Cloudflare Sandboxes, AWS Query Templates, and Patch Pressure

Platform hardening took center stage as Cloudflare made Sandboxes generally available for managed, persistent agent compute, and AWS added parameters to CloudWatch Logs Insights saved queries to speed investigations and standardize analysis. Together with guidance on right‑sizing generative AI capacity and regional service expansion, the day leaned toward proactive controls—while active exploitation, new KEV entries, and supply‑chain incidents underscored the urgency to keep patching and governance in step.

Sandboxes and agent safety mature

Cloudflare’s push to make agent workloads safer and more operable comes into focus with Sandboxes now GA, adding persistent, burst‑tolerant environments, PTY terminals, snapshotting, and Active CPU Pricing to keep idle costs down. Building on that, the company introduced dynamic, identity‑aware egress control for these environments via programmable outbound interception, enabling fine‑grained policies and just‑in‑time secret injection so untrusted code never sees raw credentials; the mechanism also supports local TLS inspection using ephemeral keys generated per container. The sandbox auth model centers policies on a workload’s identity and containerId, bringing zero‑trust patterns directly into agent networking.

For stateful, AI‑generated apps that need isolation without sacrificing latency, Cloudflare rolled out Durable Object Facets, which pair Dynamic Workers with per‑app SQLite‑backed stores co‑located with their supervisors. Administrators retain quotas, logging, and billing control while each app gets its own efficient, isolated database. In parallel, a rebuilt CLI surfaced as the new cf command and an accompanying Local Explorer mirrors platform APIs on a developer’s machine—useful for agents and humans to seed data, inspect schemas, and reset state with predictable shapes before deploying. The company’s open betas for Facets and the cf CLI aim to reduce friction across development, testing, and automation while keeping boundaries tight.

Reusable queries and AI capacity planning

AWS added parameters to CloudWatch Logs Insights saved queries so teams can reuse a single template across services, environments, and time ranges instead of maintaining near‑duplicates. Parameterized calls can be composed and automated through the console, CLI, CDK, or SDKs, helping standardize forensic and alert‑validation workflows and reduce operational error. Google published a practical guide to balancing cost and performance for production GenAI, detailing how to combine a high‑priority lane in Pay‑as‑You‑Go, Priority PayGo headers to smooth bursts, and Provisioned Throughput for dedicated capacity and an availability SLA; it also points to asynchronous and flexible options for large, latency‑tolerant jobs. The article walks through sizing, headers, and monitoring needed to right‑size commitments in Vertex AI. Regionally, AWS expanded managed device services to improve locality and residency by bringing AWS IoT Core and Device Management to Israel (Tel Aviv) and Europe (Milan), which can lower latency and transfer costs for regulated and mission‑critical IoT deployments.

Exploited bugs and compressed timelines

A rapid briefing assembled under the Cloud Security Alliance banner argues that Anthropic’s Claude Mythos Preview and related testing represent a structural shift in offensive capability: complex, multi‑stage operations that took humans many hours can be executed far faster by capable models. The CSO analysis, citing testing on ranges and simulated corporate networks, urges CISOs to double down on fundamentals while overhauling governance for faster onboarding of defensive controls. That pressure is visible in the field: a critical, pre‑auth remote code execution flaw in the open‑source Marimo notebook was weaponized within hours of disclosure, with honeypots capturing credential theft in minutes, reinforcing the risk of exposing developer‑convenience endpoints directly to the internet. Details and immediate mitigations are outlined by CSO.

Separately, a critical validation bug in the wolfSSL TLS/SSL library can allow forged certificates to be accepted when digest‑size checks are missing across multiple algorithms; maintainers fixed the issue in 5.9.1 and advise upgrades, especially in builds enabling ECC and EdDSA or ML‑DSA. Given wolfSSL’s footprint in embedded and industrial systems, downstream advisories and firmware updates may follow; see BleepingComputer for context. On the defensive side, CISA added seven entries to the federal Known Exploited Vulnerabilities catalog—spanning legacy insecure library loading to recent prototype pollution in Acrobat—triggering remediation deadlines for federal agencies and signaling high‑priority patch work for others; the update is posted in KEV. Why it matters: exploit timelines are shrinking, so organizations benefit from faster change control, pre‑approved emergency patch playbooks, and clear ownership of internet‑exposed developer tools.

Supply‑chain exposures and data leaks

OpenAI reported that a GitHub Actions workflow for macOS app signing executed a malicious Axios npm release, attributed by outside analysts to a broader campaign; while analysis suggests certificate exfiltration likely did not occur, OpenAI revoked and rotated the credential and stopped notarizations with the old cert. The incident sits alongside a wave of dependency‑poisoning and CI/CD abuse and comes with concrete mitigations around pinning, hardened runners, scoped, short‑lived credentials, and canary tokens; details are in The Hacker News. In a separate analytics breach, an extortion group published internal monitoring and economy metrics allegedly taken from Rockstar environments by abusing third‑party integration tokens; Snowflake said it detected and locked a small number of affected customer accounts tied to that integration. Rockstar described the exposure as limited, with no impact on players or operations; see BleepingComputer.

Across consumer data, Dutch fitness chain Basic‑Fit said personal information for roughly one million members across six countries was exfiltrated, though passwords and identity documents were not impacted; the company notified authorities and affected customers, and has not seen the data posted publicly as of its disclosure. Coverage is available at BleepingComputer. Law enforcement also dismantled the W3LL phishing ecosystem and seized its domain, an operation led by the FBI Atlanta Field Office with Indonesian authorities; investigators link the kit and marketplace to large‑scale credential theft and BEC attempts that persisted even after initial storefront shutdowns. Background and scale estimates are summarized by InfoSecurity. Why it matters: supply‑chain and access‑broker ecosystems amplify reach for both attackers and defenders, making token hygiene, CI isolation, and cross‑border cooperation critical parts of response playbooks.