Cloud Expansion, AI Posture Gains, and Urgent Patches

Cloud providers emphasized resilience and performance, with a new Google Cloud region in Bangkok adding low‑latency options and compliance support, while a Reserved capacity tier for Claude Sonnet 4.5 arrived in GovCloud via Bedrock to stabilize AI throughput for regulated workloads. Security teams also faced fresh patch pressure as multiple vendors shipped fixes and a Cisco flaw moved into CISA’s Known Exploited Vulnerabilities catalog.

Platform Controls and Capacity Advance

The new Reserved tier in Bedrock guarantees prioritized compute and separate input/output token-per-minute allocations, reducing throttling risk for mission-critical agents in AWS GovCloud (US-West). In parallel, network-optimized ARM compute expanded as C8gn instances rolled out to additional regions, offering up to 600 Gbps networking for high-throughput analytics, virtual appliances, and CPU-based inference.

Data protection controls deepened with EMR Serverless now encrypting worker local disks using customer managed keys, aligning big-data jobs with strict key-management and audit requirements. For cost and reliability operations, the Instance Scheduler added event-driven orchestration, better fan-out, tagging-driven workflows, and an optional Insufficient Capacity Error retry path to improve start success during resource constraints.

On AI risk governance, Microsoft outlined how autonomous agent architectures broaden the attack surface across models, tools, and coordinator roles. The Defender blog details AI Security Posture Management that maps multi-cloud agent configurations, flags exposure to indirect prompt injection, and traces attack paths to prioritize hardening—guidance aimed at reducing blast radius before agents operate at scale.

For modernization momentum, Google introduced migration incentives through RaMP, offering platform credits and funded assessments for complex estates such as SAP, Oracle, VMware, and analytics workloads. Combined with the Bangkok region’s low-latency footprint and certifications, the package targets regulated sectors seeking data residency, encryption-by-default, and a foundation to connect enterprise data to Vertex AI and Gemini.

Telecom Supply Chain Rules Tighten in EU

The European Commission advanced a legislative proposal enabling EU-wide assessments and potential bans on vendors deemed high risk to critical networks. As reported by CSO Online, the mechanism—interpreted as aimed at Huawei and ZTE—could force removal of existing components within three years and extend beyond mobile to rail, energy, and municipal infrastructure. The package would also bolster ENISA staffing and funding to coordinate ransomware defenses and standards. If adopted, the plan would impose significant replacement costs, reshape supplier dynamics, and elevate compliance obligations across member states.

Advisories and Patch Urgency

CISA added CVE‑2026‑20045—code injection affecting Cisco Unified Communications products—to the Known Exploited Vulnerabilities catalog, triggering remediation expectations under BOD 22‑01 for federal agencies and urging rapid fixes across enterprises. The move signals active exploitation risk and prioritizes patching to reduce exposure.

Vendors released multiple fixes. According to The Hacker News, Zoom addressed a critical command injection in Node Multimedia Routers (CVE‑2026‑22844), while GitLab shipped patches for a 2FA bypass (CVE‑2026‑0723) and several denial‑of‑service issues. Separately, researchers disclosed two high‑severity flaws in the Chainlit framework—arbitrary file read and SSRF—dubbed “ChainLeak”; BleepingComputer notes fixes landed in v2.9.4 with the latest at v2.9.6, and urges upgrades plus credential rotation and egress controls.

Fortinet customers reported continued exploitation of an authentication bypass (CVE‑2025‑59718) against FortiGate even after earlier patches. As BleepingComputer reports, attackers created local admin users via malicious SSO logins; interim guidance includes disabling FortiCloud SSO and monitoring for anomalous account creation while awaiting forthcoming FortiOS updates.

Consumer accessories also drew attention: Kaspersky highlighted WhisperPair (CVE‑2025‑36911), a Fast Pair weakness allowing nearby attackers to hijack certain Bluetooth headsets, gain microphone access, and—in some models—track location via Google’s device-finding network. The Kaspersky post recommends firmware updates and resets where available, pairing with trusted devices to reserve owner status, and limiting exposure until mitigations are confirmed.

Developer Lures and Enterprise Exposure

Threat actors continued to target developer workflows. Jamf researchers documented the “Contagious Interview” technique abusing Visual Studio Code configuration files to trigger shell and Node.js execution when projects are marked trusted, as covered by CSO Online. In parallel, Recorded Future linked a large campaign dubbed PurpleBravo to DPRK‑aligned operators who used fake job interviews and coding assessments to deliver BeaverTail and a Go‑based backdoor, with activity spanning South Asia and North America; The Hacker News reports the effort touched thousands of IPs and multiple sectors. The shared theme is developer‑centric social engineering that bridges into corporate environments.

Pentera found widespread exposure from intentionally vulnerable lab apps left internet‑facing and connected to overly permissive cloud roles, turning demos into backdoors. CSO Online details 1,926 live vulnerable instances across major clouds, with real‑world cryptomining, webshells, and access to secrets and registries. Separately, Ingram Micro disclosed that a 2025 ransomware incident compromised data on more than 42,000 individuals, including identifiers and Social Security numbers, according to CSO Online. The findings underscore the need to inventory non‑production assets, enforce least privilege, and isolate training environments with production-grade controls.