GovCloud AI Approvals, Zero Trust Guidance, And New Threats

Compliance-focused cloud updates, zero trust guidance and fresh threat research shaped the day. AWS expanded regulated AI options in GovCloud, while Microsoft extended Windows 10 security updates for consumers. CISA outlined how agencies can move to SASE-aligned zero trust, as researchers detailed exploitation of SD‑WAN infrastructure and new macOS evasion techniques.

GovCloud AI Approvals and Support Expand Regulated Options

Amazon Bedrock now offers OpenAI GPT, OpenAI GPT OSS and NVIDIA Nemotron models with FedRAMP High and DoD CC SRG Impact Level 4/5 approvals in AWS GovCloud (US). The models are delivered via Mantle, a distributed inference engine that provides serverless performance, automated capacity management and zero operator access, with compatibility for OpenAI API specifications. The certifications allow federal and regulated enterprises to deploy these generative AI models for sensitive workloads without re-architecting to meet FedRAMP High and DoD IL‑4/IL‑5 controls.

Kiro achieved FedRAMP High and DoD IL‑4/IL‑5 authorization for AWS GovCloud (US), enabling use of its agentic AI platform for high-assurance workloads. Kiro provides an IDE and CLI for spec-driven development that converts prompts into specifications, code, documentation and tests, with native Model Context Protocol (MCP) support to securely connect to enterprise data sources. The approvals reduce barriers for agencies and regulated organizations adopting agentic AI while meeting stringent controls.

GovCloud support has been updated so all customer technical cases are handled by US‑based, US‑citizen cloud support engineers by default, across both GovCloud (US‑East) and (US‑West). These full‑time AWS employees are trained and authorized for ITAR and other GovCloud compliance needs, with permissions to work directly within regulated environments. Customers continue to have 24/7 access via console, APIs, click‑to‑call and chat, with the change aimed at improving response and maintaining compliance posture.

Cloud Platform Updates: Performance and Regional Reach

AWS Backup introduced an enhancement that speeds Amazon S3 backup copy operations by up to 8x for large buckets with low inter‑copy change rates. By recording object events as they occur, AWS Backup transfers only changed objects instead of scanning entire destinations. The improvement automatically applies to new cross‑account and cross‑Region S3 copy jobs at no extra charge, reducing processing time and operational overhead in all supported Regions.

OpenSearch Ingestion is now available in the Europe (Paris) Region, adding a fully managed, no‑code tier for filtering, transforming, redacting and routing data to Amazon OpenSearch Service clusters or serverless collections. The service provisions and scales infrastructure automatically, enabling teams to build and manage preprocessing pipelines closer to operations in Paris to address latency and data residency needs.

EC2 C7a instances launched in the Asia Pacific (Singapore) Region, bringing 4th Gen AMD EPYC (Genoa) processors with peak 3.7 GHz frequencies and up to 50% better performance than C6a. The instances add AVX‑512, VNNI and bfloat16 support, use DDR5 for 2.25x the memory bandwidth of C6a, and raise the EBS volume attachment limit to 128 per instance. With 12 sizes plus bare metal on the Nitro System, C7a targets compute‑heavy workloads including batch processing, analytics, HPC, ad serving, large‑scale gaming and video encoding.

Guidance and Lifecycles: Zero Trust and Extended Support

CISA guidance encourages federal agencies to adopt Secure Access Service Edge (SASE) as they transition from TIC 2.0 to TIC 3.0 grounded in zero trust. The vendor‑agnostic document emphasizes architectural outcomes and operational controls, including maintaining telemetry by forwarding data to the Comprehensive Log Aggregation Warehouse (CLAW) as traffic moves away from centralized MTIPS gateways. It also recommends analyzing encrypted traffic for suspicious patterns rather than universal TLS decryption, acknowledging complexity and latency trade‑offs.

Windows 10 ESU for personal devices was quietly extended by Microsoft to October 12, 2027. Reflected in updated documentation and a blog editor’s note, the change keeps critical security updates available for users who cannot upgrade to Windows 11. Consumers can obtain ESU via fee, Microsoft account backups, reward points, or—if in the EEA—by signing in with a Microsoft account to receive it for free; coverage applies to up to 10 devices per account. The program remains limited to personal devices and excludes AD‑joined or MDM‑managed systems, while Entra‑registered devices are eligible.

Active Threats: Edge Exploitation, macOS Evasion and Phishing Innovation

Cisco SD‑WAN infrastructure was exploited months before public disclosure of CVE‑2026‑20245, according to Mandiant. The actor established unauthorized peering, used SSH access, changed default account passwords and ultimately uploaded a crafted CSV to gain root on Catalyst SD‑WAN Controller, then removed artifacts and reverted changes to erase indicators. Researchers cite this as “living‑off‑the‑edge,” where targeting orchestration and edge appliances with limited telemetry enables stealth and persistent access.

macOS XPC flaw research from XM Cyber shows how a standard user can abuse trusted‑caller behavior to trigger privileged helper functions and silently unload EDR agents or remove system extensions. By piggybacking on cached code‑signature trust (CDHash) from a legitimate app, attackers can run commands without further authentication, leaving minimal forensic traces. Vendors have issued fixes in some cases (e.g., Kandji’s CVE‑2026‑39118), and developers are urged to perform explicit caller validation during XPC handshakes available since macOS 13.

Gaslight malware, a Rust‑based macOS implant attributed by researchers to North Korea–aligned actors, embeds a Markdown‑formatted prompt‑injection payload designed to confuse AI‑assisted analysis. Using Telegram bot API polling for C2, it offers an interactive shell with commands like help, id, shell, kill, upload and stop, and achieves persistence via a LaunchAgent. A Base64‑encoded Python stealer collects terminal history, installed apps, process snapshots, system profiles, Keychain data and browser artifacts, compressing results for exfiltration via Telegram.

Bluekit phishing has adopted a browser‑in‑the‑middle technique that streams serialized DOM and user interactions via rrweb to an attacker‑controlled browser, enabling session token theft. Researchers note extensive anti‑analysis features, including randomized CSS filters, large obfuscated JavaScript bundles, custom CAPTCHAs, fingerprinting and WebRTC‑based IP mismatch checks. The evolution increases risk for account takeover and business email compromise, reinforcing the need for layered and behavioral detections.

Adblock extension for Chrome with over 10 million installs was found to contain a server‑controlled mechanism capable of injecting arbitrary JavaScript via a bespoke “trusted‑create‑element” scriptlet rule. Although dormant at analysis time, activation would require only a server‑side change, and the extension’s broad match on “youtube.com” combined with wide‑ranging execution on all sites raises risk. Prior versions’ ad‑injection SDK and ownership changes further elevate concern, despite no evidence yet of malicious payload distribution.