
Cloud Security Updates: Confidential Compute, AI Ops, KEV, Threats
Coverage: 02 Jul 2026 (UTC)
< view all daily briefs >Cloud providers advanced security, governance, and AI operations while defenders confronted active exploitation and fast‑moving social engineering. AWS added confidential compute on dedicated tenancy and expanded high‑memory instances; Microsoft detailed partner‑ecosystem safeguards and Azure’s AIOps core; and Google coordinated another disruption of a large residential proxy network. At the same time, CISA added a SharePoint RCE to KEV, researchers flagged critical weaknesses in GitOps and AI coding tools, and multiple campaigns and disclosures underscored the need for prompt patching and tighter controls.
Confidential Compute and High‑Memory Options Expand
AWS post: Amazon EC2 Dedicated Hosts now support AMD SEV‑SNP, enabling customers to allocate physical servers with AMD security firmware applied at host provisioning so SEV‑SNP instances run in a hardware‑backed encrypted environment. The capability combines dedicated tenancy controls — explicit instance placement and host affinity — with stronger guest and memory protections, aiding workloads that require strict data isolation, regulatory compliance, and predictable placement. Availability spans all commercial Regions that offer AMD instances.
AWS post: EC2 X8i instances are now in three additional Asia Pacific Regions — Seoul, Malaysia (Kuala Lumpur), and Tokyo (NRT). Powered by custom Intel Xeon 6 processors and SAP‑certified, X8i targets memory‑bound workloads with up to 43% higher performance versus X2i, 1.5x memory capacity (to 6 TB), and 3.3x memory bandwidth; AWS cites gains up to 50% SAPS, 47% for PostgreSQL, 88% for Memcached, and 46% for AI inference. The family offers 14 sizes including two bare‑metal variants and is purchasable via Savings Plans, On‑Demand, or Spot.
AI/ML Platform Hygiene and Reliability
AWS post: Amazon SageMaker HyperPod adds AMI semantic versioning and opt‑in auto‑patching to reduce operational risk during long AI/ML runs. Clusters surface major.minor.patch across instance groups and nodes, support rollbacks — including NVIDIA drivers and CUDA — via UpdateClusterSoftware, and apply only backward‑compatible security fixes when nodes are idle. An AMI support policy clarifies patch timelines; features are available for HyperPod on Amazon EKS across supported Regions.
AWS post: SageMaker Unified Studio can now be provisioned with Terraform using the terraform‑aws‑sagemaker‑unified‑studio module. Platform teams can deploy domains via version‑controlled templates, integrate with existing IaC pipelines, and standardize roles, blueprints, and projects across environments using the AWS Cloud Control Provider.
Azure blog: Microsoft introduced Brain, an AIOps cloud health intelligence system that acts as a continuously updated digital twin of Azure’s operational state. Ingesting telemetry, topology, and customer signals, Brain produces standardized determinations (health, severity, impact, reason) that drive resource‑health notifications, rollout safeguards, and outage declarations, improving detection precision and time‑to‑notification. Microsoft positions Brain as foundational for consistent, auditable agentic operations.
Ecosystem Controls, Disruption, and Policy
Microsoft blog: Microsoft outlined risks and mitigations across its partner ecosystem, especially Cloud Solution Providers. Measures include identity and vetting checks, mandatory security requirements, granular delegated administrative privileges (GDAP), strong telemetry and response, and the ability to rapidly revoke GDAP access during incidents or partner changes. The company emphasizes shared responsibility and periodic reassessment of authorization expectations.
Google blog: Google’s Threat Intelligence Group, working with the FBI, Lumen, and others, reported continued disruption of the NetNut (Popa) residential proxy network, which it estimates included at least 2 million devices such as smart TVs and streaming boxes. Actions spanned disabling Google accounts and services used for C2, sharing intelligence on SDKs and backend infrastructure, and leveraging Google Play Protect to warn users and disable apps with NetNut code. Google notes the broader residential proxy ecosystem’s resilience and urges consumers and industry to block malicious C2 and avoid “unused bandwidth” apps.
