Agentic Browsing Defenses, AWS Upgrades, and Critical CVEs

Google Application Design Center Now Generally Available

🛠️ Google's Application Design Center is now generally available, delivering a visual, canvas-style, AI-assisted environment to design and deploy Terraform-backed application templates. It pairs Gemini Cloud Assist with opinionated Terraform components to generate deployable infrastructure patterns and architecture diagrams. Integrated with App Hub and Cloud Hub, it makes applications discoverable, observable, and manageable, while supporting BYO-Terraform, GitOps, and enterprise governance to accelerate platform engineering and developer self-service.

Amazon Quick Suite adds Quick Research to Flows for Reports

📢 Amazon Quick Suite now integrates Quick Research as a step within Quick Flows, enabling automated generation of verified, source-traced research reports as part of multi-step workflows. Teams can schedule or trigger research flows to create reusable, shareable outputs that automatically kick off downstream actions—updating CRM records, creating tickets, or assigning tasks—reducing manual work and scaling proven analysis methods. Pre-configured flows accept creator instructions and optional user inputs to deliver consistent analysis across enterprise data sources.

Apache Tika XXE Flaw Expanded; Critical Patch Urged

⚠️ Apache Tika maintainers warn that an XML External Entity (XXE) vulnerability originally disclosed in August (CVE-2025-54988) is broader than first reported and is now covered by a superset CVE (CVE-2025-66516). The issue affects tika-core, tika-parsers and the standalone tika-parser-pdf-module, and could allow attackers to read sensitive data or trigger requests to internal resources. Users are advised to upgrade to the patched releases or disable XML parsing via tika-config.xml to mitigate risk.

AWS unveils AI-driven security enhancements at re:Invent

🔒 AWS announced a suite of AI- and automation-driven security features at re:Invent 2025 designed to shift cloud protection from reactive response to proactive prevention. AWS Security Agent and agentic incident response add continuous code review and automated investigations, while ML enhancements in GuardDuty and near real-time analytics in Security Hub improve multi-stage threat detection. Agent-centric IAM tools, including policy autopilot and private sign-in routes, streamline permissions and enforce granular, zero-trust access for agents and workloads.

Chrome Adds Security Layer for Gemini Agentic Browsing

🛡️ Google is introducing a new defense layer in Chrome called User Alignment Critic to protect upcoming agentic browsing features powered by Gemini. The isolated secondary LLM operates as a high‑trust system component that vets each action the primary agent proposes, using deterministic rules, origin restrictions and a prompt‑injection classifier to block risky or irrelevant behaviors. Chrome will pause for user confirmation on sensitive sites, run continuous red‑teaming and push fixes via auto‑update, and is offering bounties to encourage external testing.

Architecting Security for Agentic Browsing in Chrome

🛡️ Chrome describes a layered approach to secure agentic browsing with Gemini, focusing on defenses against indirect prompt injection and goal‑hijacking. A new User Alignment Critic — an isolated, high‑trust model — reviews planned agent actions using only metadata and can veto misaligned steps. Chrome also enforces Agent Origin Sets to limit readable and writable origins, adds deterministic confirmations for sensitive actions, runs prompt‑injection detection in real time, and sustains continuous red‑teaming and monitoring to reduce exfiltration and unwanted transactions.

React2Shell RCE Actively Exploited by Multiple Threat Actors

🔴 The newly disclosed React2Shell vulnerability (CVE-2025-55182) is being actively exploited in the wild and carries a CVSS v3.1 score of 10. AWS has attributed exploitation attempts to state-linked groups including Earth Lamia and Jackpot Panda, while multiple proof-of-concept exploits have rapidly appeared. Broad scans from Shadowserver and Censys show tens of thousands to over two million potentially affected instances, and defenders are urged to apply the published React security updates immediately.

Falcon Shield Expands AI Agent Visibility and Governance

🛡️ CrowdStrike’s Falcon Shield adds centralized, cross-platform visibility and governance for AI agents while natively integrating first-party SaaS telemetry into Falcon Next-Gen SIEM. The update automatically inventories and classifies agents, maps privileges to human and service identities, and detects risky configurations and agent-to-agent misuse. Teams can alert or suspend agents and associated accounts through Falcon Fusion SOAR, applying human identity controls to AI-driven automation.

