Cloud Guardrails Expand Amid Critical Patches and Active Exploits
Coverage: 18 Dec 2025 (UTC)
< view all daily briefs >Cloud platforms pushed new governance and agent controls while defenders tackled urgent fixes and active exploitation. Control Tower added 176 Security Hub controls for centralized guardrails across multi‑account estates, and Google strengthened tool governance in Vertex AI Agent Builder. On the patch front, HPE released fixes for a CVSS 10.0 OneView flaw documented by The Hacker News, and Cisco reported active exploitation of a Secure Email zero‑day, with rebuilds required in confirmed compromises per The Hacker News. Meanwhile, The Hacker News relayed Chainalysis’ estimate that DPRK‑linked actors stole about $2.02 billion in cryptocurrency this year, underscoring persistent monetization pressure on crypto platforms and users.
Cloud governance and AI‑driven research
Google outlined how its public‑sector team and DeepMind plan to support the White House’s Genesis Mission, giving all 17 DOE National Labs accelerated access to Gemini‑based tools, including an AI co‑scientist for hypothesis generation, on accredited infrastructure via Google Cloud. The emphasis is on a secure, federated data and compute fabric and on agentic workflows that can synthesize literature, detect contradictions, and automate simulation pipelines. In parallel, Google Cloud introduced administrator‑curated tool governance in Vertex AI Agent Builder, integrating a private API registry, human‑in‑the‑loop recovery and state rewind, and expanded regional scale for Sessions and Memory Bank. The approach anchors agents in existing security and operational controls and adds cost transparency via new runtime pricing.
For data access, Google also shared guidance to tune natural‑language‑to‑SQL with the AlloyDB AI API: start with the baseline model and iteratively enrich descriptive and prescriptive context, then use templates and facets to codify business logic. The goal is explainable, near‑100% accuracy for production analytics, with verified intent and combined structured‑plus‑vector search where needed. Why it matters: governance and explainability features help enterprises deploy AI assistants without bypassing security gates or data stewardship.
Cloud operations: scale and cost choices
AWS broadened managed compute options for containers as ECS Spot support landed in ECS Managed Instances. Teams can target spare capacity for up to 90% discounts while AWS handles provisioning, placement, and optimization inside the customer account; the trade‑off remains interruption tolerance and the additional managed‑compute fee. At the serverless layer, Lambda durable functions expanded to 14 more Regions, bringing built‑in steps, waits, and checkpointing for resilient, multi‑step workflows without incurring compute charges while paused. Together, these updates make it easier to standardize orchestration patterns and reduce total cost for fault‑tolerant services.
On data and streaming, Cloudflare added GROUP BY, SUM, and other aggregations to R2 SQL, using scatter‑gather and shuffle strategies to run analytics over Parquet data without exporting it or standing up separate OLAP systems. And AWS introduced Kafka v3.9 with KRaft metadata mode for Express Brokers in MSK Express, removing ZooKeeper for simpler, faster metadata propagation on new clusters. Operators should validate controller behavior and tooling compatibility before migrating production workloads.
Advisories and patches in critical systems
HPE addressed a maximum‑severity remote code execution issue in OneView (CVE‑2025‑37164), with upgrades and hotfixes available; administrators should prioritize remediation and validate hotfix applicability, as covered by The Hacker News. In industrial control environments, CISA republished Schneider Electric’s notice that a critical WSUS deserialization vulnerability affects EcoStruxure Foxboro DCS Advisor services; Microsoft mitigations are available and standard ICS network isolation is advised. Separately, CISA detailed multiple issues in AXIS Camera Station Pro/Camera Station/Device Manager, ranging from deserialization and certificate validation weaknesses to authentication bypass, with fixed versions released. These advisories reinforce the need for prompt updates, segmented network architectures, and restricted remote access in OT contexts.
Exploitation and financially motivated threats
Cisco confirmed active exploitation of a zero‑day in Secure Email appliances where the Spam Quarantine feature is internet‑reachable; investigators observed persistence mechanisms that make full rebuilds the reliable eradication path, according to The Hacker News. CISA also added a historical ASUS Live Update supply‑chain compromise to its KEV catalog, urging discontinuation of the end‑of‑support client and updates to fixed builds, per The Hacker News. Chainalysis’ latest figures, covered by The Hacker News, attribute roughly three‑quarters of major service compromises to DPRK‑linked clusters this year, with insider infiltration and structured laundering central to their playbook. Complementing that picture, Infosecurity described a heavily obfuscated BeaverTail variant aligned with Lazarus‑associated activity, blending stealer and loader capabilities and expanding delivery vectors from npm packages to fake interview platforms. The through‑line is clear: harden email and update channels, verify supply‑chain integrity, and assume credentialed access attempts across high‑value systems.