Platform Governance, Quantum-Safe PKI, Urgent Fixes, and APT Ops

Enterprises saw fresh defenses land across core platforms. Google introduced Eventarc Advanced to separate governance from processing in event-driven systems, and Chrome outlined a multi‑phase move toward quantum‑safe web trust on the Google Blog. Elsewhere, operators moved closer to cryptographically validated routing paths, while administrators faced urgent fixes spanning an AI agent gateway, core routers, and Ivanti appliances, alongside reporting on an air‑gap–bypassing operation.

Event systems and APIs under stronger governance

Google positions Eventarc Advanced as a “centralized policy, distributed logic” pattern: a managed bus enforces source integrity, fine‑grained access, and content‑based policies, while team‑owned pipelines handle schema‑aware processing, conversions, and retries. The model integrates with VPC Service Controls and requires standard attributes (including a data_sensitivity extension), restoring autonomy without losing oversight for platform teams. Pipelines can also orchestrate agentic workflows and construct full legacy API requests, reducing glue code and increasing observability for platform operators.

To tame API sprawl and prepare interfaces for agent workflows, Google rolled out an integration between API Gateway and a centralized catalog in API Hub. Gateways now auto‑discover and sync specs into a single repository for governance and discovery, while a public‑preview “specification boost” add‑on produces enriched drafts with behavioral examples and tighter validation to curb agent hallucinations. Drafts sit alongside originals for controlled adoption, helping platform teams improve policy enforcement and developer usability without constraining gateway choice.

Quantum‑safe web trust and path validation

Chrome’s plan to deploy Merkle Tree Certificates (MTCs) targets quantum‑resistant HTTPS without the latency and bandwidth penalties of traditional chains. The program progresses from feasibility testing to public MTCs and a dedicated Chrome Quantum‑resistant Root Store, with an emphasis on risk‑managed transition and operational modernization (e.g., ACME‑only issuance, reproducible DCV, externally verifiable monitoring). The approach decouples cryptographic strength from handshake size and preserves auditability via public trees, improving resilience as the ecosystem migrates.

On Internet routing, Cloudflare detailed how ASPA expands RPKI from origin validation to path validation by publishing authorized provider relationships; validators can then flag leaks when AS paths violate valley‑free expectations. Operators can begin creating ASPA objects now, but accuracy and maintenance are critical to avoid unintended drops as enforcement grows. Radar visualizations in Cloudflare help track deployment and upstream authorization over time. Why it matters: combining quantum‑ready certificates with path validation reduces systemic risk in both application and routing layers.

Advisories and urgent fixes

A critical “ClawJacked” flaw in self‑hosted OpenClaw allowed malicious websites to silently brute‑force the local gateway, auto‑register as a trusted device, and escalate to full administrative control. The issue exploited browsers’ permissive localhost WebSocket behavior and missing rate limits. A patch arrived within 24 hours; administrators should update to the February 26 build and audit for unauthorized devices, per BleepingComputer. Why it matters: agent runtimes often hold persistent credentials and broad access; local trust assumptions require explicit controls.

In core networking, a privilege‑escalation bug in Juniper PTX routers running Junos OS Evolved lets unauthenticated attackers execute code as root via an anomaly‑detection component reachable over the network. Juniper recommends installing 25.4R1‑S1‑EVO (with more releases forthcoming) or restricting access and disabling the affected service until patching, according to CSO Online. Why it matters: core routing gear sits on high‑impact vantage points and can be challenging to patch quickly.

CISA’s latest analysis of RESURGE on Ivanti Connect Secure shows a passive, TLS‑authenticated backdoor that can lie dormant until a specific inbound connection appears. The implant hooks web process accept() calls, verifies a CRC32‑based fingerprint, and then establishes mutual TLS with a hard‑coded EC CA key. Supporting components tamper with logs and enable firmware manipulation. Updated IoCs and hashes are available via BleepingComputer; administrators should hunt for dormant infections and remove them. Why it matters: passive implants can evade routine monitoring and persist across reboots.

Operations, control, and enforcement

Zscaler attributed a multi‑stage campaign (“Ruby Jumper”) to APT37/ScarCruft that uses crafted LNK files, in‑memory loaders, and Zoho WorkDrive for C2, then weaponizes USB media to reach air‑gapped hosts. Modules enable command execution, surveillance, and bidirectional data transfer between isolated and online systems. Details are summarized by The Hacker News. Separately, more than 900 Sangoma FreePBX instances remain web‑shell‑compromised via CVE‑2025‑64328; defenders should apply the fixed release, restrict Admin CP access, and investigate for persistence, per BleepingComputer. Why it matters: removable media and abused cloud services continue to bridge segmentation, while exposed admin surfaces keep yielding durable footholds.

On policy, the Pentagon designated Anthropic a supply‑chain risk after stalled negotiations over the use of Claude in military contexts; federal agencies were ordered to phase out Anthropic technology, and contractors were told to cease commercial activity immediately. Anthropic called the designation legally unsound. The dispute, reported by The Hacker News, underscores tension between procurement aims and AI safety commitments. In parallel, an essay by Schneier analyzes Iran’s two‑tiered connectivity strategy that enables selective shutdowns while preserving privileged access, and a Check Point brief outlines Iran’s blended state, proxy, and hacktivist ecosystem. Together, these pieces show how technical controls and doctrine shape both offensive activity and civic space.