Platform Automation, Secure Boot Updates, and Iran’s Internet Blackout

Automation and hardening led today’s security developments. Security Hub gained at-scale response features to cut manual triage across large cloud estates, while Microsoft began a controlled rollout of replacement Secure Boot certificates on eligible Windows systems, as reported by BleepingComputer. Additional advisories and active exploitation reports underscored near-term patching priorities.

Platform controls scale up

Cloud operations teams get new levers as Security Hub adds automation rules that act on new findings in real time, correlate risk, enrich context and route items into EventBridge-driven workflows. The release folds CSPM detections into the existing stack and supports common actions such as invoking Lambda or Systems Manager for remediation, pushing to ServiceNow or Jira, and capturing evidence for compliance. Guidance emphasizes centralized administration, concise rule criteria, region-aware deployment and the 100-rule limit per admin account to keep operations predictable as coverage scales.

CrowdStrike moved to extend session protection to any browser by agreeing to acquire Seraphic, aiming to correlate Falcon endpoint telemetry with real-time browser signals across managed and unmanaged devices. The company plans identity-driven, in-session authorization that adapts to risk, countering session hijacking and man-in-the-browser techniques while adding execution-layer controls and AI-based content filtering for next‑gen DLP. The post notes transaction conditions and integration risks remain.

Advisories and patching moves

Microsoft began distributing replacement Secure Boot certificates to eligible Windows 11 devices in a phased rollout designed to preserve the pre‑boot trust chain and limit disruption; details and targeting approach were outlined by BleepingComputer (see link above). For environments on long-term servicing, KB5073724 advances Windows 10 ESU systems to builds 19045.6809/19044.6809 and removes vulnerable legacy modem drivers, while also preparing for certificate expirations; administrators should plan testing and staged deployments, per BleepingComputer. The practical risk is loss of Secure Boot protections if certificates lapse.

ServiceNow addressed a critical impersonation flaw in its AI Platform (CVE-2025-12420), pushing fixes into Now Assist AI Agents and Virtual Agent API components; customers on self-hosted or partner instances should apply the specified versions and review agent configurations, according to The Hacker News. In industrial environments, a SQL injection issue in Rockwell Automation FactoryTalk DataMosaix Private Cloud (CVE-2025-12807) allows low‑privilege users to execute sensitive database operations; CISA advises upgrading to Version 8.01.02 or later and reinforces segmentation and minimized exposure for ICS assets.

Two widely exposed software ecosystems also demand attention. Unit 42 detailed MongoBleed (CVE-2025-14847), an unauthenticated memory‑disclosure flaw reachable over TCP/27017 via malformed OP_COMPRESSED messages; patches are available for supported MongoDB branches, while older EOL releases have no fixes. Active exploitation and a public PoC increase urgency; network controls, disabling zlib compression and monitoring high‑velocity requests are recommended mitigations if patching lags. Separately, Infosecurity reported that CISA added a high‑severity Gogs vulnerability (CVE-2025-8110) to the KEV catalog amid confirmed exploitation; no official patch is available yet, so operators should restrict access, disable open registration and hunt for signs of compromise until fixed images land. Why it matters: both issues are internet‑reachable and have been used operationally, turning routine exposure into a concrete risk.

Confirmed incidents and campaigns

Cloudflare telemetry shows Iran experienced a near‑complete disconnect from the global Internet on January 8 following escalating protests, with IPv6 announcements collapsing ~98.5% ahead of a 90% traffic fall between 16:30–17:00 UTC as major networks withdrew routes. Brief connectivity windows on January 9—including spikes to the 1.1.1.1 resolver and restorations at several universities—did not persist. Pre-shutdown protocol shifts, such as sharp drops in HTTP/3 and QUIC, align with heavy filtering before full cutoff. Cloudflare continues to monitor via Radar.

In Ukraine, a charity‑themed social engineering campaign delivered the PluggyApe backdoor to Defense Forces personnel via Signal/WhatsApp lures and password‑protected archives, according to BleepingComputer. The malware profiles hosts, persists through registry changes and, in its second version, adopts MQTT‑based C2 with stronger obfuscation and dynamic endpoint discovery via paste services. CERT‑UA links the activity with medium confidence to a Russian‑aligned actor and provides indicators for detection.

Research and policy signals

Check Point Research analyzed VoidLink, a previously undocumented, cloud‑first Linux framework engineered in Zig with loaders, implants, kernel‑level hiding techniques and ~37 modular plugins that enable multi‑channel C2, mesh communications and stealthy persistence across containers and cloud providers. The toolkit targets developer and cloud supply chains through credential collection, container escape and lateral movement. The The Hacker News write‑up highlights rootkit‑style evasion (eBPF, LKM, LD_PRELOAD), runtime encryption and adaptive post‑exploitation modules—signals for defenders to tighten credential hygiene and watch for atypical inter‑host meshes.

In the public sector, a survey of 250 federal IT leaders finds nearly 90% already use or plan to use AI, with document processing, workflow automation and decision support leading use cases. Security risk tops adoption barriers, followed by reliability, cost and legacy constraints. Google Public Sector points to procurement and skills programs intended to accelerate responsible uptake. Why it matters: rapid adoption paired with persistent security concerns reinforces the need for robust guardrails as agencies scale AI.