Cloud Identity Upgrades, Critical Patches, and Notable Breaches

Cloud providers introduced new identity, resilience, and observability features while researchers detailed exploitable flaws in widely used communications, ML, and web components. Several intrusions and data leaks highlighted operational exposure for public- and private-sector organizations. The report below prioritizes preventive updates and vendor guidance before summarizing confirmed incidents.

AWS Identity, Resilience, and DDoS Visibility

Amazon Cognito completed a large-scale infrastructure modernization that migrated hundreds of millions of identities to a purpose-built, identity-first storage layer. The program delivered higher throughput at thousands of TPS, support for tens of millions of users per pool, customer-managed encryption keys via AWS KMS, and building blocks for cross-Region synchronization — all through a zero-downtime migration. The team layered validation techniques (shadow mode comparisons, bulk backfill with dual-write capture, continuous anti-entropy scans, staged rollouts with instant rollback) and kept the legacy system as the source of truth to resolve edge cases. Lessons emphasized designing for actual access patterns, preserving behavioral parity beyond functional tests, and overlapping validation approaches to cover different failure modes.

Multi-Region replication for Amazon Cognito user pools is now available as an add-on for Essentials and Plus tiers, enabling near-real-time synchronization of user and machine identities, credentials, pool configurations, and federation settings to a standby pool in a secondary Region. In a regional disruption, traffic can be redirected with minimal impact; signed-in users retain access without re-authenticating, and supported methods (username/password, social and SAML/OIDC federation, and machine-to-machine flows) continue to operate in the secondary Region. Administrators can enable the feature via console, CLI, or SDKs in a broad set of Regions.

Cognito’s inbound federation trigger adds programmatic control over SAML/OIDC/social sign-in by allowing a Lambda function to transform, filter, enrich, or drop attributes immediately after IdP response verification. Practical use cases include trimming oversized group attributes from B2B SAML assertions to avoid attribute limits and implementing automated account linking so users maintain a single primary identity and consistent JWT subject across sign-in methods. Operational guidance notes a 5-second execution window, the value of caching for external lookups, and careful handling of edge cases such as masked emails.

Shield Advanced now publishes attack flow logs for infrastructure-layer DDoS events, initially for Elastic IP protections. Logs — delivered to Amazon S3, CloudWatch Logs, or Kinesis Data Firehose — capture source/destination IPs and ports, protocol, packet and byte counts, TCP flags, ingress location, Shield action, sampling rate, and a two-letter source country code. Records are written every five minutes (or at a 75 MB threshold), and the post documents the DeliveryResource/Destination/Source model, required IAM permissions, destination policies, cost considerations (CloudWatch vended logs plus destination storage/processing), and cross-account aggregation patterns.

EKS Capabilities now supports Amazon CloudWatch Vended Logs as a delivery source for managed controllers such as Argo CD, AWS Controllers for Kubernetes (ACK), and kro, enabling teams to route control-plane telemetry to CloudWatch Logs, S3, or Kinesis Data Firehose with standard vended-log pricing and no incremental EKS charge. In parallel, Amazon MQ for RabbitMQ is available in the AWS European Sovereign Cloud (Germany), providing managed broker lifecycle operations on Graviton3-based m7g instances within an EU-isolated environment to meet data residency and compliance needs.

Data Platforms and AI Tooling

Google Cloud announced performance and operations enhancements for Managed Service for Apache Spark. Lightning Engine — a native C++ vectorized execution path built on Velox and Gluten — compiles query plans into SIMD-optimized instructions, with reported performance up to 4.9x faster and up to 2x better price-performance without code changes. Flexible VMs (GA) improve placement resilience and autoscaling, while FinOps features include zero-scale clusters on Spot VMs and scheduled stops. An MCP server enables IAM-governed agent operations; developer tooling adds Data Agent Kit and Antigravity 2.0 integrations, plus a Spark 4.1-based Cluster Image 3.0 preview with Java 21.

Amazon Bedrock launched a redesigned console centered on experiment–iterate–scale workflows and the bedrock-mantle endpoint compatible with OpenAI Responses, OpenAI Chat Completions, and Anthropic Messages APIs. Teams can compare models, organize work into projects with evaluations and usage insights, and copy SDK snippets prefilled with model ID, Region, endpoint, and key reference. The experience aims to reduce setup friction by allowing existing OpenAI or Anthropic client libraries to call Bedrock via an Amazon Bedrock API key.

