Principal Security Architect & Partner at o3c.no, CloudSec Researcher. Find me at bsky
Joined August 2012
- Tweets 1,304
- Following 721
- Followers 824
- Likes 3,122
135 Photos and videos
Every supply-chain attack affecting the npm ecosystem, the most common apps I find vulnerable are the vibe-coded ones due to lack of version pinning..
If @Cursor and other coding platforms make pinning the default, we'll see less runtime environments affected.
1
2
120
Karim El-Melhaoui retweeted
27 Nov 2025
Shai-Hulud 2.0, a tale of 4 graphs: many numbers have made the news in regards to this story - such as 800 compromised packages - but visualizing the data clearly shows the potential impact of hijacking even a small set of key packages (in terms of prevalence or dependents):
1
9
24
2,414
šØ New Shai-Hulud-style npm attack hitting 25k repos and growing fast.
Devs & CI/CD exposed via malicious preinstall. Wiz Research has detection mitigation.
Details: wiz.io/blog/shai-hulud-2-0-oā¦
4
46
89
82,954
Karim El-Melhaoui retweeted
7 Aug 2025
The schedule for fwd:cloudsec Europe is out, with a single track of high-quality talks over 2 days, along with āBirds of a Featherā interactive sessions!
fwdcloudsec.org/conference/eā¦
Some sponsorship opportunities are still available
3
14
1,541
30 Jul 2025
Great work by the @SpecterOps team adding Entra ID to GitHub attack paths! Will officially archive once I can validate it supports OIDC github.com/O3-Cyber/oidc-codā¦
9
234
30 Jun 2025
Iām left wondering how many unpaid AWS bills are related to this.
6 Jun 2025
Credit Card Update!
After 14 weeks, the program to audit unused/unneeded credit cards has expanded to 55 agencies resulting in ~610k de-activated cards.
As a reminder, at the start of the audit, there were ~4.6M active cards/accounts; more work to do!
2
335
29 May 2025
Front row seat on @paulschwarzen session presenting OWASP Domain Protect at @AppSecEU š
2
153
27 May 2025
Reminder that the fwd:cloudsec Europe 2025 Call for Papers is open!
First time speakers who requested feedback by May 30th and meet the submission criteria will receive feedback on how to improve during the second round.
For more: fwdcloudsec.org/conference/eā¦
6
10
1,443
7 Apr 2025
What happens if a lambda that puts an event to an S3 triggers on the same S3ā¦ I canāt afford to find out
1
190
Karim El-Melhaoui retweeted
1 Apr 2025
šāāļøMeet ImageRunner: A privilege escalation vulnerability I discovered in GCP Cloud Run.
Thank you for the @GoogleVRP team for working closely with us on this one.
*Stay tuned for more blogs to come!
tenable.com/blog/imagerunnerā¦
4
23
1,045
Karim El-Melhaoui retweeted
23 Feb 2025
š CloudSecList Issue 276 just got released, w/ content from @HuntressLabs @elasticseclabs @O3CYBER @InvictusIRand more!
cloudseclist.com/issues/issuā¦
2
5
964
18 Feb 2025
Last week, we presented our latest research into Azure and OIDC where we also released our latest tool for mapping attack paths between Azure and GitHub
o3c.no/knowledge/tool-releasā¦
2
3
351
18 Feb 2025
.. Rather than maintaining a poorly written niche tool, we hope that the functionality will be adopted by more prevalent and tools such as BloodHound or commercial offerings such as Wiz Code.
1
106
Karim El-Melhaoui retweeted
13 Feb 2025
This looks like another security incident that may have been caused by "request collapsing". If you use AWS CloudFront, I encourage you to read an older blog post I wrote on this "feature" as it does something many don't expect. swedenherald.com/article/norā¦
wiz.io/blog/preventing-risk-ā¦
1
5
35
2,643
šļø The podcast that CISOs share in their private channels is *back*! š
Thank you to our guests for making the first 2 seasons incredible.
This week: @AmitaiCo & Eden Naftali chat with @karimscloud on open-source dangers & stronger security standards.
š§ Ready for S3?
2
3
12
1,489
Karim El-Melhaoui retweeted
7 Feb 2025
AWS just released RCP examples to prevent OIDC misconfigurations from many third-party vendors. š github.com/aws-samples/resouā¦
This prevents the problem I wrote about here: wiz.io/blog/avoiding-mistakeā¦
13
80
3,906