Preparing for Hacker Summer Camp and a new cloud image investigator
Welcome to the July 2025 edition of the Datadog Security Digest!
This month’s digest covers Hacker Summer Camp prep, a new cloud image investigator, and supply-chain vulnerabilities associated with the Open VSX Registry.
This newsletter was created by a real person, not a machine. Your curator of the month is Kennedy Toomey.
Hacker Summer Camp is quickly approaching
Check out our 2025 guide to Hacker Summer Camp to hear all about where we’ll be, as well as tips and tricks for the week. We’ve also compiled a list highlighting 50 talks we’re especially excited about across all areas of security. Our security researchers will be well represented at the various conferences, including six speaking sessions:
- Weaponizing Trust: Investigating a Threat Actor Targeting Security Researchers and Academics, DEF CON
- whoAMI: Discovering and exploiting a large-scale AMI name confusion attack, Cloud Village at DEF CON
- Docs, Demos, and DevRel: The Other Side of Tech, The Diana Initiative
- Detect malicious software packages with GuardDog, Black Hat Arsenal
- Emulate cloud-native attacks with Stratus Red Team, Black Hat Arsenal
- Generate datasets for common cloud attacks with Grimoire, Black Hat Arsenal
Cloud security
New tool investigator.cloud in preview
In conjunction with Seth Art’s research shared at fwd:cloudsec North America, we released a public preview of a new investigator.cloud tool to search and explore public cloud images, their lineage, and their file systems.
Entra ID behavior leads to privilege escalation vulnerability
Katie Knowles, one of our security researchers, details a vulnerability in Microsoft's Entra ID. Katie explains how service principals (SPs) can be used for persistence and privilege escalation by attackers that have access to an SP that is assigned an elevated role. If you missed Katie’s fwd:cloudsec North America talk, this post offers an excellent opportunity to learn about the research she presented.
Container security
New Python tool helps analyze Kubernetes clusters post-compromise
KubeForenSys is a new Python tool designed to automatically gather data from Kubernetes clusters and send the information to an Azure Log Analytics workspace. This tool was built to help with the analysis of Azure Kubernetes Service (AKS) clusters post-compromise.
NVIDIAScape: A new critical container escape vulnerability
According to Wiz researchers, over one-third of cloud environments are vulnerable to a new critical vulnerability in the NVIDIA Container Toolkit (NCT). The vulnerability allows malicious containers to gain full root access to the host machine.
AI and LLM security
How to reduce risk when developing with MCPs
Model Context Protocol (MCP) has many benefits that developers are eager to take advantage of, but it can introduce security concerns. This post explains threats that come with using MCP, along with ways to mitigate them.
Remote code execution in the popular mcp-remote project
A critical remote code execution (RCE) vulnerability has been discovered in the mcp-remote project. The vulnerability allows arbitrary OS command execution on machines that run mcp-remote when mcp-remote initiates a connection to an untrusted MCP server. This post highlights the severe risks of connecting to malicious or insecure MCP servers.
Benchmark for LLM coding accuracy and security
BaxBench is a new coding benchmark that assesses how well large language models (LLMs) can produce accurate and secure code. It includes a leaderboard to show the percentage of code that each model writes that is correct and secure.
Supply-chain security
Misused privileged credentials lead to critical vulnerability
A new critical vulnerability in the Open VSX Registry stemmed from a CI issue in which a secret token was exposed to both trusted and untrusted code. This vulnerability enabled attackers to publish or overwrite any extension, posing a significant supply-chain risk.
Ranking algorithm increases use of malicious packages
A malicious open source package that was disguised as a Solidity Language extension in the Open VSX Registry led to a crypto heist by compromising a blockchain developer's system. This attack was aided by the registry ranking algorithm, which has become an added factor in supply-chain attacks.
Threat detection and incident response
Arbitrary file write vulnerability found in Git
Datadog’s security researchers investigated CVE-2025-48384, a newly released high vulnerability present in many versions of the Git CLI and desktop client on non-Windows machines. This vulnerability allows arbitrary file write when you use the `--recursive` flag to clone untrusted repositories with submodules. Patches have been released to fix the vulnerability.
Malicious Homebrew installation campaign
A Google ad for Homebrew installation via GitHub led to a malicious version being installed. This post does a deep dive into the investigation of this malware campaign.
Community events and talks
Video recordings for fwd:cloudsec North America are available
The fwd:cloudsec North America conference took place in Denver, Colorado, on June 30–July 1. If you missed it, check out these talks from our security researchers:
- I SPy: Rethinking Entra ID research for new paths to Global Admin
- whoAMI: Discovering and exploiting a large-scale AMI name confusion attack
- Patience brings prey: lessons learned from a year of threat hunting in the cloud
Announcing the Datadog expansion pack of Backdoors & Breaches
Last month at DASH, we released a new Datadog expansion pack of Backdoors & Breaches, an incident response card game. If you’re interested, take a look at the gameplay guide or watch the announcement video.