Critical Patches, AI Guidance, and Active Intrusions

Urgent fixes and active exploitation shaped the day, with a critical flaw in the Modular DS WordPress plugin and a long‑running zero‑day in Cisco’s email appliances now patched per CSO Online. Alongside remediation, platform builders highlighted how to harden AI systems and operations. Extension‑based abuse and targeted intrusions rounded out the landscape, underscoring the need to pair patching with identity and supply‑chain vigilance.

AI platforms, guidance, and agentic defense

Google Cloud’s Office of the CISO outlined practical implementation of the Secure AI Framework, mapping common AI risks across data, infrastructure, model, and application layers and emphasizing controls such as prompt sanitation, identity propagation for agents, and data‑perimeter hygiene. The guidance in SAIF translates directly into operational checklists for governance, assurance, and red teaming—useful for securing agentic workflows that touch multiple back‑end tools.

On the infrastructure side, a Google discussion walked through reinforcement learning (RL) at scale, positioning TPUs, MaxText, and orchestration as a vertically integrated stack to reduce RL complexity and improve price‑performance. The Agent Factory recap illustrates GRPO on TPU pods and frames RL as a key lever for safety, tool use, and verifiable reasoning.

Separately, CrowdStrike described an architectural approach to “agentic defense,” combining unified telemetry, a semantic data model, and governed AI agents that explain their decisions and execute with auditability. The proposal in CrowdStrike emphasizes evidence‑backed reasoning and adaptive response that moves beyond static playbooks.

OpenAI introduced a lower‑cost option that trades capacity and ads for advanced reasoning. The ChatGPT Go tier increases usage limits and provides access to a fast model while keeping higher‑end “reasoning” models in the Plus/Pro plans.

Advisories and patches under pressure

Patchstack reported a CVSS 10.0 privilege‑escalation flaw in the Modular DS WordPress management plugin (CVE‑2026‑23550) that allowed unauthenticated admin takeover and was exploited before a fix shipped. The vendor issued version 2.5.2 and released mitigation rules; recommended follow‑ups include auditing for rogue admins, reviewing logs, and rotating credentials if compromise is suspected, per CSO Online. Because the attack path requires no credentials, sites lagging on updates face elevated risk.

Fortinet customers should also move quickly. Researchers confirmed in‑the‑wild targeting of a critical FortiSIEM flaw (CVE‑2025‑64155) involving exposed command handlers and argument injection; fixes are available across supported branches, and temporary access restrictions can reduce exposure while patching. Details and IOCs are outlined in FortiSIEM. Why it matters: SIEM platforms sit at the center of monitoring environments—compromise can provide high‑leverage entry for lateral movement.

Cisco addressed an actively exploited zero‑day in AsyncOS powering Secure Email Gateway and Secure Email and Web Manager, tied to improper validation in the Spam Quarantine feature. The vendor’s updates remove the vulnerability and clear observed persistence; operators should both patch and verify exposure and compromise, according to CSO Online. In a separate update cycle, Palo Alto Networks fixed a PAN‑OS GlobalProtect gateway/portal denial‑of‑service issue (CVE‑2026‑0227) that could force appliances into maintenance mode; administrators of on‑prem NGFWs should apply the specified updates. See PAN‑OS for versions and mitigations.

Browser extension abuse expands

Researchers documented credential‑stealing extensions impersonating productivity and security tools for enterprise HR/ERP platforms, with capabilities to exfiltrate session cookies, hide or block admin security pages, and inject cookies to take over sessions without usernames, passwords, or MFA. The campaign, reported removed from the Chrome Web Store, targeted services such as Workday, NetSuite, and SAP SuccessFactors; incident response should include extension audits, session review, and credential rotation, per BleepingComputer.

Separately, LayerX tracked a renewed “GhostPoster” operation across Chrome, Firefox, and Edge, leveraging images to hide staged JavaScript that later executes to hijack affiliate links, inject iframes, and maintain a stealthy backdoor. With hundreds of thousands of installs over years, residual risk persists for users who previously added these extensions; removal and host scans are advised, according to GhostPoster.

Intrusions and enforcement

Cisco Talos reported a threat actor targeting North American critical infrastructure using a Sitecore ViewState deserialization zero‑day (CVE‑2025‑53690) for initial access, followed by credential harvesting, Active Directory reconnaissance, reverse tunneling, and persistent remote access. The activity highlights a blend of zero‑day exploitation and living‑off‑the‑land techniques; organizations should prioritize patching, restrict RDP and AD access, and monitor for the documented behaviors and tools, as summarized by Sitecore.

Edge infrastructure also drew heavy automated attacks. Check Point observed the RondoDox botnet mass‑exploiting a critical HPE OneView RCE (CVE‑2025‑37164), with tens of thousands of attempts recorded over hours, underscoring the urgency of patching and segmentation for management planes. See HPE OneView for campaign details and recommended controls.

In Canada, the Canadian Investment Regulatory Organization confirmed that a breach ultimately exposed data on about 750,000 investors. CIRO is offering two years of credit monitoring and identity theft protection to affected individuals and advises monitoring accounts and placing fraud alerts; investigators have not found evidence of misuse to date, per CIRO.

Law enforcement pressure on ransomware operators continued as authorities identified suspects tied to Black Basta, placing the alleged leader on Europol’s Most Wanted and issuing an INTERPOL Red Notice. The case, detailed by Black Basta, reflects ongoing efforts to disrupt operations even as affiliates rebrand or migrate.