Supply-Chain Breaches And Active Exploits Amid New Cloud Controls

Cloud and AI governance took a step forward as Amazon introduced organization-wide safety enforcement for foundation models via Bedrock, while incident response teams continued to confront fallout from large-scale supply-chain compromises, including CERT‑EU’s linkage of the Europa.eu breach to a Trivy tampering campaign documented by CSO. Emergency fixes also landed for actively exploited enterprise tooling, and browser teams shipped another zero‑day patch under active attack.

Platform controls scale across clouds

AWS expanded centralized safety management for generative AI with cross‑account safeguards in Amazon Bedrock Guardrails. With organization‑level policies that apply to model invocations across accounts, administrators can combine baseline protections with account‑ and app‑specific guardrails; during inference the union is enforced. The approach aims to reduce per‑account toil and standardize governance. In observability, AWS added native PromQL analysis to CloudWatch through Query Studio, enabling teams to run PromQL and Metric Insights side by side against AWS‑vended and OpenTelemetry metrics, visualize results, and promote queries to alarms or dashboards directly in the console. Details are in CloudWatch.

On the networking and AI runtime side, Google outlined how Envoy can act as an enforcement layer for agentic AI. The post describes protocol parsing for MCP and agent‑to‑agent flows, extraction of policy attributes for RBAC and ext_authz, stateful session handling for streamable HTTP, and deployment patterns (passthrough vs aggregating gateways) to centralize tool‑ and method‑level policy. It previews OpenAI API transcoding and investments in quota, telemetry, and guardrails, emphasizing control planes for scalable rollout via xDS.

Generative media tooling also broadened. Google introduced Veo 3.1 tiers—including a cost‑focused Lite model—and a standalone upscaler in preview that can enhance videos to 1080p/4K from Veo outputs, other models, or camera footage. Separately, Cloudflare positioned EmDash as an open‑source, security‑first CMS alternative built around isolated runtimes and least‑privilege design, though analysts expect near‑term enterprise migration hurdles due to content models and ecosystem maturity.

Advisories and patches under pressure

Fortinet released an out‑of‑band fix for CVE‑2026‑35616 in FortiClient EMS after confirming active exploitation of a pre‑authentication API access bypass that can lead to unauthorized command execution. Hotfixes are available for affected 7.4.x releases, with guidance to apply immediately, inventory and restrict external access to exposed EMS instances, and monitor for compromise indicators. Coverage is in BleepingComputer.

Google addressed the fourth Chrome zero‑day of the year, CVE‑2026‑5281 in the WebGPU implementation Dawn, which allowed code execution from a compromised renderer via crafted HTML content. The fix shipped in Chrome 146.0.7680.178, with urgency emphasized given confirmed exploitation. More details via CSO. Why it matters: quick patch adoption and reinforced browser process isolation reduce exposure to active web‑exploitation chains.

Software supply chains face broad exploitation

Axios npm maintainers and responders detailed a March 31 compromise in which two malicious versions briefly introduced a fake dependency that executed platform‑specific remote‑access payloads on macOS, Windows, and Linux. Talos reports the packages contacted actor infrastructure to fetch implants with credential theft and remote management capabilities; credentials on affected systems should be treated as compromised, with rollbacks to known‑good releases advised, and IoCs published for detection. Given Axios’ distribution, downstream impact can propagate through transitive dependencies.

Separately, attackers are automating exploitation of the Next.js React2Shell flaw (CVE‑2025‑55182) to harvest secrets at scale. Cisco Talos observed multi‑stage scripts that sweep environment variables, SSH keys, cloud tokens, and other sensitive artifacts, exfiltrating data in chunks to a dashboarded backend; within a day, at least 766 hosts were compromised. Reporting by CSO notes the campaign’s industrialized framework and recommends immediate patching, rotation of exposed credentials, hardening of cloud metadata access (e.g., IMDSv2), and strict least‑privilege for containers and roles. Why it matters: harvested secrets enable persistence and lateral movement long after a code patch.

High‑impact intrusions and espionage

CERT‑EU tied the Europa.eu platform breach to a manipulated Trivy distribution, leading to exfiltration of roughly 350 GB of data, including personal information and web assets. Investigators reported use of a compromised AWS secret to attach a new access key to an existing user and found reconnaissance but no confirmed lateral movement to other Commission AWS accounts. Mitigations include updating to safe Trivy builds, rotating cloud credentials, auditing CI/CD pipelines, and pinning GitHub Actions to immutable SHAs. The data later appeared on a ShinyHunters leak site, according to CSO.

In parallel, a China‑linked cluster tracked as TA416 resumed espionage targeting European diplomatic entities, using OAuth‑based phishing, cloud storage to host payloads, MSBuild/CSPROJ delivery, and DLL side‑loading to deploy PlugX. The activity, attributed by researchers at Proofpoint, reflects identity‑centric, persistent tradecraft focused on long‑term collection, with techniques shifting across regions in late 2025 and early 2026.

In crypto, Solana‑based exchange Drift reported a $285 million loss following a social‑engineering led takeover of protocol permissions that leveraged pre‑signed durable nonce transactions and a fabricated token used as inflated collateral to drain funds. Forensic partners linked behaviors to DPRK‑associated operators. See The Hacker News for technical sequencing and remediation efforts. Separately, telehealth firm Hims & Hers disclosed unauthorized access to certain Zendesk support tickets between February 4–7; exposed data may include names, contact info, and ticket content, but not medical records or doctor communications, per BleepingComputer. The company is offering credit monitoring and advising vigilance against phishing.