Cloud AI Defenses Expand as Exploits Hit Routers and ICS
Coverage: 07 Apr 2026 (UTC)
< view all daily briefs >Cloud providers emphasized controlled rollouts of powerful security capabilities while researchers detailed active exploitation and state-backed campaigns against edge devices. Amazon is making Claude Mythos Preview available under Project Glasswing via Amazon Bedrock to a restricted allow-list, aiming to accelerate defensive workflows under tight governance.
AI defenses and model governance take shape
AWS outlined a production-first strategy to apply advanced AI and automation across large-scale infrastructure in its security program, highlighting early results from Project Glasswing and the use of formal methods to reduce hallucinations. The post also promotes AWS Security Agent for autonomous vuln validation and stresses enterprise controls in Bedrock, Nitro isolation, and ecosystem standards. See the approach in AWS Security. The thread is clear: adopt layered controls, strengthen observability, and test AI tooling in controlled environments.
Google Cloud is also brokering access to the same model, announcing Claude Mythos Preview in Private Preview on Vertex AI. The collaboration underscores a governance-forward posture: evaluate high-performance capabilities against corporate risk and compliance, with platform monitoring and deployment workflows framing adoption.
Network controls and data access in the cloud
To tighten application-layer egress, Google Cloud enhanced its Enterprise firewall with domain-based URL filtering and SNI inspection so policies can key on domain identity without full TLS decryption. The model supports limited wildcards to simplify management and closes gaps left by IP/FQDN rules on shared infrastructure. Configuration follows organization-level endpoints, security profile groups, and policy attachment; details are in Cloud NGFW. Why it matters: controlling domains directly reduces evasion via ephemeral IPs and shared CDNs.
AWS introduced S3 Files, exposing S3 data through a shared, fully featured file-system interface to thousands of compute resources simultaneously. Built on Amazon EFS, it translates file operations into optimized S3 requests and caches hot data for low-latency reads, preserving S3 controls and auditing. The capability is positioned to unify object and file workflows; teams should validate IAM, encryption, and monitoring as they adopt S3 Files.
Advisories and active exploits
Fortinet issued an emergency hotfix for a critical authentication-bypass in FortiClient EMS (CVE-2026-35616), with exploitation observed and a full patch slated for version 7.4.7. Affected on‑prem EMS versions are 7.4.5 and 7.4.6; FortiClient Cloud and FortiSASE are patched server-side. Administrators should apply the interim fix, review API logs, and rebuild from known-good backups if compromise is suspected. Coverage: CSO.
A high-severity flaw in Docker Engine (CVE-2026-34040) allows bypass of authorization plugins via oversized requests that reach the daemon with an empty body seen by the plugin. The attack can create privileged containers mounting the host filesystem. Apply Docker 29.3.1 and restrict API access; summary from The Hacker News. Separately, a CVSS 10.0 code injection in Flowise (CVE-2025-59528) is under active exploitation against internet-exposed instances; upgrade to v3.0.6, rotate tokens, and assume full compromise for response steps; details via The Hacker News. For AI agent runtimes, Unit 42 showed how recursive DNS in Bedrock AgentCore’s sandbox enables tunneling and how MMDSv1 regressions can ease credential retrieval; AWS has set MMDSv2 as default for new runtimes and provided a path to disable v1. Treat sandboxes as boundaries, not hard walls; prefer VPC mode with DNS egress controls and enforce least-privilege IAM. In operational technology, a joint CISA advisory details Iranian‑affiliated actors exploiting internet-exposed PLCs (notably Rockwell/Allen‑Bradley), altering logic and HMI/SCADA displays and causing disruptions. Immediate steps: remove direct internet exposure, enforce MFA and access controls, lock device mode switches, patch firmware, and maintain secure offline backups.
Router hijacks enable large-scale AiTM
Microsoft attributes widespread DNS hijacking through compromised SOHO routers to the GRU-linked actor Forest Blizzard (Storm‑2754), enabling adversary‑in‑the‑middle operations against Microsoft 365/Outlook on the web domains and other targets. The actor consolidated DNS collection via modified resolver settings, selectively presenting invalid TLS certificates to capture tokens and plaintext when users ignored warnings. Microsoft telemetry tallied over 200 impacted organizations and more than 5,000 consumer devices. Guidance: avoid consumer-grade routers in corporate networks, centralize identity with strong MFA and Conditional Access, and hunt for modified resolver settings and anomalous sign-ins; see Microsoft. Why it matters: underpatched edge devices offer low-friction pivots into enterprise identity and email flows.