Cloud Upgrades Lead; ICS Advisories and AI Safety In Focus

Cloud providers emphasized performance and control today. AWS G7e reached general availability to accelerate AI and graphics workloads, while Firestore introduced an advanced query engine in its Enterprise edition to bring pipeline-style analytics into the database. These upgrades landed alongside faster database cutovers and larger in‑memory analytics, even as ICS advisories, cloud configuration pitfalls, and active campaigns kept risk in view.

Cloud capacity and reliability gains

AWS broadened its high-performance footprint. The new G7e instances pair Blackwell‑class GPUs with high-bandwidth networking to raise inference throughput and lower latency for multimodal and graphics‑heavy applications. For operations teams, RDS Blue/Green cutovers now typically keep writer-node downtime under five seconds (often ~two seconds with the AWS Advanced JDBC Driver), making version upgrades and maintenance more practical. On the analytics side, QuickSight SPICE doubled per‑dataset capacity to 2 TB and expanded data‑type limits to ingest richer historical and text data with faster refresh, improving the currency of dashboards used in operations and compliance.

Google Cloud expanded Firestore Enterprise with pipeline queries, broader index controls, and observability. The new engine supports chained stages for aggregation, grouping, filtering, and array unnesting, reducing reliance on mandatory indexes and enabling use cases like personalization and e‑commerce search within the database. Explain plans and query insights help tune performance and cost, and the Enterprise billing model meters reads/writes by document and index size. Migration is designed to be straightforward via export/import, with compatibility preserved for existing apps.

AI services tighten safety and expand access

OpenAI is rolling out an age‑prediction model in ChatGPT to place likely teen users into a more restrictive experience that blocks categories such as graphic violence, dangerous challenges, and content promoting unhealthy body standards. Adults misclassified as teens can clear stricter settings via identity verification handled by a third‑party provider. In parallel, ChatGPT Go now offers unlimited access to GPT‑5.2 Instant at $8/month, raising usage limits and memory while reserving deeper reasoning and earliest features for higher tiers.

For developer onboarding, Google shared a practical primer for Gemini 3 Flash, covering API key setup, model selection in AI Studio, and SDK integration with structured outputs and agentic behaviors to speed prototyping and deployment.

Industrial advisories and cloud configuration risks

CISA republished Schneider Electric’s advisory on multiple flaws in products embedding the CODESYS Runtime System V3; impacted families include Modicon controllers and various HMIs, with issues ranging from buffer overflows to input validation failures that can lead to DoS or potential code execution. Patches and mitigations are available for many products, while some end‑of‑life items require migration. See the aggregated guidance in CISA. Separately, Rockwell’s Verve Asset Manager addressed two cleartext information‑storage issues in legacy components; updating to version 1.42 or later resolves both, per CISA. Why it matters: ICS/OT environments often carry long hardware lifecycles, making timely updates and network isolation essential to reduce exploit windows.

In cloud operations, Unit 42 highlighted how Azure Private Link’s DNS behavior can cause denial‑of‑service when a Private Endpoint is introduced without corresponding Private DNS records; lookups may fail despite a valid public endpoint. The research details susceptible configurations and mitigations—including record hygiene and an optional fallback—at Unit 42. And in AI tooling, researchers disclosed prompt‑injection‑triggered vulnerabilities in Anthropic’s mcp‑server‑git (before December 2025), enabling path traversal and argument injection that can be chained toward code execution when combined with a filesystem server; fixes are available and composition should be reviewed, as summarized by Infosecurity.

On policy, the European Commission proposed a cybersecurity package to assess and restrict high‑risk suppliers across critical sectors, expand ENISA’s operational role, and streamline certification schemes. The measures aim to reduce ICT supply‑chain exposure across the bloc; details via BleepingComputer.

Active threats target enterprises and developers

FortiGuard Labs analyzed a multi‑stage Windows campaign that begins with LNK‑triggered PowerShell, uses obfuscated scripts and a repurposed tool to disable Defender, and delivers Amnesia RAT alongside ransomware and WinLocker variants. Exfiltration leverages the Telegram Bot API and persistence spans startup folders and Run keys; detections and IOCs are provided in FortiGuard. Developers were also targeted by DPRK‑linked actors abusing Visual Studio Code task configuration to auto‑execute obfuscated JavaScript from trusted repos, establishing a backdoor with data theft and remote execution capabilities, per The Hacker News.

At the user edge, researchers at Socket flagged five Chrome extensions that exfiltrated cookies and blocked admin controls to hijack enterprise sessions across services like Workday and NetSuite, as reported by CSO. In the cybercrime ecosystem, the Telegram‑based “Tudou Guarantee” marketplace halted public transactions after processing an estimated $12B in crypto; some associated operations continue, suggesting a phased change, according to The Hacker News.