Critical ICS Flaw, Cloud Agent Upgrades, and Patch Priorities

A critical control-system exposure led today’s risk picture, as an advisory from CISA warned that Honeywell IQ4x building controllers can be fully administered without authentication in default configurations. On the prevention side, AWS moved to consolidate visibility beyond its own cloud, with Security Hub expanding toward a unified multicloud security operations layer. Vendors also rolled out agent-runtime features and stronger dashboards, while researchers detailed new attack techniques and active threat activity that inform near‑term defenses.

OT exposures and patch priorities

CISA detailed multiple critical issues in Lantronix EDS3000PS and EDS5000 devices, including OS command injection and an authentication bypass that can enable unauthenticated root‑level command execution. Firmware updates are available, and the advisory emphasizes treating these as high priority due to the potential for full device compromise and lateral movement. See CISA for affected versions and mitigations.

The Honeywell IQ4x advisory underscores a distinct risk: factory‑default web HMIs can allow unauthenticated remote actors to create administrative users and assume full control. No patch is available at publication; CISA recommends removing internet exposure, isolating control networks, using secure remote access, and following established ICS hardening guidance. The reported impact spans multiple critical sectors and global deployments, though exploitation was not observed at the time of the notice.

In enterprise IT, Microsoft’s March Patch Tuesday addressed 79 vulnerabilities, including two publicly disclosed zero‑days. Notably, two Critical Office RCE flaws are triggerable via the preview pane, and an Excel information disclosure issue could cause Copilot Agent mode to egress data. Administrators should prioritize Office and Excel fixes alongside standard Windows and .NET updates; see BleepingComputer for the breakdown.

Cloud platforms advance agents and unified operations

AWS added stateful Model Context Protocol features to Amazon Bedrock AgentCore Runtime, enabling server‑initiated elicitation, sampling, and progress updates within isolated microVM sessions identified by a session header. The goal is richer, multi‑turn agent workflows with clearer state handling and isolation; details are in AgentCore Runtime. In parallel, OpenAI moved to integrate adversarial testing into its agent platform via a Promptfoo acquisition that focuses on automated red‑teaming and evaluation for injections, jailbreaks, and data leakage, as reported by Infosecurity.

For public‑sector users, Google Public Sector introduced Agent Designer to let Department of Defense civilian and military personnel build no‑/low‑code AI agents for unclassified workflows on GenAI.mil. Use cases range from drafting and action‑item extraction to project planning and workflow automation. See Agent Designer for examples and adoption context.

Within Europe, AWS reported the first compliance milestone for its independently operated EU‑resident environment, releasing SOC 2 Type 1 and C5 Type 1 attestation reports plus seven ISO certifications across dozens of services. The controls emphasize EU residency, separation from other Regions, and mapped governance requirements; customers can retrieve reports via AWS Artifact. More in Sovereign Cloud.

Customer‑engagement tooling also expanded. Amazon Connect increased catalog scale for AI‑powered recommendations to 40 million items and reported improved model accuracy, with tighter integration into trigger‑based campaigns; see predictive insights. Separately, Connect added conversational analytics for email, including category tagging, configurable PII redaction, and summaries that can drive automation rules; setup and regions are covered under email analytics.

Visibility and forensics get a lift

Cloudflare unveiled a revamped Security Overview with prioritized Security Action Items and a Detection Tools module that flags controls left in log‑only mode. The platform surfaces suspicious activity cards that deep‑link into Security Analytics and enriches findings with traffic and infrastructure context. DNS scanning recently identified over a million dangling records, spotlighting subdomain takeover risk. See Security Overview for design and scale details.

For investigations, Cloudflare expanded Log Explorer by ingesting 14 additional datasets across application, network, Zero Trust, and account scopes to help correlate reconnaissance through exfiltration. Architectural changes reduced query latency and adopted a schema‑first model that positions the tool to accept third‑party structured logs over time. Practical workflows demonstrate how to tie WAF and IDS signals to identity events for full attack‑chain views; see Log Explorer for examples. The intent is to cut mean time to detect with faster, cross‑dataset pivots.

Research and intrusions inform defenses

Research from Palo Alto Networks finds that LLM‑based “AI judges” can be steered by subtle, low‑perplexity token sequences—such as formatting symbols or role markers—to bypass safety filters or skew reward models. The team’s fuzzer uncovered high success rates across model types and shows that using adversarial examples for retraining can sharply reduce attack efficacy. See Unit 42 for techniques and operational recommendations.

Google Cloud’s latest Cloud Threat Horizons analysis highlights a shortened disclosure‑to‑exploitation window and a shift toward third‑party software exploitation as the top initial access vector. The report describes anti‑forensic behaviors and urges automated, identity‑centric controls, strict CI/CD least privilege, and tamper‑resistant logging and backups; see Threat Horizons.

ESET documents renewed Sednit activity centered on paired BeardShell and modified Covenant implants, with cloud‑backed C2 via multiple providers and techniques that echo earlier Sednit tooling. Observed campaigns emphasize resilience by splitting command‑and‑control across services; indicators and ATT&CK mappings are available in the report. Details at ESET.

Separately, a campaign described by SentinelOne shows actors exploiting vulnerabilities or weak credentials in FortiGate devices to persist, relax firewall policies, and harvest Active Directory service‑account credentials from decrypted configs, later attempting exfiltration and lateral movement. Recommended steps include timely patching, MFA on management interfaces, credential rotation, and monitoring for configuration abuse. Summary via The Hacker News.