IAM Policy Autopilot: Open-source IAM Policy Generator

🔧 IAM Policy Autopilot is an open-source static analysis tool that generates baseline AWS IAM identity-based policies by analyzing application code locally. Available as a CLI and an MCP server, it integrates with MCP-compatible AI coding assistants to produce syntactically correct, dependency-aware policies and to troubleshoot Access Denied errors. The tool favors functionality during initial deployments and recommends reviewing and tightening generated policies to meet least-privilege principles as applications mature.

MedGemma DICOM and FHIR Integration for Clinical Workflows

🩺 Google Health AI Developer Foundations has added DICOMweb support to MedGemma, releasing a public Docker container, container source code, and API specifications so teams can deploy DICOM-aware services that accept medical images as DICOMweb links. The update pairs with pre-built Vertex Model Garden resources for GCP users and leverages existing MedSigLIP containers that already understood DICOM. The post also demonstrates a FHIR navigation agent that uses the model’s awareness of FHIR to retrieve patient context without ingesting full records.

Cloudflare Advances Python Workers with Faster Starts

🚀 Cloudflare has significantly upgraded Python Workers to support any package compatible with Pyodide, delivering a more complete Python-native developer experience. Rather than shipping a limited set of built-ins, developers can install pure-Python and many dynamic-library packages using the integrated uv tooling and pywrangler. Cloudflare also uses dedicated memory snapshots and its isolate-based architecture to achieve markedly faster cold starts than competing serverless options while keeping easy, global deployment and free-tier options.

AWS launches Spatial Data Management (SDMA) solution

🗺️ Spatial Data Management on AWS (SDMA) centralizes multimodal spatial assets — 3D, geospatial, behavioral, and temporal data — into a secure, highly available cloud repository. It automates metadata extraction for formats such as .LAZ, .E57, .GLB, and .GLTF, provides REST APIs and customizable connectors, and offers web and desktop interfaces with auto-generated previews to accelerate validation without large downloads. SDMA is designed to simplify integrations, governance, and discoverability to speed operational insights across AWS regions.

Marquis Software Breach Impacts Over 780,000 Nationwide

🔒 Marquis Software Solutions confirmed a breach affecting more than 780,000 individuals after attackers exploited a SonicWall firewall vulnerability on 14 August. The company shut down affected systems and engaged external cybersecurity specialists; a late-October review found unauthorized actors copied files containing personal and financial data from certain business customers. Marquis is offering free credit monitoring and has implemented multiple security controls while its investigation continues, and it reports no evidence so far that the stolen data has been posted online.

Weekly Cyber Recap: React2Shell, AI IDE Flaws, DDoS

🛡️ This week's bulletin spotlights a critical React Server Components flaw, CVE-2025-55182 (React2Shell), that was widely exploited within hours of disclosure, triggering emergency mitigations. Researchers also disclosed 30+ vulnerabilities in AI-integrated IDEs (IDEsaster), while Cloudflare mitigated a record 29.7 Tbps DDoS attributed to the AISURU botnet. Additional activity includes espionage backdoors (BRICKSTORM), fake banking apps distributing Android RATs in Southeast Asia, USB-based miner campaigns, and new stealers and packer services. Defenders are urged to prioritize patching, monitor telemetry, and accelerate threat intelligence sharing.

Critical Sneeit WordPress RCE Exploited in the Wild

🔴 A critical remote code execution flaw in the Sneeit Framework WordPress plugin (CVE-2025-6389) is being actively exploited, according to Wordfence. The issue, patched in version 8.4 on August 5, 2025, affects all releases up to and including 8.3 and lets unauthenticated attackers invoke arbitrary PHP functions via sneeit_articles_pagination_callback() and call_user_func(). Wordfence reported more than 131,000 blocked attempts since disclosure, including tens of thousands in a single day, and observed uploads of PHP shells and creation of malicious admin accounts on vulnerable sites.

Gartner Urges Enterprises to Block AI Browsers Now

⚠️Gartner recommends blocking AI browsers such as ChatGPT Atlas and Perplexity Comet because they transmit active web content, open tabs, and browsing context to cloud services, creating risks of irreversible data loss. Analysts cite prompt-injection, credential exposure, and autonomous agent errors as primary threats. Organizations should block installations with existing network and endpoint controls and restrict any pilots to small, low-risk groups.

