Escalations, Identity Abuse, and AI Updates Across Cloud and OS

Privilege escalations on fully patched systems, identity-driven cloud intrusions, and rapid AI capability gains shaped the day’s security landscape. Alongside active malware and supply‑chain activity, law enforcement reported large‑scale disruption of fraud infrastructure in MENA. Cloud vendors also rolled out updates spanning streaming AI, data lakes, and GPU capacity planning, while UK financial authorities set expectations for managing frontier‑AI cyber risks.

Privilege Escalations and Patch Headaches on Windows and Linux

A new proof‑of‑concept for Windows privilege escalation dubbed MiniPlasma exploit targets the Cloud Files Mini Filter Driver (cldflt.sys) in the HsmOsBlockPlaceholderAccess routine to race into SYSTEM on fully patched systems. Originally reported in 2020 and believed addressed as CVE‑2020‑17103, the underlying issue persists and was adapted into a working PoC by Chaotic Eclipse; independent validation indicates reliable elevation on Windows 11 with May 2026 updates, though not on the latest Canary build. Microsoft previously patched a related flaw in the same component in December 2025 (CVE‑2025‑62221) after exploitation in the wild. Because the weakness sits in a core driver, broad version exposure is plausible, with exploit reliability influenced by timing and environment.

A separate Windows issue, YellowKey BitLocker, enables disk decryption on default Windows 11 deployments that rely solely on TPM‑protected keys. The researcher released working code, elevating urgency despite the need for physical access. Recommended mitigations include shifting to TPM+PIN or pre‑boot authentication, tightening physical controls, rotating recovery keys, and preparing response procedures while awaiting official vendor guidance.

On Linux, researchers published a PoC for DirtyDecrypt (CVE‑2026‑31635), a local root escalation in the rxgk module when kernels are built with CONFIG_RXGK. Upstream patches landed on April 25; practical exposure centers on distributions tracking mainline closely (e.g., Fedora, Arch, openSUSE Tumbleweed). Admins should prioritize kernel updates; interim mitigations that block related modules can disrupt IPsec and AFS. The flaw joins a series of recent pagecache/CBC‑related escalations, some already under active exploitation.

Complicating remediation at scale, Microsoft’s May Security Update is failing for some devices due to low free space on the EFI System Partition, often rolling back at ~35–36% during reboot. While registry workarounds exist, experts recommend cautious pilot testing and, longer term, resizing boot/recovery partitions (around 1.5GB) and adding ESP health checks to fleet hygiene to prevent repeated update failures.

Cloud Intrusions Center on Identity and the Control Plane

Microsoft detailed how the actor Storm‑2949 turned initial identity compromise into a cloud‑wide breach by abusing legitimate management features rather than malware. According to Microsoft blog, the campaign used social‑engineering consistent with SSPR abuse to gain MFA approvals, reset credentials, and enroll attacker authenticators for persistence in Entra ID. The intruder then enumerated directories via Microsoft Graph, exfiltrated data from Microsoft 365 (OneDrive, SharePoint), and leveraged management‑plane operations—such as retrieving App Service publishing profiles, accessing Kudu consoles, and manipulating Key Vault, SQL firewall rules, and storage settings—to laterally move and extract secrets at scale. Microsoft’s guidance emphasizes phishing‑resistant MFA, least‑privilege RBAC for users and service principals, tight auditing of management‑plane APIs, rapid rotation of keys and secrets, and behavior‑based detection across endpoints, identities, and cloud resources. Immediate actions include revoking compromised credentials, restricting publishing profiles, and reviewing recent control‑plane activity.

Supply Chain, Malware, and Law Enforcement Disruption

Researchers reported a fresh npm campaign reusing leaked Shai‑Hulud source code to deliver stealer and botnet functionality. OXsecurity found that packages published by deadcode09284814—including chalk-tempalte, @deadcode09284814/axios-util, axois-utils, and color-style-utils—exfiltrate credentials, cloud configs, wallets, and account data, with axois-utils also enabling DDoS attacks. The four packages drew a combined 2,678 downloads before takedown. Organizations should remove affected modules, rotate credentials, and audit publishing accounts and repos, per the BleepingComputer report.

