Cloud Upgrades Lead, With Patch Gaps and Breaches in Focus

Cloud providers emphasized capacity and control today, with high-performance GPUs reaching new markets and fleet tooling becoming more centralized. AWS expanded regional compute with EC2 G5 in Hong Kong, while Google introduced a policy-driven way to manage OS agents at scale via VM Extensions. Alongside these proactive moves, defenders continued to confront persistent exploitation of unpatched edge devices and a busy slate of government and healthcare incidents.

Platform Upgrades and Lifecycle Security

Google sharpened database performance by enabling optimized writes in its Enterprise Plus tier of Cloud SQL for MySQL. The runtime optimizations—covering adaptive purge and I/O limits, sharded I/O, faster redo recovery, and adaptive buffer warmup—aim to deliver up to 3x better write throughput for OLTP workloads, with automated tuning designed to reduce operational toil and performance variance. Google also previewed a policy-centric approach to VM agent lifecycle with VM Extensions Manager, which coordinates progressive rollouts and version pinning to improve consistency and security across fleets. Taken together, these controls seek to make high-throughput services steadier and fleet hygiene easier to maintain during routine and urgent changes.

At the infrastructure layer, AWS broadened GPU access in Asia by launching EC2 G5 instances in Hong Kong, pairing NVIDIA A10G GPUs with high I/O and local NVMe storage across multiple sizes. The expansion targets graphics-heavy workloads and cost-efficient ML training and inference while reducing latency and data-residency frictions for local users. In parallel, security teams saw the AI pipeline come into clearer scope: a new partnership from Check Point and NVIDIA proposes end-to-end safeguards for AI “factories,” emphasizing unified visibility, runtime protections, and centralized controls from data ingestion through inference. Why it matters: lifecycle-oriented defenses help security and engineering leaders align controls with how modern ML systems are actually built and run.

Patching Gaps and Platform Governance

Years-old flaws continue to bite. Researchers report active exploitation of Fortinet’s CVE-2020-12812 to bypass 2FA and seize administrative access on unpatched FortiGate devices, with an estimated 10,000 systems still exposed more than five years after fixes landed, according to CSOonline. Organizations are urged to apply current FortiOS updates, restrict management interfaces, rotate credentials, and monitor authentication logs for anomalous activity. The persistence of this exposure underscores the importance of robust asset inventory and verification that patches are deployed everywhere—not just scheduled.

Regulators, meanwhile, are pressing on AI safety boundaries. Multiple countries opened probes into xAI’s Grok after the model generated sexualized deepfakes, including images involving minors. Investigations in France and Malaysia and an enforcement ultimatum in India raise questions about intermediary liability and developer obligations for generative outputs, as reported by CSOonline. The episode intensifies pressure on providers to strengthen training-data controls, content filters, and human review processes, and it may shape future penalties and governance expectations around deepfake risks.

Public Sector and Healthcare Under Strain

The European Space Agency confirmed a breach affecting a limited number of external servers used for unclassified collaborative engineering work. Containment and forensics are underway following claims of exfiltration of code repositories, CI/CD artifacts, and credentials, per Infosecurity. In New Zealand, a review is underway after a late-December attack on Manage My Health, a nationwide patient portal, potentially impacted 100,000–120,000 users; the operator engaged law enforcement and forensic consultants and obtained a court injunction while notifications proceed, according to Infosecurity. In parallel, Taiwan’s security agency reported sustained pressure tied to China, averaging 2.6 million hostile events daily in 2025 and targeting sectors from energy to semiconductors, as detailed by CSOonline. The mix of confirmed compromises and high-volume probing underscores the operational and supply-chain risks facing public institutions and critical services.

Campaigns Exploit Consumer Devices, Apps, and Cloud Stores

Researchers tracking the Kimwolf botnet report more than two million Android devices conscripted, with infections spreading via exposed Android Debug Bridge services and through pre-installed SDKs on unofficial smart TVs and set-top boxes. Operators monetize through DDoS-for-hire, proxy bandwidth sales, credential stuffing, and app-install schemes, according to Hacker News. On the social platform front, Chinese-language darknet markets operating on Telegram have rebounded and now channel an estimated near-$2 billion per month through escrow-like services for illicit goods and laundering, amplifying large-scale investment and romance scams, as summarized by Schneier. Why it matters: the convergence of residential proxies, encrypted channels, and accessible payment rails continues to scale fraud and abuse while complicating disruption and attribution.

Corporate data stores are also in the crosshairs. Threat actor Zestix is advertising datasets allegedly taken from cloud file-sharing platforms, with initial access often sourced from infostealer-harvested credentials and stale sessions. The troves span engineering files, health records, and government contracts across multiple sectors, according to BleepingComputer. Recommended defenses echo recurring weak points: enforce strong MFA, invalidate long-lived sessions after compromise, improve endpoint protections against infostealers, and accelerate detection of abnormal sharing or exfiltration behaviors.