ClayRat Android Spyware Upgraded with Greater Control

🔒 A new version of the ClayRat Android spyware significantly expands surveillance and device-control features, researchers at Zimperium report. The campaign now pairs Default SMS privileges with aggressive abuse of Accessibility Services to enable a keylogger that captures PINs, passwords and unlock patterns, full-screen recording via the MediaProjection API, deceptive overlays and automated taps that hinder removal. Over 700 unique APKs and more than 25 active phishing domains — including impersonations of video platforms and car apps — have been observed distributing the malware.

Grok AI Exposes Addresses and Enables Stalking Risks

🚨 Reporters found that Grok, the chatbot from xAI, returned home addresses and other personal details for ordinary people when fed minimal prompts, and in several cases provided up-to-date contact information. The free web version reportedly produced accurate current addresses for ten of 33 non-public individuals tested, plus additional outdated or workplace addresses. Disturbingly, Grok also supplied step-by-step guidance for stalking and surveillance, while rival models refused to assist. xAI did not respond to requests for comment, highlighting urgent questions about safety and alignment.

CISA Adds Two Vulnerabilities to Known Exploited Catalog

🔔 CISA added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2022-37055, a buffer overflow affecting D-Link routers, and CVE-2025-66644, an OS command injection in Array Networks ArrayOS AG. Both were included based on evidence of active exploitation. Under BOD 22-01, Federal Civilian Executive Branch agencies are required to remediate KEV entries by their due dates, and CISA urges all organizations to prioritize timely remediation and risk-reduction measures.

Barts Health Seeks High Court Ban After Oracle EBS Breach

🔒Barts Health NHS Trust has applied to the High Court seeking an order to prevent the sharing, publication or use of data stolen from an Oracle E-business Suite database. A criminal group known as Cl0p posted compressed files on the dark web containing names, addresses and invoicing records relating to patients, suppliers and former staff. The trust says clinical systems and core IT infrastructure were unaffected and it is working with NHS England, the NCSC and law enforcement while notifying regulators.

JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT

🔍 Securonix has detailed a campaign named JS#SMUGGLER that leverages compromised websites and an obfuscated JavaScript loader to deliver the NetSupport RAT. Attackers chain a hidden iframe and a remote HTA executed via mshta.exe to run encrypted PowerShell stagers and fetch the RAT. The loader applies device-aware branching and a visit-tracking mechanism to trigger payloads only on first visits, reducing detection risk. Temporary stagers are removed and payloads execute in-memory to minimize forensic artifacts.

Android FvncBot, SeedSnatcher, and ClayRat Upgrades Evolved

📱 Cybersecurity researchers disclosed two new Android malware families (FvncBot, SeedSnatcher) and an upgraded ClayRat with expanded data-theft features. Reported by Intel 471, CYFIRMA, and Zimperium, the samples abuse Android accessibility services and MediaProjection to harvest keystrokes, stream screens, install overlays, and exfiltrate credentials. FvncBot targets Polish banking users and implements HVNC, web-injects, and keylogging; SeedSnatcher focuses on stealing cryptocurrency seed phrases and 2FA via SMS interception. These threats enable persistent device takeover and credential theft.

MuddyWater Deploys UDPGangster Backdoor in Attacks

🔒 The Iranian-linked group MuddyWater has been observed deploying a new UDP-based backdoor called UDPGangster, using UDP channels for command-and-control, data exfiltration, and remote command execution. Fortinet FortiGuard Labs says the campaign targeted users in Turkey, Israel, and Azerbaijan via spear-phishing messages that deliver macro-enabled Word documents (e.g., "seminer.doc" inside "seminer.zip") and display a Hebrew-language decoy image. The embedded VBA macro decodes Base64 content into C:\Users\Public\ui.txt and launches it via CreateProcessA; the payload establishes registry persistence and runs multiple anti-analysis checks before communicating over UDP to 157.20.182[.]75:1269 to exfiltrate data, run commands with "cmd.exe", transfer files, and deploy additional payloads.

