Agentic AI Controls Lead; Oracle Patch, Trivy Breach, Botnet Takedown

New platform controls and security tooling led the day, with Microsoft detailing an end-to-end approach to governing agentic AI through Agent 365. On the patch front, Oracle issued an out-of-band fix for a critical flaw in Identity Manager and Web Services Manager, highlighted by BleepingComputer. Supply-chain risk remained elevated as CrowdStrike unpacked how a compromised Trivy release and hijacked GitHub Action tags were used to steal CI/CD secrets at scale.

Platform Defenses Roll Out

AWS raised availability and scale guarantees for Kubernetes control planes, with AWS EKS now offering a 99.99% SLA for Provisioned Control Plane clusters and an 8XL tier that doubles API server throughput over the 4XL option. The move targets ultra-scale and latency-sensitive workloads, giving operators clearer capacity headroom and a more granular SLA metric window. Google added safety friction to Android sideloading via Advanced Flow, an enrollment process that introduces verification steps and intentional delays to blunt social-engineering pressure while preserving options for experienced users.

On the AI defense research side, Microsoft published CTI-REALM, an open benchmark that evaluates AI agents on the full journey from narrative threat intel to working detections validated against ground-truth telemetry. The results highlight where agents succeed—such as Linux endpoint scenarios—and where complexity in cloud and container contexts still demands stronger tooling and human review. Why it matters: objective, end-to-end scoring helps security teams assess whether an AI assistant truly improves detection coverage before operational deployment.

Advisories and Fast-Track Patching

Oracle released an out-of-cycle fix for a critical, unauthenticated remote code execution issue affecting Identity Manager and Web Services Manager on supported 12.2.1.4.0 and 14.1.2.1.0 releases. The vulnerability is remotely exploitable over HTTP without user interaction, raising risk for internet-exposed management endpoints. Administrators are urged to test and deploy the update promptly, verify support status, and restrict management interfaces while patching proceeds.

Cisco customers face a separate management-plane risk in Secure Firewall Management Center: active exploitation prompted a federal directive to remediate on an accelerated timeline, per BleepingComputer. With no viable workarounds and reports of ransomware actors abusing the flaw pre-patch, isolating appliances and tightening access controls remain critical until updates are applied. Meanwhile, organizations running the open-source Langflow framework should address a critical RCE that moved from disclosure to exploitation in roughly 20 hours; The Hacker News details scanning, credential harvesting, and rapid hands-on activity observed in the wild. Immediate actions include updating to fixed builds, rotating keys and environment secrets, placing instances behind authenticated gateways, and monitoring for outbound callbacks.

Supply Chain Compromise and npm Fallout

Investigators analyzing the Trivy incident report that attackers obtained write access to multiple repositories, force-pushed release tags, and shipped a malicious Trivy binary that launched the legitimate scanner alongside a credential stealer. According to CrowdStrike, the altered GitHub Action entrypoint scraped runner memory, filesystems, and environment variables for secrets; exfiltration used a typosquatted domain with a fallback that created a public repository to stash encrypted bundles. Recommended steps include pinning Actions to commit SHAs, rotating all CI/CD and cloud credentials, auditing runners like production hosts, and reverting to known-good versions.

Follow-on activity is spreading through the JavaScript ecosystem. Researchers tracked a self-spreading npm campaign dubbed CanisterWorm that abuses stolen tokens and a decentralized canister as a payload dead drop; persistence is implemented via a user-level systemd service masquerading as PostgreSQL tooling. The Hacker News reports dozens of affected packages and an evolution from manual propagation to automated token harvesting and mass updates. Defenders should revoke compromised tokens, excise the malicious service, and roll back impacted packages across developer and CI environments.

Disruptions and Social Engineering

Law enforcement disrupted command-and-control infrastructure behind four Mirai-style IoT botnets—Aisuru, Kimwolf, JackSkid, and Mossad—linked to record-breaking DDoS volumes. The multinational action, described by The Hacker News, targeted infrastructure used to direct an estimated three million infected devices, with private-sector partners assisting takedowns and mitigation. The takedown aims to reduce immediate attack capacity and constrain criminal DDoS-for-hire operations.

Separately, the FBI tied large-scale phishing against encrypted messaging apps—particularly Signal—to actors associated with Russian intelligence services. The campaigns exploit social engineering, not cryptographic weaknesses: victims are induced to share verification codes or scan attacker-controlled QR codes to link unauthorized devices. BleepingComputer notes thousands of accounts affected, with a focus on high-value targets such as officials, journalists, and military personnel. Guidance emphasizes never sharing verification codes, rejecting unsolicited device-link prompts, and reviewing linked devices in app settings.