Office Zero‑Day, EPMM Exploits, and Cloud AI Controls Roll Out
Coverage: 29 Jan 2026 (UTC)
< view all daily briefs >Cloud platforms advanced governance-minded AI features while urgent fixes landed across enterprise software. Conversational Analytics in BigQuery is now in preview from Google Cloud, and server‑side tool execution arrives in Bedrock, bringing auditability and access controls closer to where models act on data.
AI and data platforms tighten control
BigQuery’s new conversational agent embeds a Gemini‑based reasoning system directly in Studio, surfacing generated SQL, explanations, and visuals while honoring existing permissions and logging. The design emphasizes transparency—users can inspect the SQL and logic behind summaries—and extends to predictive tasks via built‑in AI functions. A separate update highlights post‑hackathon enhancements focused on SQL‑first workflows, including sublinear call optimization in AI.IF and streamlined functions for classification, semantic search, reranking, and embeddings; see BigQuery AI for details. Why it matters: by grounding model outputs in schema, metadata, and governed queries, these additions aim to reduce shadow analytics while accelerating analysis.
On the operational side, real‑time tool use without client orchestration is now supported in Amazon’s model service, with the platform invoking tools inside customers’ accounts to keep data paths under established controls. For latency and cost management at scale, Keyspaces adds deterministic pre‑warming to prepare for traffic spikes, and GameLift introduces autoscaling to and from zero to cut idle spend while preserving responsiveness. These updates encourage teams to codify peaks in runbooks and align IAM, logging, and throttling policies with tool‑enabled AI workflows.
Advisories and exploitation: patch now
Microsoft released out‑of‑band fixes for CVE‑2026‑21509, a Microsoft Office security feature bypass reportedly exploited in the wild. The flaw is local and not triggerable via the Preview Pane, but social engineering can enable execution when a malicious document is opened. Detection content is available, including Snort and ClamAV signatures; see Talos for technical details and mitigation guidance. Separately, two critical code‑injection bugs in Ivanti EPMM (CVE‑2026‑1281, CVE‑2026‑1340; CVSS 9.8) are under limited zero‑day exploitation. Hotfix RPMs are available per build, with a permanent fix slated for 12.8.0.0; BleepingComputer summarizes affected endpoints, detection regex, and recovery steps. CISA added CVE‑2026‑1281 to KEV with a near‑term deadline for U.S. agencies.
Multiple enterprise platforms also require urgent attention. SolarWinds Web Help Desk 2026.1 fixes six issues, four critical, including unauthenticated deserialization leading to RCE and authentication bypass paths; upgrade guidance and exploit context are covered by The Hacker News. Researchers disclosed two sandbox escapes in n8n enabling host‑level compromise—CVE‑2026‑1470 (CVSS 9.9) and CVE‑2026‑0863 (CVSS 8.5)—with patches across supported branches; details and recommended interim restrictions are in CSO. For OT/ICS environments, an advisory details CVE‑2026‑1453 (CVSS 9.8) in KiloView Encoder Series devices that lets unauthenticated actors create or delete admin accounts; CISA recommends strict network isolation and firewalling given the absence of coordinated vendor mitigations. The common thread: unauthenticated paths and rapid exploitation of internet‑facing services demand prompt patching, segmentation, and log review.
Botnets, proxies, and record‑scale DDoS
A coordinated action disrupted IPIDEA, a large residential proxy network abused by hundreds of threat groups to mask credential attacks, lateral movement, and SaaS access. Investigators documented a two‑tier C2, thousands of Windows binaries, and hundreds of Android apps embedding monetization SDKs that converted devices into exit nodes. Domain seizures and platform defenses aim to reduce available proxy inventory while SDK residues are addressed across ecosystems; see The Hacker News. Why it matters: residential proxies blur consumer and enterprise perimeters, complicating IP reputation and abuse tracing.
Meanwhile, the Aisuru/Kimwolf botnet set a new public DDoS record at 31.4 Tbps with roughly 200 million HTTP requests per second, primarily hitting telecom and IT targets and leveraging compromised Android TVs among sources. Short, hyper‑volumetric bursts were automatically mitigated, according to provider telemetry; BleepingComputer places the event within a broader surge of high‑throughput attacks. The trend underscores the need for automated detection and absorption, especially for high‑risk sectors.
Enforcement and exposure at the edge
France’s data protection authority fined the national employment agency France Travail €5 million over a 2024 breach tied to social‑engineering of third‑party adviser accounts, exposing decades of job‑seeker records. The regulator ordered documented remediation on access controls, monitoring, and training, with daily penalties for delays; background and scope are detailed by BleepingComputer. Why it matters: repeated incidents and broad access rights can magnify impact and attract escalated regulatory scrutiny.
Separately, researchers identified about 175,000 publicly reachable Ollama hosts across 130 countries, nearly half advertising tool‑calling that enables code execution and API access from model prompts. The open exposure creates opportunities for abuse—from spam and disinformation to cryptomining and resale—while decentralized, residential deployments evade traditional controls. The findings and active LLMjacking campaigns scanning for such endpoints are summarized by The Hacker News. Administrators should enforce authentication, monitor usage, and constrain network reach for edge LLM services.