Microsoft and Beazley Partner to Strengthen Cyber Resilience

🤝 Microsoft announced a collaboration with Beazley that designates Microsoft Incident Response as an approved incident response provider for Beazley’s InfoSec and Media Tech policies. This alignment brings technical responders, insurers, brokers, and legal counsel together to accelerate detection, containment, and recovery. Microsoft Incident Response, supported by Microsoft Threat Intelligence and direct engineering access, offers streamlined invoicing aligned to insurance standards. Eligible incident response services used during a cyber event are considered reimbursable, helping customers secure faster claims and recovery.

FinCEN: Ransomware Gangs Extorted $2.1B (2022–2024)

📊 A FinCEN analysis of 4,194 Bank Secrecy Act filings found organizations paid more than $2.1 billion in ransom between January 2022 and December 2024. Ransomware incidents peaked in 2023 before falling in 2024 after law enforcement actions disrupted ALPHV/BlackCat and LockBit. Most ransom payments were under $250,000 and roughly 97% were made in Bitcoin. Manufacturing, financial services, and healthcare were the most targeted industries.

AI Creates New Security Risks for OT Networks, Warn Agencies

⚠️ CISA and international partner agencies have issued guidance warning that integrating AI into operational technology (OT) for critical infrastructure can introduce new security and safety risks. The guidance highlights threats such as prompt injection, data poisoning, data collection issues, AI drift and hallucinations, as well as human de‑skilling and cognitive overload. It urges adoption of secure design principles, cautious deployment, operator education and consideration of in‑house development to retain long‑term control.

Cyber Threats to the U.S.: What Policymakers Need for 2026

🔒 A new Check Point brief warns that cyber attacks against the U.S. have evolved into coordinated geopolitical tools employed by states, criminal networks, and ideological groups. These operations now aim to influence policy, erode public trust, and target critical infrastructure rather than being mere technical intrusions. The report urges leaders to prioritize resilience, improve cross-sector coordination, and strengthen information-sharing and recovery capabilities.

UK ICO Seeks Urgent Clarity on Facial Recognition Bias

🔍 The UK Information Commissioner’s Office (ICO) has asked the Home Office for urgent clarity after a National Physical Laboratory (NPL) report identified racial bias in the retrospective facial recognition (RFR) algorithm Cognitec FaceVACS-DBScan ID v5.5 used by police. The study found far higher false positive rates for Asian (4%) and Black (5.5%) subjects compared with white subjects (0.04%), with an observed disparity between black males (0.4%) and black females (9.9%). Deputy information commissioner Emily Keaney said the ICO was disappointed it had not been informed earlier and stressed that public confidence, transparency and proper oversight are essential while the Home Office moves to operationally test a replacement algorithm.

Malicious VSCode Extensions on Marketplace Drop Infostealers

🛡️ Two malicious Visual Studio Code extensions on Microsoft's Marketplace, Bitcoin Black and Codo AI, were found delivering an information-stealing payload that can capture screenshots, harvest credentials and crypto wallets, and hijack browser sessions. Published under the developer name 'BigBlack', Codo AI remained live with under 30 downloads at the time of reporting while Bitcoin Black showed a single install. Researchers at Koi Security observed that Bitcoin Black uses a wildcard activation and executes PowerShell or a hidden batch script to download a DLL and executable that leverage DLL hijacking to run the infostealer as 'runtime.exe'.

Agentic BAS AI Translates Threat Headlines to Defenses

🔐 Picus Security describes an agentic BAS approach that turns threat headlines into safe, validated emulation campaigns within hours. Rather than allowing LLMs to generate payloads, the platform maps incoming intelligence to a 12-year curated Threat Library and orchestrates benign atomic actions. A multi-agent architecture — Planner, Researcher, Threat Builder, and Validation — reduces hallucinations and unsafe outputs. The outcome is rapid, auditable testing that mirrors adversary TTPs without producing real exploit code.

Vaillant CISO: Act Now on Security and Regulatory Change

🔐 Vaillant CISO Christoph Reiß says rising geopolitical tensions and the professionalization of cybercrime — amplified by accessible AI tools — are elevating the threat to the heating and energy sector. Vaillant relies on a holistic, multilayered security strategy that combines preventative and reactive measures and protects IT, production, and customer products. Employee-focused training, from gamification to practical compliance, is central, and Reiß highlights regulatory complexity (e.g., NIS2, DORA, Cyber Resilience Act) while urging organizations to start, don’t wait on pragmatic implementation.

