Cloud Sovereignty, Active Exploits, and Critical Patches

Cloud providers emphasized sovereignty and tighter access controls, while defenders confronted active exploitation and urgent browser fixes. AWS detailed the European Sovereign Cloud in a new Sovereign Cloud framework, positioning auditable, EU-centric controls for regulated workloads. Alongside these preventive moves, threat activity against web stacks and enterprise software kept patching at the top of the to-do list.

Cloud Sovereignty and Access Controls

AWS published the European Sovereign Cloud Sovereign Reference Framework, aligning criteria across governance independence, operational control, data residency, and technical isolation, and mapping them to concrete controls. The framework builds on core capabilities—encryption, key management, access governance, and Nitro-based isolation—plus sovereign-specific measures such as independent EU corporate structures, EU-resident operations staff, strict metadata residency, separation from other Regions, and EU-based incident response. AWS plans independent validation, including a dedicated SOC 2 attestation, and makes the framework available via Artifact. For public sector and highly regulated customers, the package is intended as both design reference and evidence set to reduce bespoke audit requests; validation is targeted for completion in 2026. Why it matters: the approach aims to convert sovereignty expectations into testable controls and documentation.

In workforce security, AWS added category-based Web Content Filtering to WorkSpaces virtual browsing, centralizing policy enforcement and logging. The feature blocks URLs or domain categories, integrates with Session Logger for detailed records, and supports default-deny profiles and exceptions across multiple Regions at no extra cost. See Secure Browser. For identity flows, Amazon Cognito identity pools now support AWS PrivateLink, enabling retrieval of temporary AWS credentials over private interface endpoints rather than the public internet—useful for private subnets, IoT, and regulated applications. Availability spans Regions that support identity pools, excluding AWS China and GovCloud. Details: Cognito. Why it matters: both capabilities reduce exposure paths by moving inspection and exchange onto controlled, private planes with richer auditability.

Microsoft broadened its bug bounty to include any critical vulnerability that directly affects its online services, even when the flaw resides in third‑party or open‑source components. The change, announced at Black Hat Europe, makes current and new online services in-scope by default and aligns with the Secure Future Initiative. Reported payouts exceeded $17 million over the past year. Coverage: BleepingComputer. The move incentivizes research where service-level risk is highest, regardless of code ownership.

AI Capabilities and Safeguards

OpenAI signaled rising dual‑use risk as internal CTF-style scores jumped from 27% on a prior model to 76% on GPT‑5.1‑Codex‑Max. The company outlined defense‑in‑depth safeguards—access controls, infrastructure hardening, egress filtering, monitoring, targeted training, and end‑to‑end red teaming—plus a trusted access program and the private‑beta Aardvark agent for code scanning and patch proposals. OpenAI also plans a Frontier Risk Council to refine shared threat models. Coverage: Infosecurity. Why it matters: guardrails and evaluation programs are being adjusted as capabilities rise and security‑relevant assistance becomes more feasible.

Researchers evaluated AI agents against real‑world smart‑contract incidents using SCONE‑bench and found models could generate exploits with measurable economic impact, and even discover zero‑days in simulated tests. Results showed feasibility at modest API cost. Summary: Schneier. The findings underscore the need to pair AI‑informed defenses with retained human review and governance.

Google Cloud described a multi‑agent forecasting system combining a prediction agent with a data agent that assembles semantic, AI‑ready time series. Orchestrated via A2A and built on ADK and MCP interfaces, the approach runs across Vertex AI Agent Engine and other compute options, with Gemini Enterprise providing governance. The aim is to automate data wrangling and improve forecasting accuracy at enterprise scale. More: Google Cloud.

Actively Exploited: Patch and Mitigate

Cloudflare reported rapid scanning and exploitation attempts against React Server Components Flight protocol, dubbed React2Shell (CVE‑2025‑55182, CVSS 10), caused by unsafe deserialization that enables unauthenticated RCE via a crafted request. Cloudflare observed hundreds of millions of WAF hits tied to React2Shell rules, published IoCs and WAF identifiers, and stressed that network protections complement but do not replace patching. Two related issues (CVE‑2025‑55183, CVE‑2025‑55184) were also disclosed. Threat brief: Cloudflare. Why it matters: popular frameworks present large attack surfaces, and exploitation followed within hours of disclosure.

Google Chrome shipped emergency desktop updates after confirming in‑the‑wild exploitation tied to Chromium bug 466192044. Media coverage cites a LibANGLE buffer overflow affecting the ANGLE Metal renderer and notes this is the eighth Chrome zero‑day patched in 2025. Administrators should accelerate deployment while some technical details remain restricted. Coverage: BleepingComputer.

Researchers also detailed active exploitation of a cryptographic flaw in Gladinet CentreStack/Triofox that allows attackers to forge access tickets, exfiltrate secrets, and pivot to RCE via ViewState deserialization. Fixes and IoCs are available, and upgrades to the recommended version plus key rotation are advised. Coverage: BleepingComputer. Separately, an unpatched zero‑day in self‑hosted Gogs is being exploited at scale using a symlink path‑traversal technique in the PutContents API to force arbitrary command execution; administrators should disable open registration, restrict exposure, and audit for indicators. Details: BleepingComputer.

Industrial and Enterprise Exposures

CISA published an advisory for Siemens engineering products using an IAM client that fails to validate server certificates during TLS, enabling man‑in‑the‑middle attacks (CVE‑2025‑40800; CVSS v4 base 9.1). Siemens released updates for multiple product lines and guidance via SSA‑868571. Advisory: CISA. In access control systems, Johnson Controls iSTAR door controllers have two OS command injection flaws that can allow full device compromise; firmware upgrades are available (pre‑6.9.7.CU01 and pre‑6.9.3 affected depending on model). Advisory: CISA. For both, CISA reiterates segmentation, minimal exposure, and secure remote access.

Ivanti Endpoint and Patch Management received a critical fix (CVE‑2025‑10573, CVSS 9.6) for an unauthenticated XSS pathway that can hijack admin sessions via forged device scan data, with additional code‑execution flaws addressed in the same release. The vendor urges immediate upgrades to EPM 2024 SU4 SR1 and warns that the 2022 release is end‑of‑life. Coverage: CSO Online. Why it matters: endpoint management platforms are high‑leverage targets for lateral movement and mass deployment.

Separately, research highlights unsafe default behaviors in legacy .NET proxy classes that accept non‑HTTP schemes, enabling file writes and potential RCE when untrusted URLs or WSDLs are processed; multiple vendors have issued patches or guidance, but Microsoft won’t change Framework behavior. Analysis: CSO Online. And new hardware work labeled Battering RAM shows low‑cost DDR4 interposers can subvert encrypted enclave memory at runtime, impacting SGX and AMD SEV assumptions; vendors characterized this as out‑of‑scope due to physical manipulation. Overview: CSO Online. The findings reinforce that confidential computing models depend on both architectural choices and realistic threat boundaries.