Opus 4.6 Lands on Clouds; CISA Flags ICS Flaws; Espionage Persists

Cloud providers expanded access to advanced models as Vertex AI and Bedrock added Claude Opus 4.6 for enterprise and agentic workflows. Alongside these platform moves, CISA issued multiple critical advisories for industrial control gear and maintainers shipped an urgent workflow automation fix, while researchers detailed global espionage, edge interception toolkits, and record‑scale DDoS activity.

AI Platforms Add Opus; GPU Capacity Expands

Google Cloud introduced Anthropic’s most capable Claude Opus 4.6 model on Vertex AI, highlighting production‑ready document generation, advanced coding, and agentic orchestration with features such as Adaptive Thinking, tool streaming controls, and high output token limits. The stack integrates with Agent Builder, Agent Engine, memory options, and governance features to support deployment and cost/performance trade‑offs.

AWS made the same model available through Amazon Bedrock, positioning it for long‑horizon coding projects, multi‑tool coordination, and large‑context analysis. Preview context windows reaching up to one million tokens are designed to accommodate extensive documents and codebases, with guidance to validate latency, cost, and data‑governance needs before production adoption.

AWS also expanded AI infrastructure in the Middle East with EC2 G6e instances in the UAE Region, enabling up to eight NVIDIA L40S GPUs per instance to support LLM deployment, diffusion‑model training, and spatial computing workloads closer to regional data. For virtual desktops, new WorkSpaces Graphics G6, Gr6, and G6f bundles add flexible GPU and memory profiles, including fractional GPU options to match cost and performance to design, rendering, and ML tasks.

On the developer side, Google’s Agent Factory demo showcased Gemini 3‑based multimodal app creation, SOP‑driven "AI employees" launched via CLI, and automated refactoring with Antigravity to speed agent iteration from idea to deployment. Complementing this, Microsoft researchers described a lightweight scanner for hidden model backdoors that uses forward passes to spot poisoning signatures; CSO notes it should be an added layer in AI supply‑chain defenses, not a standalone control.

Advisories: ICS Risks And Automation Fixes

CISA warned about multiple critical flaws in Ilevia EVE X1 Server (≤ 4.7.18.0), including pre‑auth file disclosure, several unauthenticated OS command injections, plaintext credential logging, and sudoers misconfiguration (many CVSS 9.8). Exploitation could yield credential theft and full system compromise; CISA notes the vendor declined to service several issues and advises closing TCP/8080, updating to the latest manager, replacing defaults, segmenting networks, and monitoring for unauthorized access.

Hitachi Energy reported that XMC20 and FOX61x devices using remote RADIUS authentication are exposed to a critical protocol‑level weakness (CVE‑2024‑3596). Fixes land in R18 releases, with CISA republishing the advisories to increase visibility for XMC20 and FOX61x, recommending upgrades and enabling the RADIUS Message‑Authenticator option to enforce integrity.

Mitsubishi Electric’s MELSEC iQ‑R Series R08/16/32/120PCPU firmware ≤ 48 is affected by a critical packet‑triggered flaw (CVE‑2025‑15080) that can enable information disclosure, tampering, and denial of service over proprietary protocol/SLMP. CISA points to firmware 49+ as the remediation and reiterates network isolation and firewalling until updates are applied.

In workflow automation, maintainers fixed CVE‑2026‑25049, a high‑severity sandbox escape in n8n that allowed arbitrary host command execution via malicious expressions and public webhooks. Patches are available in 1.123.17 and 2.5.2; administrators should restrict who can create/edit workflows and harden deployments if immediate patching is not possible.

To aid detection, Kaspersky released SIEM rules for FortiCloud SSO abuse tied to CVE‑2025‑59718/59719 and CVE‑2026‑24858 across Fortinet platforms, advising retrospective hunts, event normalization, and exception tuning to reduce false positives.

Global Espionage And Edge Interception

Unit 42 detailed a state‑aligned cluster (TGR‑STA‑1030/UNC6619) active since at least January 2024, with compromises across about 70 organizations in 37 countries and reconnaissance touching 155 countries in late 2025. Targets include ministries, law enforcement, telecoms, and senior officials. Operations combine targeted phishing, exploitation of N‑day vulnerabilities, and a broad toolset—Cobalt Strike, Go‑based C2s (VShell, Sliver), Havoc, SparkRat, tunneling utilities, and web shells. The team also found ShadowGuard, a custom Linux eBPF kernel backdoor that hides processes and files via syscall interception, complicating detection and forensics. Unit 42 shared extensive IoCs and urges deploying indicators and monitoring for described behaviors.

Cisco’s Talos uncovered DKnife, a multi‑component gateway‑monitoring and adversary‑in‑the‑middle framework for 64‑bit Linux edge devices and routers. The toolkit performs TLS termination, DPI, DNS manipulation, credential harvesting, download hijacking via HTTP interception, and P2P overlay networking for reachability. Observed payloads include ShadowPad and DarkNimbus, with indicators pointing to a China‑nexus operator. Talos provides IoCs and recommends hardening routers and update/DNS handling paths.

DDoS Records And Rapid Exploit Campaigns

Cloudflare reported a 121% surge in DDoS attacks in 2025 (47.1 million mitigations), capped by a 31.4 Tbps incident that lasted 35 seconds. Q4 saw hyper‑volumetric campaigns and a shift toward network‑layer attacks representing 78% of mitigations, with telecommunications and service providers most targeted. The report underscores autonomous mitigation, threat feed sharing, and the need to reassess defense strategies as attack sizes grow.

Datadog Security Labs observed mass traffic hijacking after disclosure of the critical React2Shell bug (CVE‑2025‑55182), with actors injecting malicious NGINX directives to proxy traffic to attacker infrastructure and targeting management panels and selected TLDs. React2Shell exploitation featured scripted enumeration, Baota panel overwrites, and persistence via crafted location blocks, with telemetry indicating both cryptomining and interactive access payloads.

Check Point documented rapid weaponization of CVE‑2025‑8088 in the Windows build of WinRAR, with tailored phishing lures against Southeast Asian government and law‑enforcement entities and the use of the Havoc framework for C2. Infosecurity notes archive‑based delivery hosted on legitimate cloud services and geofenced infrastructure to limit detection.

Finally, a targeted supply‑chain compromise funneled a backdoored Notepad++ binary to select users via trojanized update paths. Schneier reports persistence on the provider’s infrastructure enabled selective redirection until December; users should upgrade to at least version 8.9.1 and audit update systems and credentials. The episode highlights the systemic risk of compromised update channels and the need for robust verification.