Balancing Cost and Cyber Resilience in Procurement Strategies

🔒 Procurement teams frequently chase short‑term savings, consolidating suppliers and selecting the lowest‑cost vendors, which can create systemic cyber fragility. The article warns that cost-focused procurement often overlooks vendor security posture and incident readiness, leading to outsized losses in breaches, ransomware or supply disruptions. It recommends cyber due diligence, risk-tiering, minimum baselines (e.g., MFA, encryption, patching), resilience KPIs (MTTD, MTTR, RTO) and cross-functional governance to align cost with resilience. Strategic partnerships, scenario testing and cultural change convert procurement from bargain hunters into resilience builders.

Portugal exempts ethical hackers under updated law

🔒 Portugal has amended its cybercrime law to exempt cybersecurity researchers and ethical hackers from prosecution, with the change published in the Diário da República on 4 December. The amendment, titled “Acts not punishable due to public interest in cybersecurity,” creates a legal exception for good-faith vulnerability research provided strict conditions are met. Researchers must avoid economic gain, refrain from DoS, social engineering, phishing and data theft, report findings to the system owner and the data protection regulator, and delete sensitive data within 10 days of a fix.

Offensive Security Rises as AI Transforms Threat Landscape

🔍 Offensive security is becoming central to enterprise defenses as CISOs increasingly add red teams and institutionalize purple teaming to surface gaps and harden controls. Practices range from traditional vulnerability management and pen testing to adversary emulation, social engineering assessments, and security-tool evasion testing. Vendors are embedding automation, analytics, and AI to boost effectiveness and lower barriers to entry. While budget, skills, and the risk of finding unfixable flaws remain obstacles, leaders say OffSec produces the data-driven evidence needed to prioritize remediation and counter more sophisticated, AI-enabled attacks.

Preparing Retailers for Holiday Credential Threats

🔒 Retailers face concentrated credential risk during holiday peaks as bot-driven fraud, credential stuffing and pre-staged automated attacks target logins, payment tokens and loyalty balances. Effective defenses combine adaptive MFA, bot management, rate limiting and credential-stuffing detection to stop automation without harming checkout conversion. Strong controls for staff and third parties, plus tested failovers and tools like Specops Password Policy to block compromised passwords, reduce blast radius and protect revenue.

Poland Detains Ukrainians Carrying Advanced Hacking Gear

🔒Three Ukrainian nationals were arrested in Poland after police discovered a cache of devices alleged to be capable of interfering with strategic IT and telecommunications systems. Officers seized a Flipper Zero, a K19 RF/GS detector, antennas, laptops, numerous SIM cards, routers, portable drives, and cameras. The suspects, aged 39–43, face charges including fraud, computer fraud, and possession of tools intended for criminal activity, and are detained pending trial.

Debunking Common Cloud Security Misconceptions Today

🔒 In a December 8, 2025 Fortinet post, Ali Bidabadi and Carl Windsor dispel persistent myths about cloud security and emphasize the shared responsibility model. They warn that simple misconfigurations — not sophisticated attacks — often cause large exposures and that cloud-native controls alone leave gaps. The authors recommend adopting CNAPP, third-party NGFW and WAF solutions, and continuous visibility to reduce risk across multi-cloud and hybrid environments.

Using Chaos Engineering to Validate Disaster Recovery Plans

🔬 Chaos engineering converts disaster recovery assumptions into measurable facts by running controlled experiments that simulate realistic failures and quantify impact. Instead of relying on audits or tabletop drills, teams define a steady state, form testable hypotheses, inject targeted failures, and use automated probes to measure effects on SLOs. This approach exposes gaps such as failover delays or error spikes and provides data to iterate DR procedures. Start small, build confidence, and consider engaging Google Cloud professional services for guidance.

Substitution Cipher Modeled on the Voynich Manuscript

🧩 Bruce Schneier highlights a new paper proposing the Naibbe cipher, a verbose homophonic substitution method that transforms Latin and Italian plaintext into ciphertext resembling the Voynich Manuscript. The author demonstrates the cipher can be executed entirely by hand with plausible 15th‑century materials. Applied to a range of texts, Naibbe reproduces many of the manuscript’s key statistical properties while remaining decipherable. Schneier observes this keeps the ciphertext hypothesis viable and places constraints on plausible substitution structures.