Cloud Security Updates, KEV Alerts, and Active Threats

Cloud and AI platforms delivered security-focused releases, while defenders faced exploited vulnerabilities and service disruptions. AWS broadened Kubernetes, key management, compliance, and data‑store capabilities; Microsoft and Google detailed controls for AI agents and data access. CISA added a two‑year‑old Oracle WebLogic flaw to the KEV catalog, Google patched an actively exploited Android bug, and researchers warned of WordPress and VoIP device attacks amid ongoing threat activity.

AWS Security and DevOps Updates

AWS EKS 1.36 support is now available across all Regions, including GovCloud (US). Kubernetes 1.36 brings User Namespaces to general availability to map container root to an unprivileged host user, Mutating Admission Policies to enable CEL-based resource mutation without webhooks, in-place vertical scaling for pod-level CPU and memory, and Resource Health Status surfacing device health in Pod status. EKS provides upgrade guidance and insights, and EKS Distro 1.36 builds are published to ECR Public Gallery and GitHub.

AWS KMS API adds GetKeyLastUsage to return a key’s last-use timestamp along with operation type, CloudTrail event ID, and KMS request ID—reducing reliance on log queries. Tracking began April 23, 2026 in most Regions, so older activity may not be reflected. AWS recommends using last-use data with DisableKey and policy conditions such as kms:TrailingDaysWithoutKeyUsage, plus monitoring and alarms, to prevent accidental key deletions and downtime.

AWS Config now supports internal service‑linked rules, allowing AWS services—including AWS Security Hub CSPM—to deploy managed rules and receive evaluations directly. Results delivered to the deploying service incur no additional AWS Config charges and operate independently of customer-managed recorders and rules, preserving existing inventory, governance, and compliance workflows. Security Hub CSPM’s internal rules are available across commercial, GovCloud, and China Regions.

SageMaker Studio quick setup now completes in under 20 seconds and automatically attaches the AmazonSageMakerModelCustomizationCoreAccess managed policy for serverless customization jobs (fine‑tuning, evaluation, and deployment to SageMaker or Bedrock). Existing environments receive console guidance and documentation links to add equivalent permissions. The enhancement streamlines model experimentation and pipeline development across supported AWS Commercial Regions.

ElastiCache durability arrives for Valkey 9.0 via a Multi‑AZ transactional log, extending use cases beyond transient caching. Customers can choose synchronous writes (persisted across at least two AZs before acknowledgment for zero data loss with single‑digit millisecond writes) or asynchronous writes (microsecond write latency with a small risk of up to 10 seconds of data loss in rare failures). Both options preserve microsecond reads and support fast failover and recovery, and are available across commercial, China, and GovCloud Regions.

Securing AI Agents and Data Pipelines

Microsoft Build highlighted advances to embed security across development and AI operations. The multi‑model agentic scanning harness (MDASH) expands in preview to orchestrate models and over 100 specialized agents for discovery, validation, and exploitability proof, with integration into Microsoft Defender. Microsoft released the Agent 365 SDK for building enterprise-ready agents, the MXC SDK and Windows 365 for Agents for OS‑level containment and isolated execution, and an Agent 365 Agent Registry for lifecycle control. Expanded Purview controls add runtime DLP for agent prompts, agentic risk detection, and audit logging. Defender now integrates with GitHub Code Security for enriched findings and AI‑assisted fixes via Copilot Autofix, while Defender model scanning (preview) inspects model artifacts before deployment.

Google Cloud MCP servers connect AI agents to Google Cloud Storage as a governed source of unstructured data. A fully managed Remote MCP server enables zero‑infrastructure deployments, while a self‑managed Local MCP server (open source) supports bespoke transformations and custom tooling. Both integrate IAM and Cloud Audit Logs, with optional Model Armor for protection against prompt injection, tool poisoning, and data leakage. The MCP Toolbox unifies connectors for GCS, BigQuery, AlloyDB, Spanner, and Cloud SQL with OAuth2/OIDC and OpenTelemetry support, helping teams offload authentication, error handling, and infrastructure concerns.

Patch Watch: Exploited Flaws and Critical Fixes

WebLogic KEV entry CVE‑2024‑21182 was added by CISA after evidence of active exploitation, ordering federal agencies to patch by June 4 under BOD 22‑01. The high‑severity issue impacts Oracle WebLogic Server (12.2.1.4.0 and 14.1.1.0.0) via T3/IIOP network access and was originally addressed in July 2024. Organizations are urged to prioritize patching, limit exposure of T3/IIOP services, and monitor for compromise.

Kirki plugin (CVE‑2026‑8206) is under active attack due to a critical privilege escalation flaw introduced in 6.0.0 and fixed in 6.0.7. A faulty REST API password‑reset handler can send legitimate reset links to attacker‑controlled emails, enabling unauthenticated takeovers of any account, including administrators. Site owners should urgently upgrade to v6.0.7 or disable the plugin until patched.

HP Poly flaw (CVE‑2026‑0826, CVSS 9.2) allows unauthenticated root on affected VVX and Trio conference phones via a buffer overflow in SDP attribute parsing when ICE is enabled. Rapid7 released a Metasploit module, and HP issued fixes in Poly UCS versions 6.4.8 (VVX), 8.1.7 (Trio 8300), and 7.2.8 (Trio 8500/8800). ICE is not enabled by default; admins should patch promptly and disable ICE where unnecessary.

Android patches for June 2026 address 124 vulnerabilities, including an actively exploited Framework zero‑day (CVE‑2025‑48595) enabling local privilege escalation on Android 14 and later. Google released two patch levels (2026‑06‑01 and 2026‑06‑05); Pixel devices receive updates immediately, while other OEM timelines may vary. Users are encouraged to update promptly.

Incidents and Threat Activity

Exchange Online experienced a service incident (EX1331830) affecting mail flow in North America and Germany, leading to delays and SMTP deferrals. Microsoft is investigating and collecting telemetry, with administrators advised to monitor service health notifications and retry sends while remediation progresses.

AI ransomware tooling uncovered by Sophos shows cybercriminals using AI agents (e.g., Cursor and Claude Opus) to accelerate development, automate AD reconnaissance, and iterate EDR evasion across roughly 80 modules and 70+ techniques. Testing targeted multiple EDR products, with evidence linking the framework to ransomware activity. The case underscores faster offensive iteration and the need to validate defensive controls against AI‑assisted workflows.

Gamaredon report attributes a January 2026 campaign to the Russian‑linked group exploiting WinRAR CVE‑2025‑8088 to deliver a staged chain: GammaPhish retrieves GammaLoad, which deploys payloads including GammaWorm and GammaSteel. Techniques include persistence via scheduled tasks, hiding via LNK replacements and NTFS ADS, C2 resolution via Telegram, and exfiltration to Amazon S3 or attacker servers.

WeedHack malware infected over 116,000 systems by distributing malicious Minecraft mods, clients, and cheats via YouTube and SEO‑poisoned sites. The operation offers a clear‑net dashboard and premium features (remote control, keylogging, webcam access). McAfee observed thousands of daily infections and widespread credential theft; players should source mods from trusted origins and avoid dubious JARs, while defenders monitor for commodity infostealers in gaming ecosystems.