New Platform Defenses, RSC Exploits, and Apple Zero‑Day Patches

Enterprises saw a prevention-first slate of updates today. CrowdStrike detailed new, platform-native prioritization and AI-aware visibility in Falcon Exposure Management to accelerate remediation, while AWS expanded Dedicated Local Zones to strengthen data residency and sovereignty for regulated workloads. Against this backdrop, organizations also faced urgent patching and monitoring for active web exploitation and targeted mobile browser attacks.

Platform Controls and Sovereign Cloud Options Expand

CrowdStrike introduced enhancements to Falcon Exposure Management that fuse global scoring with host-level telemetry to deliver a single, prioritized “fix first” path and continuous coverage across agented and agentless assets. The update adds an Exposure Prioritization Agent, AI Discovery to find local LLMs and AI components, a Risk Knowledge Base, and a Trusted Credential Framework for one-time authenticated assessments — all feeding the Falcon Enterprise Graph and automations. Early deployments report sharp reductions in workload and faster triage, indicating tangible efficiency gains when exposure data is integrated and actionable. The company outlines the changes and outcomes in Falcon Exposure.

Google Cloud made Gemini Live API generally available on Vertex AI, enabling real-time, multimodal agents that can interpret voice, vision, and text with low latency and natural turn-taking. Enterprises can deploy at scale with multi‑region options and data residency controls, and early users cite measurable gains in customer support and interactive assistants. The announcement highlights performance consistency and compliance-focused deployment choices in Gemini Live. Why it matters: native audio models and unified reasoning reduce integration overhead and improve responsiveness for mission-critical voice and video workflows.

AWS broadened the service set in Dedicated Local Zones — private, customer‑dedicated infrastructure — with newer EC2 generation 7 instances for AI/HPC, expanded S3 options including Express One Zone and One Zone‑IA, higher‑performance EBS volumes and local snapshots, and managed services for automation and databases. Security controls mirror Region standards, supporting encryption, inspection, and audit for sovereign-by-design deployments, as detailed in Local Zones. In parallel, AWS extended Enhanced mode in DataSync to accelerate high‑scale, on‑prem NFS/SMB to S3 transfers with parallelized throughput and richer metrics — a practical boost for AI training sets, analytics pipelines, and migrations, described in DataSync.

Advisories and Active Exploitation

Google Threat Intelligence reported diverse clusters exploiting CVE‑2025‑55182 (React Server Components) immediately after disclosure, using the unauthenticated RCE to deploy tunneling tools, downloaders, backdoors, and miners. Observed behaviors include hidden directories, process killing, cron/systemd persistence, shell profile injection, timestomping, and use of legitimate cloud services for configuration retrieval. Recommended actions include immediate framework updates to fixed microversions, WAF rules, dependency audits, and hunts for IOCs; selected domains, IPs, hashes, and YARA rules are provided in Google TI. Why it matters: exploitation began within hours of disclosure, underscoring the need for rapid patch pipelines for app-layer dependencies.

Apple shipped emergency fixes for two WebKit zero‑days — CVE‑2025‑43529 (use‑after‑free RCE) and CVE‑2025‑14174 (memory corruption) — following reports of in‑the‑wild, highly targeted exploitation. Updates span iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and Safari across supported device families, and users are urged to install promptly. Coordinated disclosure with Google also tied a related Chrome bug to CVE‑2025‑14174. Details are summarized by BleepingComputer. Complementing this, CISA added CVE‑2025‑14174 to the Known Exploited Vulnerabilities Catalog, triggering BOD 22‑01 remediation timelines for federal agencies; guidance appears in CISA KEV.

Beyond the critical RSC remote code execution, the React project released additional fixes for related flaws: pre‑auth denial‑of‑service (CVE‑2025‑55184, CVE‑2025‑67779) and information disclosure (CVE‑2025‑55183). Impacted packages include react‑server‑dom‑parcel, react‑server‑dom‑turbopack, and react‑server‑dom‑webpack across 19.0.x–19.2.x branches; users should update to 19.0.3, 19.1.4, or 19.2.3. Coverage and affected versions are outlined by The Hacker News.

CISA also urged remediation of an unauthenticated XML External Entity flaw in GeoServer (CVE‑2025‑58360) after adding it to the KEV list, citing active exploitation. The issue in versions ≤2.26.1 can be triggered via crafted XML to the /geoserver/wms GetMap endpoint, enabling file retrieval, SSRF, and potential denial of service without authentication. Internet exposure remains significant, increasing risk to public‑facing deployments. Agencies must remediate by the BOD 22‑01 deadline; details and exposure estimates appear via BleepingComputer.

Coupang Breach and Offboarding Gaps

Coupang confirmed a breach impacting 33.7 million customers, with police linking the incident to a former employee who allegedly retained access after leaving. The intrusion occurred in June and was detected in November; authorities conducted raids for digital evidence, and the company’s CEO resigned and apologized. Regulators criticized terms-of-service changes and demanded remediation measures, while reports of phishing and impersonation surged. The case underscores the consequences of delayed detection and weak offboarding controls, as reported by BleepingComputer.

AI Security Playbooks and Data Foundations

Google published its Cybersecurity Forecast 2026, emphasizing agentic automation in SOC workflows and the need for workforce AI fluency to govern and validate machine‑speed defenses. The report flags adversary use of prompt injection, deepfakes, and modular malware, and recommends model‑validation layers, agent‑aware identity controls, AI health monitoring, and integrating AI resilience into business continuity and incident response. The perspective and control set are summarized in Forecast 2026. In parallel, OpenAI outlined an expanded defense‑in‑depth program — including a Frontier Risk Council, tighter guardrails, external red‑team testing, a trusted access program, and broader use of its Aardvark agent — to constrain offensive uses of its models, detailed by CSO Online.

Underpinning these defenses, Google Cloud highlighted real‑time data innovations across its platform: deeper Gemini integration with BigQuery, a Data Engineering Agent, autonomous vector embeddings for multimodal data, and strengthened metadata governance via Dataplex Universal Catalog, alongside Kafka, Pub/Sub, and Dataflow enhancements for streaming operations. The company positions these capabilities as a foundation for AI‑native, governed data pipelines in Data Cloud. A companion guide shows how to surface Looker’s semantic layer to Gemini Enterprise via an intermediary MCP server and ADK agents — a pattern that reduces hallucinations by grounding assistants in trusted metrics, described through MCP Toolbox.