec Europe | Datadog Security Labs
This edition covers Datadog's Q2 threat report, new cloud security research, AI security vulnerabilities, application security findings, and upcoming community events
securitylabs.datadoghq.com
September 5, 2025 at 7:31 AM
securitylabs.datadoghq.com
CVE-2025-52882: WebSocket authentication bypass in Claude Code extensions (patched)

securitylabs.datadoghq.com/articles/cla...

Zander Mackie
CVE-2025-52882: WebSocket authentication bypass in Claude Code extensions | Datadog Security Labs
A critical vulnerability in older versions of the Claude Code for Visual Studio Code (VS Code) and other IDE extensions allowed malicious websites to connect to unauthenticated local WebSocket servers...
securitylabs.datadoghq.com
August 26, 2025 at 1:23 PM
securitylabs.datadoghq.com
MCP vulnerability case study: SQL injection in the Postgres MCP server. Comes with a full reproducible proof-of-concept

securitylabs.datadoghq.com/articles/mcp...

by Santiago Mola
MCP vulnerability case study: SQL injection in the Postgres MCP server | Datadog Security Labs
Learn how vulnerability in Anthropic's reference Postgres MCP server allowed us to bypass teh read-only restriction and execute arbitrary SQL statements.
securitylabs.datadoghq.com
August 21, 2025 at 12:42 PM
securitylabs.datadoghq.com
Enumerating AWS the quiet way: CloudTrail-free discovery with Resource Explorer

by @frichetten.com

securitylabs.datadoghq.com/articles/enu...
Enumerating AWS the quiet way: CloudTrail-free discovery with Resource Explorer | Datadog Security Labs
Discover how attackers could quietly enumerate AWS resources via Resource Explorer, and how Datadog and AWS worked together to close the visibility gap.
securitylabs.datadoghq.com
August 20, 2025 at 7:33 AM
securitylabs.datadoghq.com
The July edition of the Datadog Security Digest is out!

securitylabs.datadoghq.com/newsletters/...

• Cloud image investigator by @sethsec.bsky.social
• Our top picks for Black Hat / DEF CON
• A benchmark for LLM coding accuracy and security
• Malicious Homebrew installation campaign
.. and more
Preparing for Hacker Summer Camp and a new cloud image investigator | Datadog Security Labs
This month’s digest covers Hacker Summer Camp prep, a new cloud image investigator, and supply-chain vulnerabilities associated with the Open VSX Registry.
securitylabs.datadoghq.com
July 31, 2025 at 9:00 PM
securitylabs.datadoghq.com
Datadog guide to Hacker Summer Camp 2025, amd the top 50 talks we're excited about

securitylabs.datadoghq.com/articles/hac...
Datadog guide to Hacker Summer Camp 2025 | Datadog Security Labs
Get ready to take on Hacker Summer Camp with our guide on planning, prepping, and schedules for Datadog events.
securitylabs.datadoghq.com
July 29, 2025 at 8:14 PM
securitylabs.datadoghq.com
Beyond Mimo’lette: Tracking Mimo's Expansion to Magento CMS and Docker

securitylabs.datadoghq.com/articles/bey...
Beyond Mimo’lette: Tracking Mimo's Expansion to Magento CMS and Docker | Datadog Security Labs
This post reports on activity from the 'Mimo' threat actor.
securitylabs.datadoghq.com
July 21, 2025 at 8:57 PM
securitylabs.datadoghq.com
I SPy: Escalating to Entra ID's Global Admin with a first-party app

securitylabs.datadoghq.com/articles/i-s...

by @siigil.bsky.social
I SPy: Escalating to Entra ID's Global Admin with a first-party app | Datadog Security Labs
Backdooring Microsoft's applications is far from over. Adding service principal credentials to these apps to escalate privileges and obfuscate activities has been seen in nation-state attacks, and led...
securitylabs.datadoghq.com
July 16, 2025 at 12:21 PM
securitylabs.datadoghq.com
Kubernetes security fundamentals, part 7: Public Key Infrastructure (PKI)

securitylabs.datadoghq.com/articles/kub...

