AWS Rolls Out AI and Access Controls Amid New Threats

Platform hardening and AI capabilities led today’s developments. Bedrock added NVIDIA’s efficiency‑oriented Nemotron 3 Nano model with long‑context reasoning and native tool‑calling, while WorkSpaces Secure Browser introduced WebAuthn redirection to bring phishing‑resistant authentication into remote sessions. Additional AWS releases focused on telemetry automation and migration planning. Counterbalancing the preventive theme, a critical automation vulnerability, supply‑chain threats, and major breach and policy updates shaped the risk picture.

Cloud AI and access controls roll out

Amazon Web Services expanded its AI portfolio on Bedrock with NVIDIA’s Nemotron 3 Nano, an efficiency‑focused hybrid Mixture‑of‑Experts model designed for agentic and coding workloads. Served via AWS’s Project Mantle distributed inference engine, the model supports a 256k‑token context window, explicit reasoning controls, and OpenAI API compatibility to ease integration. The serverless inference approach and unified resource pools aim to improve throughput and simplify operations for teams building multi‑agent workflows and long‑context applications.

In identity and access, AWS enabled WebAuthn redirection in Amazon WorkSpaces Secure Browser so users can authenticate to sites inside remote sessions with local FIDO2 keys, passkeys, or platform authenticators. The capability currently requires Chromium‑based local browsers and admin enablement with allowed‑origins policy configuration. The design aligns remote browsing with modern zero‑trust login experiences, but it demands coordinated endpoint readiness, policy updates, and user training to avoid friction or misconfiguration.

Access to efficient models also broadened on Amazon SageMaker as AWS added the open‑source MiniMax‑M2 MoE to JumpStart, pairing a large backbone with a smaller active parameter set to reduce inference cost while targeting coding and agentic tasks. For migration teams, AWS Transform added automatic conversion of hybrid data‑center networking, translating VLANs and subnets into VPC constructs and generating Infrastructure as Code for repeatable deployments. Together these updates reinforce a prevention‑first posture: efficient model access for builders and fewer manual steps during complex network transitions.

Operational visibility also advanced as Amazon CloudWatch introduced organization‑wide enablement rules to auto‑configure telemetry for six key services, including CloudTrail Management and Data Events, EKS control plane logs, Route 53 query logs, Network Load Balancer access logs, and AWS WAF WebACL logs. Using AWS Config service‑linked recorders, rules can enforce logging on existing and future resources, reducing configuration drift and aiding incident response—though teams should plan tagging and cost governance.

Advisories and patches

A critical remote code execution issue in the n8n workflow automation platform was disclosed, enabling authenticated users who can create or edit workflows to execute arbitrary code in the runtime context. Maintainers released fixes in several branches; users should upgrade promptly and harden exposed deployments, restrict workflow authoring, rotate credentials, and audit logs for suspicious activity. Details are available from The Hacker News. This class of vulnerability can yield full instance compromise and unauthorized access to downstream systems automated through n8n.

Supply chain and browser threats

Researchers reported a trojanized npm package that wrapped a popular WhatsApp Web client library and behaved as a functional API while covertly exfiltrating session tokens, messages, contacts, and media. The malicious wrapper also abused multi‑device pairing for persistence, allowing continued access even after removal until unknown devices are unlinked. The campaign’s obfuscation and encryption layers complicated detection, underscoring the limits of metadata and static scans for dependency risk. Coverage: CSO. Teams should expand runtime behavioral monitoring for dependencies and audit account pairings.

Separately, Socket researchers uncovered two malicious Chrome extensions branded “Phantom Shuttle” that redirected traffic for more than 170 domains through attacker‑controlled proxies, enabling credential and cookie theft and routine exfiltration to command‑and‑control. The add‑ons used injected code, proxy auto‑configuration scripts, and hard‑coded proxy credentials to operate silently. Administrators should remove the extensions, enforce allowlists, and monitor for unexpected proxy authentication and outbound proxy traffic. Report: The Hacker News.

Incidents and policy signals

University of Phoenix disclosed a breach affecting approximately 3.5 million individuals after attackers exploited a zero‑day in Oracle E‑Business Suite to access financial systems over several days in August. The incident was later linked on a ransomware leak site, and notifications confirmed exposure of personal and banking details; the university is offering monitoring and recovery assistance. The scale and dwell time highlight the impact of weaponized flaws in centralized platforms. Coverage: Infosecurity.

On the policy front, the FCC added foreign‑made drones and key components to its Covered List following an interagency review that cited national security risks tied to surveillance and data exfiltration. The action targets certain China‑made vendors and enumerates communications and control parts, with limited carve‑outs and potential DHS exemptions. Media report: The Hacker News. For operators of UAS fleets and retailers, the decision signals tightening oversight of cross‑border technologies in sensitive categories.

Internationally, Denmark’s defence intelligence service attributed two separate operations to Russian‑linked actors: a destructive attack on a water utility in 2024 and a DDoS campaign targeting websites ahead of local elections. The announcement underscores varied disruptive tactics against public infrastructure and civic processes. Analysis: Schneier. For defenders, the emphasis remains on resilience for industrial systems and DDoS‑exposed services, coupled with rapid coordination between operators and policy makers.