Cloud AI Expands as Governance Tightens and Zero-Days Bite
Coverage: 18 Mar 2026 (UTC)
< view all daily briefs >Cloud platforms broadened AI and data capabilities while governance controls and urgent security fixes shared the spotlight. AWS Bedrock added GLM 5 and Minimax M2.5 to power long‑horizon, agentic workflows, and Nemotron 3 Super brought an open Mixture‑of‑Experts model into the same serverless surface. On the data side, Valkey 9.0 reached GA on Google Cloud Memorystore for higher‑throughput caching. Against this backdrop, defenders faced a critical, unpatched telnetd flaw and evidence of zero‑day exploitation against enterprise firewalls, underscoring the need to balance new capability rollouts with disciplined patching and monitoring.
Agentic models and search move into managed clouds
Bedrock’s additions emphasize agent‑centric design and operational pragmatism. Nemotron 3 Super, accessible via a managed API, is positioned for multi‑step tasks and complex reasoning with fully open weights and recipes. The service abstracts hosting while preserving options to customize and audit models, helping teams align performance, governance, and cost as they scale agentic patterns. Regional availability applies, so administrators should confirm access and compliance boundaries in their target regions. The new frontier models land alongside GLM 5 and Minimax M2.5, which focus on long‑context reasoning, coding, and token‑efficient task decomposition for autonomous workflows.
Search and observability gained agentic features as well. OpenSearch 3.5 adds persistent conversation memory, automated context management to trim token usage, and a redesigned no‑code agent interface with MCP integration. Its relevance workbench now supports LLM‑powered evaluation, scheduled experiments, and single‑query comparisons that pair agentic queries with summaries for faster validation. The net effect is a more iterative, testable path to deploying agent‑driven search without heavy bespoke tooling.
On Google Cloud, Valkey 9.0 continues the performance arc with IO‑threading improvements, zero‑copy responses, SIMD optimizations, and developer‑oriented features like per‑field hash expirations and polygonal geospatial queries. Customers who validated the engine in preview reported throughput and latency gains across transactional and streaming use cases; production impact will depend on workload shapes and configuration.
Governance, public sector, and data boundaries
CrowdStrike expanded protections for connected systems in government environments. Falcon for XIoT is now available on its FedRAMP High–authorized Falcon Platform for Government, bringing zero‑touch asset discovery, broad protocol coverage, and AI‑assisted risk prioritization to IoT and OT estates. In parallel, new GovCloud additions announced at Fal.Con Gov introduce commitment‑based purchasing, expanded natural‑language tooling, external attack surface management, and behavioral malware analysis designed to accelerate investigations while meeting federal data residency needs. Unifying IT and OT visibility on an authorized architecture aims to reduce blind spots and tool sprawl for agencies operating critical infrastructure.
Regional data control also advanced. Cloudflare’s Custom Regions lets customers define precise boundaries where TLS termination and all Layer‑7 processing occur, while Layer‑3/4 DDoS mitigation remains at the nearest edge. Health‑aware routing, multiple in‑region destinations, and a fail‑close design keep application‑layer processing inside the chosen geography, supporting localization mandates and sector‑specific compliance.
At the configuration and database layers, cloud providers added operational guardrails. AWS Config gained 75 managed rules spanning encryption, logging, isolation, and durability checks across a wide range of services, with organizational deployment supported via conformance packs. On Google Cloud, Cloud SQL autoscaling read pools now adjust replica counts automatically based on real‑time metrics, maintain a stable read endpoint, and support 99.99% SLA for pools with two or more nodes—reducing manual effort and helping balance cost and performance for read‑heavy workloads.
Advisories and patch deadlines
A critical, unpatched vulnerability in the GNU InetUtils telnet daemon (CVE‑2026‑32746) allows pre‑authentication remote code execution as root via crafted LINEMODE SLC suboptions during Telnet negotiation. The Hacker News reports all versions through 2.7 are affected and a fix is expected by April 1, 2026; administrators should disable Telnet, block port 23, and isolate any remaining access while monitoring for unusual connections. Separately, ConnectWise patched a ScreenConnect flaw (CVE‑2026‑3564) where exposure of ASP.NET machine key material could enable session hijacking and privilege escalation; on‑premises customers need to upgrade to version 26.1. BleepingComputer notes the vendor has seen attempts to abuse disclosed keys in the wild and recommends tightening access controls and rotating secrets.
CISA added a Microsoft SharePoint deserialization issue (CVE‑2026‑20963) to the CISA KEV based on active exploitation evidence, requiring FCEB agencies to remediate per BOD 22‑01 and urging all organizations to prioritize fixes and compensating controls. CISA also directed federal agencies to patch a stored XSS in Zimbra Collaboration Suite (CVE‑2025‑66376) that attackers are exploiting, with a two‑week deadline and guidance to review mail filters and access logs; BleepingComputer summarizes the attack path and prior targeting of Zimbra deployments. The common thread is clear: deserialization and client‑side injection bugs continue to provide reliable entry points, making rapid patching and monitoring essential.
Active campaigns: firewalls and iPhones
Amazon Threat Intelligence detailed an Interlock ransomware campaign exploiting CVE‑2026‑20131 in Cisco Secure Firewall Management Center weeks before public disclosure. The AWS Security Blog describes an unauthenticated Java deserialization path to root execution, a toolkit spanning web shells, RATs, and HAProxy‑based laundering, and operational patterns consistent with UTC+3 working hours. Immediate steps include applying Cisco fixes, hunting for the provided indicators, reviewing any ScreenConnect deployments for abuse, and tightening layered defenses during patch windows.
In mobile targeting, Google Threat Intelligence Group analyzed “DarkSword,” a pure‑JavaScript full chain that escalates from Safari to kernel on iOS 18.4–18.7 using six distinct vulnerabilities and deploys multiple final‑stage implants. GTIG reports usage by multiple actors and coordinated with industry partners and Apple on mitigations, with cumulative fixes landing in iOS 26.3. Recommended mitigations include updating devices promptly and enabling Lockdown Mode for high‑risk users. Why it matters: shared exploit chains reused across actors broaden exposure and compress response timelines, elevating the value of rapid patch adoption and threat‑intel‑driven hunting.