The State of Cloud Security, MCP Risks, and Azure vulnerabilities
Welcome to the October 2025 edition of the Datadog Security Digest!
This month, we've got another set of interesting stories from different corners of the security landscape , including insights into real-world cloud security practices, more risks emerging in the LLM and MCP fields, and some serious weaknesses in cloud security platforms.
This newsletter was created by a real person, not a machine. Your curator of the month is Rory McCune
State of Cloud Security
Datadog's State of Cloud Security report highlights that many organizations continue to leave key resources vulnerable to known exploits and potential attacks, and identifies some of the key practices that can improve their security.
Cloud Security
One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens
Dirk-jan Mollema's research into Azure security and how it was possible to get global admin on every Entra ID tenant is a fascinating look into the complexity of handling IAM at cloud scale, and how serious risks can appear in complex systems.
Adding Determinism and Safety to Uber IAM Policy Changes
Another story on the topic of IAM complexity comes from Uber, in this post that details how they handle policy simulation as a means to reduce the risk of IAM changes.
AI Security
From MCP to Shell
With MCP servers taking off quite rapidly, it's important to understand how they can be abused and some of the vectors that attackers might try to exploit. This article from Veria Labs details some of the risks that might be presented by a malicious MCP server.
First Malicious MCP in the Wild: The Postmark Backdoor That's Stealing Your Emails
We're also starting to see real-world examples of the malicious MCP servers. In this story, Koi details a malicious MCP server that copied email data that it processed. As with any code that handles sensitive data, it's important to ensure that MCP servers go through proper security reviews.
A small number of samples can poison LLMs of any size
On the more academic side of LLM security, recent research detailed in this post from Anthropic reveals how attackers may be able to poison LLM training datasets. Given the incentives for attackers to poison LLMs so they produce specific desired results, the news that it's easier to achieve than previously thought will require organizations training their own LLMs to add more defenses.
Threat Detection and Incident Response
Oracle patches EBS zero-day exploited in Clop data theft attacks
This story details an instance of attackers exploiting a zero-day in Oracle's EBS server as part of a data theft attack. While it initially appeared that attackers were exploiting an existing vulnerability, it later became clear that they had access to a zero-day to carry out the attacks.
Anatomy of a BEC in 2025
Business email compromise (BEC) attacks are a fact of life in 2025, and one that organizations need to give serious attention to. This post from Invictus gives an in-depth breakdown of a BEC attack that they dealt with. The attack has some interesting details, including the method the attackers used to bypass MFA protection on their accounts.