BleepingComputer: The Court of Justice of the European Union rejected Google’s final appeal against the European Commission’s 2018 Android antitrust decision, leaving a €4.125 billion fine in place. The court affirmed findings that pre‑installation and anti‑fragmentation restrictions reinforced dominance and limited competition; Google referenced contractual and product changes since 2018 and competition from iOS, but the ruling closes its legal path to overturn the penalty.
Exploitation, Vulnerabilities, and Tactics
The Hacker News: CISA added CVE‑2026‑45659, a SharePoint Server deserialization RCE (CVSS 8.8), to the Known Exploited Vulnerabilities catalog after active exploitation. Microsoft patched the flaw in May 2026 for supported SharePoint versions and warns any authenticated user can trigger it over the network; U.S. agencies must remediate by July 4, 2026. Microsoft also described a ransomware case where two unrelated actors operated simultaneously in the same environment, complicating response.
CSO Online: A vulnerability in Argo CD’s repo‑server allows abuse of the unauthenticated GenerateManifest gRPC endpoint via Kustomize options that leverage Helm build features to execute attacker‑controlled commands. Exploitation requires access to repo‑server and Redis ports; weak east‑west controls and default‑disabled network policies heighten risk. The issue remains unpatched; researchers urge strict segmentation and treating GitOps engines as tier‑zero control planes.
CSO Online: Two Cursor IDE flaws (CVE‑2026‑50548, CVE‑2026‑50549) enabled prompt‑injection‑driven sandbox escapes to remote code execution by overriding working directories and exploiting symlink canonicalization fallbacks. No prior privileges are needed if an LLM ingests attacker‑controlled content; Cursor patched in version 3.0. The case underscores systemic risks where agent tools interface with untrusted inputs and require layered guardrails and isolation.
Infosecurity: A researcher released “Exploitarium,” publishing over 30 PoCs for zero‑days across open‑source projects including the Linux kernel, libssh2, FFmpeg, Gogs/Gitea, Ghidra, 7‑Zip, MyBB, PHP, OpenVPN, and VLC. Some issues have since received CVEs and patches — for example, a severe libssh2 pre‑auth RCE — while debate continues over bypassing coordinated disclosure versus accelerating fixes.
BleepingComputer: “ClickFix” and “ConsentFix” techniques simulate normal workflows to hijack Microsoft 365 accounts within seconds, either by prompting shortcut‑based command execution or abusing OAuth consent via localhost callback trickery. Defenses combine user awareness with telemetry for anomalous PowerShell activity, suspicious OAuth flows, and rapid incident response.
Infosecurity: A phishing campaign impersonating Interpol’s Cybercrime Investigation Unit targets small businesses across multiple regions. Emails point to a password‑protected Proton Drive file that leads to a disguised executable, after which attackers negotiate ransoms over Tox. Recipients are advised to verify unsolicited requests through official channels.
Kaspersky blog: Research into Yarbo robotic mowers found a universal remote‑access pathway using the Linux root account and a hardcoded nine‑character password, reset by updates and shared across devices. The flaw enabled remote control, data theft, and potential lateral movement; Yarbo is rolling out firmware to remove universal passwords, tighten access, and make diagnostics opt‑in. Users should update promptly and segment IoT devices.
BleepingComputer: A 19‑year‑old dual U.S.–Estonian citizen, alleged to be linked to Scattered Spider, was extradited to the United States to face charges related to multiple intrusions and extortion attempts. One cited breach targeted a luxury retailer with an $8 million demand and over $2 million in disruption costs; authorities attribute the group with over 100 intrusions and $100 million in ransom payments, often relying on social engineering, MFA fatigue, and emulator‑assisted MFA attacks.
AWS post: AWS Config added eight resource types — including ApiGateway DomainNameV2, VpcLink, EC2 VPCEncryptionControl, NetworkFirewall ContainerAssociation, OpenSearch Serverless SecurityPolicy, OSIS Pipeline, and S3Vectors VectorBucket and VectorBucketPolicy — broadening configuration tracking and evaluation via Config rules and aggregators across supported Regions.