Cloud HSM, NTLM Sunset, and Supply-Chain Threats

Cloud providers emphasized control and performance today. Google Cloud introduced dedicated key protection with Cloud HSM, and previewed high-memory GPUs on Cloud Run to simplify large‑model inference. In parallel, identity and trust remained a focus with Microsoft’s staged retirement of legacy NTLM and fresh guidance on zero trust implementation, while defenders faced active exploitation and several supply‑chain compromises across developer ecosystems.

Platform Controls and Performance

Google Cloud launched Single-tenant Cloud HSM to offer hardware-enforced cryptographic isolation without appliance management. Built on FIPS 140‑2 Level 3 HSMs, the service gives organizations root key ownership, quorum-based approvals for sensitive operations, and the ability to grant and revoke Google’s use of HSM operations at any time. It integrates with Cloud KMS APIs for CMEK, spans zones for high availability, and feeds Cloud Logging and Monitoring for observability. Compliance attestations (including FedRAMP, DISA IL5, ITAR, SOC 1/2/3, HIPAA, PCI DSS) accompany fast provisioning and scale. By centralizing lifecycle and audit controls, the offering aims to reduce key-management risk in regulated workloads.

For AI-heavy deployments, Google previewed NVIDIA RTX PRO 6000 Blackwell Server Edition support on Cloud Run, pairing 96GB vGPU memory and fifth‑generation Tensor Cores with serverless operations. The platform preinstalls drivers, delivers GPUs in under five seconds on cold start, scales to zero, and supports up to 44 vCPU/176GB RAM per instance. Built‑ins include zonal redundancy, Cloud Storage mounts for model weights, and Identity‑Aware Proxy to secure traffic. In the model ecosystem, AWS added DeepSeek OCR, MiniMax M2.1, and Qwen3‑VL‑8B‑Instruct to SageMaker JumpStart, expanding options for document intelligence, coding workflows, and multimodal reasoning. Teams weighing these additions should balance preview status, regional availability, and cost‑performance trade‑offs against operational simplicity.

Identity Modernization and Zero Trust

Microsoft detailed a three‑phase plan to retire NTLM in favor of Kerberos. According to The Hacker News, Phase 1 expands auditing to map NTLM usage; Phase 2 introduces mitigations such as IAKerb and a Local KDC and updates components to prefer Kerberos; Phase 3 will disable NTLM by default in the next Windows Server and client release, with new policy controls for re‑enablement. The approach reduces exposure to replay, relay, and pass‑the‑hash attacks while providing compatibility paths for legacy scenarios. Organizations should inventory dependencies, test configurations, and plan Kerberos migrations to avoid disruption.

The NSA issued new Zero Trust Implementation Guidelines, organizing 152 activities into modular phases to move from Discovery toward target‑level maturity. As summarized by Infosecurity, Phase One establishes a secure baseline (36 activities across 30 capabilities) and Phase Two integrates core zero trust solutions (41 activities across 34 capabilities), mapped to NIST SP 800‑207, CISA’s maturity model, and the DoW reference architecture. The guidance emphasizes continuous authentication, authorization, and post‑login evaluation. This structured approach helps teams sequence dependencies, measure progress, and avoid over‑reliance on network access controls as a stand‑in for application‑level policy enforcement.

Exploitation and Agent Risks

Ukraine’s CERT-UA reported active targeting of a recently patched Microsoft Office flaw. BleepingComputer relays that phishing documents used a WebDAV downloader that triggered COM hijacking to load a malicious DLL (EhStoreShell.dll), executed shellcode embedded in an image, and created a OneDriveHealth scheduled task to force explorer restarts. The loader deployed the Covenant framework and leveraged the Filen cloud service for command‑and‑control; CERT-UA also observed related activity against EU organizations. Microsoft urged customers to apply updates and restart Office where required; where patching is delayed, registry‑based mitigations and Protected View provide additional layers. The chain illustrates how attackers mix living‑off‑the‑land techniques with cloud services to sustain access.

In the rapidly growing personal‑agent space, an open-source assistant fixed a high‑severity issue that enabled one‑click remote code execution via crafted links. The Hacker News describes how the Control UI’s trust of a query parameter and missing Origin validation allowed token exfiltration and authenticated WebSocket control of a local gateway, letting an attacker disable approvals and execute privileged operations. The maintainers shipped a patched release with server‑side Origin enforcement and guidance to minimize token scope and lifetime. Upgrading promptly and treating query parameters as untrusted are critical.

Separately, VirusTotal analyzed over 3,000 community‑published skills for the same assistant ecosystem and found hundreds with malicious behaviors. The VirusTotal team observed skills that coax users into running external binaries or obfuscated scripts and highlighted a prolific publisher whose modules consistently delivered untrusted code. On macOS, some chains fetched a variant of the AMOS infostealer; on Windows, others pushed packed trojans. VT upgraded its Code Insight to surface risky patterns such as external code execution and excessive permissions. Treat community skills as untrusted by default, sandbox execution, and restrict access to secrets on hosts running agent runtimes.

Supply Chains Under Pressure

The maintainer of Notepad++ disclosed that attackers hijacked its update mechanism by compromising hosting infrastructure and redirecting update traffic. As reported by The Hacker News, weaknesses in the WinGUp updater’s checks let malicious binaries be served to selected users starting in mid‑2025. The project released updates, migrated to a new host, and recommended verification of installer integrity. The incident underscores that infrastructure‑level compromise can bypass otherwise secure codebases; enforcing cryptographic signing and secure delivery channels is essential.

In a separate case, attackers briefly abused a regional update server for the eScan antivirus product to push a multi‑stage payload. According to The Hacker News, the trojanized binary used a PowerShell chain with AMSI bypasses, tampered with product components to block remediation, and established persistence while spoofing update status. Telemetry showed hundreds of attempted infections concentrated in South Asia. The vendor isolated affected servers, reverted changes, and issued remediation guidance. Compromise of a security product’s update channel complicates detection and recovery; integrity checks and post‑update verification can limit risk.

Extension ecosystems also saw abuse. Researchers found macOS‑focused GlassWorm malware seeded through four compromised OpenVSX extensions from a legitimate publisher account. BleepingComputer reports the trojanized updates established LaunchAgent persistence, stole browser credentials, wallet secrets, Apple Notes, and Keychain data, and enabled remote access and proxying, with commands encoded in Solana transaction memos. Operators revoked tokens and removed the releases; affected users should remediate systems, rotate credentials, and audit publishing pipelines.

Risks to developer workflows continued with a report that two popular AI coding‑assistant extensions exfiltrated all processed content to endpoints in China. Schneier highlights researchers’ findings of systematic capture of editor content and telemetry, raising IP and credential exposure concerns. Immediate steps include disabling affected extensions, auditing code and artifacts, and enforcing egress controls and stricter extension approvals.

Beyond developer tools, Panera Bread data posted by an extortion group contained contact details for about 5.12 million unique accounts, not 14 million unique customers as initially described. BleepingComputer notes the dataset includes names, addresses, phone numbers, and emails, with employee addresses also present; the actor claimed access via a single sign‑on code as part of a wider vishing campaign. Separately, Bitdefender documented an Android RAT campaign that used the AI hosting platform to store polymorphic APK payloads: Infosecurity reports that a dropper (TrustBastion) funneled victims to repositories hosting malware that coerced Accessibility, overlay, and screen‑recording permissions to capture device interactions and credentials. Both cases reiterate the value of defending authentication flows and scrutinizing prompts that request elevated permissions.