Cloud AI Upgrades, KEV Additions, and Active Edge Campaigns

Platform teams saw fresh controls and performance gains today, with Google introducing Gemini 3 Flash to bring faster, lower‑latency multimodal reasoning to production workflows, and AWS releasing a migration utility to carry automation rules into the new OCSF‑based Security Hub. Alongside these prevention‑first moves, defenders tracked campaigns aimed at enterprise email and edge appliances, underscoring the need to patch quickly and harden exposed systems.

Platform AI and HPC Controls Advance

Google Cloud moved to standardize and automate large‑scale training infrastructure and speed up AI pipelines. The company made its topology‑aware Slurm control plane, Cluster Director, generally available, adding guided templates, diagnostics, Lustre integration, dense network reservations, and one‑click node replacement to reduce fragility during multi‑week runs. In parallel, Google rolled out Gemini 3 Flash (preview) to balance reasoning quality with lower latency and cost for high‑frequency tasks such as document extraction and video analysis, with early partners reporting accuracy gains while staying within tight quotas. The combined focus is faster iteration and hardened operations for AI and HPC fleets.

Microsoft outlined an identity‑centric approach it calls Access Fabric—not a product, but a unified policy model to make access decisions contextual, connected, and continuous across people, devices, apps, AI agents, and networks. By sharing signals and enforcing Zero Trust throughout a session (not only at sign‑in), the design targets reduced attack surface and quicker, coordinated responses.

AWS Security and Scale Updates

AWS published a Python tool to discover existing ASFF‑based automation rules, map them to OCSF, and generate CloudFormation for the new Security Hub, with reporting for any gaps. To complement that migration path, AWS expanded Security Incident Response to ten additional opt‑in Regions, pairing automated triage and containment with 24/7 expert responders to lower detection and remediation times closer to where workloads run.

New infrastructure options also landed. AWS made EC2 M8gn/M8gb generally available on Graviton4, tuning for network‑intensive or EBS‑heavy workloads with up to 600 Gbps networking or 150 Gbps EBS bandwidth, and EFA on larger sizes. For write‑heavy search clusters, OpenSearch OI2 instances promise higher indexing throughput using Nitro SSD caching with S3‑backed managed storage—customers are advised to validate read latencies and cache behavior for their patterns.

In payments, AWS brought managed HSM operations for node‑to‑node card processing to Australia with Payment Cryptography in Sydney and added AS2805 support, aiming to replace dedicated appliances with elastic, PCI‑certified service operations integrated with IAM and CloudTrail.

Advisories and Exploitation Pressure

CISA added three entries to the CISA KEV catalog—CVE‑2025‑20393 (Cisco), CVE‑2025‑40602 (SonicWall SMA), and CVE‑2025‑59374 (ASUS Live Update)—signaling confirmed exploitation and elevating remediation urgency. Under BOD 22‑01, federal agencies must patch by due dates; CISA urges all organizations to prioritize these items.

A critical local privilege escalation in JumpCloud Remote Assist for Windows allows low‑privileged users to gain SYSTEM via unsafe operations in user‑writable temp paths. A fix is available, and organizations should update promptly and monitor for misuse of temporary directories (CSOonline).

Attackers are rapidly exploiting recent Fortinet authentication bypass issues when FortiCloud SSO is enabled, with reports of configuration theft and credential compromise following December disclosures. Administrators are advised to disable the feature until patched, rotate credentials, and apply device‑hardening guidance (CSOonline).

Campaigns Against Edge and Enterprise Platforms

Cisco Talos detailed UAT‑9686 intrusions against appliances running AsyncOS on Secure Email Gateway and Secure Email and Web Manager, using a Python backdoor (AquaShell), a Go‑based reverse SSH tool (AquaTunnel), and Chisel to persist and pivot. Talos provides IOCs and advises checking for unauthorized tunnels and embedded Python modifications, with support through Cisco TAC for response and recovery (Talos).

Researchers also tracked large‑scale IoT and state‑aligned activity. The Kimwolf botnet has reportedly co‑opted 1.8 million Android‑based TVs and boxes for proxying and DDoS, using DNS‑over‑TLS and ENS‑based indirection to shield command‑and‑control (Kimwolf botnet). Separately, a Russian‑aligned group has focused on misconfigured edge devices at energy and cloud‑adjacent firms to capture credentials and expand access, emphasizing configuration hardening over zero‑day dependence (CSOonline). And Check Point reporting attributes a broad government‑focused espionage campaign to Ink Dragon, which exploits internet‑facing servers, stages ShadowPad and other implants, and turns compromised IIS/SharePoint hosts into proxy nodes to build resilient multi‑hop control (Ink Dragon).