On macOS, SentinelOne tracked a SHub variant dubbed Reaper that pivots from Terminal‑based lures to the applescript:// URL scheme, triggering Script Editor to run a preloaded malicious AppleScript. The campaign uses spoofed sites and fake installers for popular apps, displays a counterfeit Apple security update to harvest passwords, and deploys a Filegrabber to target browser stores, crypto wallets, password managers, iCloud/Telegram artifacts, and documents. Persistence comes via a LaunchAgent masquerading as a Google updater, with exfiltration to a Telegram bot. Indicators and detection tips appear in the BleepingComputer article.

INTERPOL’s Operation Ramz combined 13 MENA countries and private‑sector partners to target phishing, malware, and online fraud infrastructure. The action resulted in more than 200 arrests, identification of 382 additional suspects, seizure of 53 servers, and confirmation of at least 3,867 victims after analysis of nearly 8,000 intelligence packages. Highlights included securing compromised devices in Qatar, dismantling a trafficked‑labor investment scam in Jordan, disabling a sensitive data‑holding server in Oman, and tearing down a phishing‑as‑a‑service platform in Algeria. Details are in the BleepingComputer coverage.

Separately, Grafana Labs disclosed a source‑code theft via a stolen GitHub token. The extortion group CoinbaseCartel claimed responsibility, but no customer or personal data exposure is currently evidenced. Grafana invalidated credentials, declined to pay, and plans a full report after investigation. While customer systems were not affected, source‑code exposure can elevate supply‑chain and targeted risks; customers should monitor advisories, rotate credentials, enforce MFA, and scan for secrets, per the BleepingComputer report.

AI Capabilities, Policy, and Cloud Platforms

Google unveiled streaming AI releases under its Agentic Data Cloud at Next ’26, integrating ingestion and serving across Pub/Sub, Dataflow, Kafka, BigQuery, and Bigtable. Key launches include Pub/Sub AI Inference SMT (GA) for inline model calls, Pub/Sub→Bigtable subscriptions (Preview), and BigQuery continuous queries (Preview) supporting JOINs, windowing, and generative functions like AI.GENERATE_TEXT. Dataflow gains agentic support via the ADK and RunInference, with unified embedding sinks to reduce context lag. The aim is low‑latency detection and response for use cases from fraud to recommendations, as described in the Google blog.

Amazon added in‑place schema and partition evolution for Apache Iceberg in Redshift via the auto‑mounted awsdatacatalog, enabling ADD/DROP/ALTER/Rename columns, table properties, and partition fields without table recreation. Interoperability with EMR and Athena is preserved, and Lake Formation permissions apply. Availability spans all Redshift regions, with guidance in the AWS post.

For ML teams, SageMaker Studio IDEs (JupyterLab and Code Editor) now support GPU capacity reservations through Flexible Training Plans, providing predictable access and up to 65% savings versus On‑Demand. Plans are self‑serve, selectable at app creation, and include expiration notifications to reduce disruption. Details are in the AWS announcement.

Regulators and researchers are also signaling shifting risk. UK financial authorities (the UK government, FCA, and Bank of England) urged firms to manage cybersecurity risks from frontier AI—citing current model capabilities that can exceed skilled practitioners in speed and scale—and laid out actions across governance, vulnerability management, third‑party risk, and AI‑enabled defenses, per the Infosecurity report. Complementing that, the UK AI Security Institute published benchmarks showing accelerated gains in multi‑stage, end‑to‑end offensive capabilities, with task difficulty doubling intervals shrinking, as summarized in CSO’s coverage. Together, the signals underscore the need to align defensive automation, identity governance, and cloud controls with the speed and scope of AI‑driven threats.