CISA Flags Critical ICS Flaws as AWS Advances Agentic and…

Industrial control security led the day as a new advisory from CISA detailed two critical 9.8‑CVSS flaws in InSAT MasterSCADA BUK‑TS and urged immediate network-hardening steps. Cloud platforms, meanwhile, advanced agentic AI and observability features, and researchers documented active developer‑focused compromises alongside a high‑profile telecom breach claim and urgent patching needs for enterprise file‑transfer software.

Critical ICS Flaws And Patch Guidance

CISA warned that two vulnerabilities in MasterSCADA BUK‑TS enable remote code execution via SQL injection and OS command injection, with the vendor not participating in coordinated mitigation. While no public exploitation is known at publication time, the advisory emphasizes isolating control networks, reducing Internet exposure, enforcing secure remote access, and monitoring for suspicious activity. In industrial settings, these steps directly reduce the chance of unauthorized process manipulation and unsafe states.

Separately, building and home‑automation ecosystems received targeted fixes. For Schneider Electric’s EcoStruxure Building Operation Workstation/WebStation, CISA relayed vendor patches for an XXE issue (CVE‑2026‑1227) and a TGML code‑generation flaw (CVE‑2026‑1226) that could lead to data disclosure or execution of untrusted code; operators should update to the specified cumulative patches and tighten TGML file handling. In the consumer-automation space, CISA also detailed four high‑to‑critical flaws across Gardyn Home Kit firmware, app, and cloud API—ranging from cleartext secrets to OS command injection—with vendor fixes available; users should update mobile apps and device firmware and verify versions in the app.

Reinforcing patch urgency, CISA added CVE‑2026‑25108, a command‑injection flaw in FileZen OS, to the Known Exploited Vulnerabilities catalog after evidence of active exploitation. Federal agencies must remediate per BOD 22‑01 timelines; all organizations are encouraged to prioritize KEV entries in routine vulnerability management.

Agentic And Observability Capabilities On AWS

The provider introduced server‑side tool execution in Amazon Bedrock via the AgentCore Gateway integrated with the Responses API, allowing models to discover and invoke external tools without client‑side orchestration. AWS handles tool discovery, selection, execution, and result injection—supporting multiple tool calls per turn and streaming responses—while administrators control access through existing gateway and IAM policies. This reduces latency and complexity for workflows such as enterprise data retrieval and controlled backend access; teams should review gateway configurations and permissions for least‑privilege and auditability before enabling.

For AI‑assisted operations, AWS published an Observability “Kiro Power” bundling Model Context Protocol servers for CloudWatch, Application Signals, CloudTrail, and AWS Documentation. The curated package equips Kiro agents with task‑relevant telemetry and guidance to speed incident response, anomaly triage, SLO monitoring, security auditing, and instrumentation gap analysis, with one‑click installation in the Kiro IDE.

In media workflows, AWS announced general availability of AWS Elemental Inference, a managed service that automates vertical video creation and highlight clip assembly in parallel with encoding. The agentic application operates without prompts or human‑in‑the‑loop steps, with reported cost and time savings in beta; organizations should validate selection accuracy and regional availability against editorial and compliance requirements.

Compute Capacity And Developer Platforms

Compute options expanded with new regional availability. General‑purpose EC2 M8a instances based on 5th‑gen AMD EPYC are now in Europe (Frankfurt), with AWS citing up to 30% higher compute performance versus M7a and 45% greater memory bandwidth; the family includes 12 sizes and SAP certification. AWS recommends benchmarking representative workloads to validate gains. For compute‑optimized use cases, EC2 C8i and C8i‑flex launched in Asia Pacific (Malaysia) and South America (São Paulo), offering price‑performance and memory‑bandwidth improvements over prior Intel‑based generations, with sizes ranging from large to 96xlarge and two bare‑metal options; customers can procure capacity via standard purchasing models and should confirm region‑specific limits. Details are on AWS.

On the edge and developer tooling front, Cloudflare introduced vinext, a Vite‑based reimplementation of the Next.js API surface created with extensive AI assistance. According to Cloudflare, vinext targets Workers deployment, reports faster builds and smaller bundles than Next.js 16 on a test fixture, and ships with a large automated test suite; known limitations are documented in the project README.

In enterprise networking, Palo Alto Networks, ServiceNow, and Bell Canada outlined a joint application to automate Prisma SASE lifecycle management. The Palo Alto Networks post highlights Day 0–N automation, incident synchronization within ServiceNow, and multi‑tenant scaling for MSPs via Service Bridge, aiming to cut deployment times and reduce operational overhead.

Developer-Focused Threats And Active Exploitation

Microsoft detailed a coordinated campaign that seeds malicious code into repositories posing as Next.js projects and technical assessments. The Microsoft research describes three execution paths—VS Code workspace automation, trojanized development assets, and backend modules—that converge on in‑memory JavaScript loaders, staging on Vercel, and long‑lived controller loops. The activity threatens source code, environment secrets, and build/deployment systems; defenders should monitor for unusual Node.js execution, frequent polling to suspicious endpoints, and staged upload patterns.

Supply‑chain risk also surfaced in a live npm worm campaign dubbed SANDWORM_MODE. CSO reports typosquatted packages targeting developer environments, CI pipelines, and AI coding tools, with payloads harvesting tokens and secrets and propagating via GitHub Actions. Recommended defenses include short‑lived scoped tokens, mandatory 2FA for publishing, trusted publishing from CI, and full incident response if affected packages are present.

On patching, BleepingComputer notes SolarWinds released Serv‑U 15.5.4 to fix four critical issues, including CVE‑2025‑40538, that can be chained to achieve code execution as root/Administrator. Although exploitation requires elevated privileges, Internet‑exposed MFT servers warrant prompt updates and audits of admin accounts and access logs.

Separately, the ShinyHunters group claimed a breach at Dutch telecom Odido. According to BleepingComputer, Odido said certain sensitive items (for example, passwords, call details, billing files) were not exposed, while other data elements may vary by customer; the company reported the incident to regulators and engaged external responders as investigations continue.

Model‑extraction risks also featured: The Hacker News reports Anthropic identified over 16 million Claude exchanges linked to distillation efforts by three China‑based AI firms using thousands of fraudulent accounts, prompting new traffic classifiers, strengthened verification, and output‑level safeguards. The company warned that illicitly distilled models may lack safety protections.