by @mccune.org.uk
Kubernetes security fundamentals: PKI | Datadog Security Labs
A look at how PKI configuration in Kubernetes clusters works
securitylabs.datadoghq.com
July 15, 2025 at 7:49 AM
securitylabs.datadoghq.com
CVE-2025-48384: Git vulnerable to arbitrary file write on non-Windows systems

securitylabs.datadoghq.com/articles/git...
CVE-2025-48384: Git vulnerable to arbitrary file write on non-Windows systems | Datadog Security Labs
Learn more about the emerging vulnerability affecting Git.
securitylabs.datadoghq.com
July 11, 2025 at 8:02 AM
Reposted by Datadog Security Labs
christophetd.fr
Stratus Red Team AWS attack techniques are now mapped to the Threat Technique Catalog for AWS

Stratus Red Team AWS attack techniques: stratus-red-team.cloud/attack-techn...

Threat Technique Catalog by AWS: aws-samples.github.io/threat-techn...
June 23, 2025 at 12:04 PM
securitylabs.datadoghq.com
fwd:cloudsec is around the corner! Don't miss these 3 talks from Datadog researchers Seth Sec, Katie Knowles, Greg Foss, and Anthony Randazzo.

fwdcloudsec.org/conference/n...

@sethsec.bsky.social
@siigil.bsky.social
@gregfoss.com
June 27, 2025 at 9:02 PM
securitylabs.datadoghq.com
The obfuscation game: Threat actor targets Solidity developers via malicious VS Code extensions

securitylabs.datadoghq.com/articles/mut...

(published May 21, 2025)
The obfuscation game: MUT-9332 targets Solidity developers via malicious VS Code extensions | Datadog Security Labs
Analysis of a threat actor campaign targeting Solidity developers via three malicious VS Code extensions
securitylabs.datadoghq.com
June 2, 2025 at 3:28 PM
securitylabs.datadoghq.com
"Tales from the cloud trenches: The Attacker doth persist too much, methinks"

securitylabs.datadoghq.com/articles/tal...

New tactics observed include:
• Persistence-as-a-service with an external facing API Gateway
• Persistence through AWS SSO
• ConsoleLogin events from Telegram IP addresses
Tales from the cloud trenches: The Attacker doth persist too much, methinks | Datadog Security Labs
A cloud attack targeting Amazon SES and persistence via AWS Lambda, AWS IAM Identity Center and AWS IAM
securitylabs.datadoghq.com
May 15, 2025 at 2:15 PM
securitylabs.datadoghq.com
RedisRaider: Weaponizing misconfigured Redis to mine cryptocurrency at scale

securitylabs.datadoghq.com/articles/red...
RedisRaider: Weaponizing misconfigured Redis to mine cryptocurrency at scale | Datadog Security Labs
Learn how RedisRaider is targeting publicly accecesibly Redis servers to mine crypocurrency.
securitylabs.datadoghq.com
May 8, 2025 at 10:41 AM
Reposted by Datadog Security Labs
ikretz.bsky.social
My colleague, Sebastian Obregoso, and I had the privilege of writing a guest post for OpenSSF's blog on how we detect malicious open source packages at @securitylabs.datadoghq.com using GuardDog.

Check it out here: openssf.org/blog/2025/03...
GuardDog: Strengthening Open Source Security Against Supply Chain Attacks – Open Source Security Foundation
openssf.org
April 1, 2025 at 10:14 AM
securitylabs.datadoghq.com
The March edition of the Datadog Security Digest is out!

securitylabs.datadoghq.com/newsletters/...

• New MITRE ATT&CK coverage matrix in Stratus Red Team
• Compromised GitHub actions
• Malicious Maven packages
• Exploitation of SSRF vulnerabilities on the rise
• ... and more
Malicious Maven packages, SSRFs strike again, and stealing cloud credentials from web applications | Datadog Security Labs
This month’s digest has a little bit of everything—cloud threats, supply chain attacks, and a reminder that yes, attackers are still exploiting SSRFs.
securitylabs.datadoghq.com
March 27, 2025 at 10:21 PM