Microsoft AI updated its Taxonomy of Failure Modes in Agentic AI Systems (v2.0), adding categories such as Agentic Supply Chain Compromise, Goal Hijacking, Inter‑Agent Trust Escalation, CUA Visual Attack, Session Context Contamination, MCP/Plugin Abuse, and Capability/Architecture Disclosure. The paper cites growth in open-source agentic frameworks, maturing MCP ecosystems, and GUI-driven computer-use agents as drivers, and recommends controls including SBOM/provenance checks for agentic components, zero‑trust inter‑agent architectures with cryptographic identities, hardened consent flows, and adversarial session hardening.

Patches and Protocol Weaknesses

Cisco UCM received patches for an unauthenticated SSRF vulnerability (CVE‑2026‑20230) that can force arbitrary file writes and enable root compromise when the WebDialer service is enabled. Proof‑of‑concept code is public. Cisco assigns Critical severity for final impact; immediate actions include applying 14SU6, using an interim COP for the 15 train or disabling WebDialer until 15SU5 is available. Cisco PSIRT had not observed active exploitation at publication time.

Hugging Face Transformers versions 4.56.0 through those released before 5.3.0 contain a high‑severity RCE vector via an underscore‑prefixed config field, _attn_implementation_internal. Because config parsing uses setattr indiscriminately, a remote model’s config.json can trigger Hub Kernels to fetch and import custom attention code without sandboxing or prompts, bypassing trust_remote_code=false when kernels are present. Mitigation is to upgrade to 5.3.0 and review cached configs for the field.

HTTP/2 Bomb describes a DoS technique exploiting default HPACK dynamic table behavior combined with Slowloris‑style windowing to trigger repeated large allocations that cannot be freed. Affected implementations include nginx, Apache HTTP Server, Microsoft IIS, Envoy, and Cloudflare’s Pingora. Vendors have issued fixes or mitigations (e.g., nginx v1.29.8+, Apache mod_http2 v2.0.41, patched Envoy); where unavailable, administrators should disable HTTP/2 or enforce strict header‑count limits.

Claude Code GitHub Action contained a logic flaw allowing attackers to gain write access to vulnerable public repositories by opening a single issue. A permissive trigger accepted actors ending in “[bot]” and example workflows allowed non‑write users to start runs; with prompt-injection, issue content could exfiltrate environment variables and exchange OIDC for installation tokens with write privileges. Anthropic addressed the core bypass in January and released fixes in v1.0.94 with additional hardening; administrators should update, restrict who can trigger workflows, and minimize exposed secrets.

Breaches and Active Exploitation

WFP breach impacted the Palestine self‑registration application on May 14, exposing names, ID numbers, phone numbers, and location details for beneficiaries across Gaza — affecting roughly 600,000 households. The platform is suspended while security measures are implemented; beneficiaries were notified via Telegram and advised to avoid re‑registering or altering data, and to watch for impersonation and suspicious links. Assistance continues for those already registered as the investigation proceeds.

Everest Forms Pro (WordPress) is under active exploitation via CVE‑2026‑3300 (CVSS 9.8) in the Calculation add‑on, where user‑supplied formulas are executed through eval(). Payloads have created rogue admin accounts and can deploy webshells. WPEverest patched in 1.9.13; defenders should update immediately, review logs for indicators (e.g., specific admin name/email and noted source IP), and check for unauthorized users or artifacts.

Mailbox espionage at a major global stock exchange persisted for about five months, with attackers copying a senior executive’s Outlook mailbox. The operation used a Dropbox API token, an Aspose-based mailbox stealer, masqueraded binaries, scheduled tasks mimicking system services, and tunneling and credential‑dumping tools. Exfiltration favored small, periodic transfers through consumer cloud services; the last staging activity was observed on March 19, 2026.

DentaQuest breach led to public release of data by ShinyHunters after failed negotiations. The company confirmed an intrusion impacting a limited portion of its network with limited service disruption and engaged external forensics. Have I Been Pwned identified about 2.6 million accounts in the leaked set, with data elements including contact details, government‑issued IDs, insurance information, gender, and dates of birth; a substantial portion overlaps prior incidents.