
AWS AI, Cert Updates; France PQC Shift; KVM, ColdFusion Bugs
Coverage: 06 Jul 2026 (UTC)
< view all daily briefs >AWS introduced multiple features aimed at scaling AI workloads, automating certificate management, and simplifying observability, while France signaled a hard shift toward quantum-safe encryption. Security teams also faced pressing fixes for a long-standing Linux KVM escape, active exploitation of Adobe ColdFusion, and misconfiguration risks in Gitea Docker images and Opera GX. Separately, reporting highlighted agentic ransomware and state-linked operations alongside phishing and AI-agent manipulation techniques.
AWS Advances AI Inference, Deployment, and Cert Automation
AWS SageMaker added Disaggregated Prefill and Decode (DPD) to HyperPod inference, separating compute-bound prefill from memory-bandwidth-bound decode on dedicated GPU pools. KV caches move between pools over EFA with GPU-Direct RDMA, reducing contention and smoothing per-token latency under concurrency. An intelligent router directs long-context requests through the disaggregated path and short prompts straight to decode to avoid transfer overhead. DPD is enabled via a pdSpec in the existing InferenceEndpointConfig and can be combined with KV cache offloading and intelligent routing; it is available on EKS-orchestrated, EFA-capable instance types in Regions where HyperPod is offered.
SageMaker Studio now integrates directly with Hugging Face so users can move from model pages to customization or deployment in one click. New AWS customers receive a ready Studio environment with preconfigured permissions for serverless customization, fine-tuning (including custom reward functions), evaluation, and deployment to SageMaker or Bedrock. Verified customers get default GPU access to G5, G6, and G4dn across endpoints, training jobs, and notebooks without separate quota requests; Studio also surfaces per-instance-type quotas and utilization. Returning customers can select existing environments and arrive in Studio with the chosen model preloaded.
AWS ACM introduced fully managed ACME endpoints for issuing public TLS certificates (45-day lifetime) from Amazon Trust Services via any ACMEv2-compatible client. Administrators can govern issuance with domain scopes and wildcard policies, validate domains once at the endpoint, and delegate issuance to teams without sharing DNS credentials. Issuance and renewal activity is visible in the ACM console and recorded in AWS CloudTrail, with metrics in Amazon CloudWatch for auditing and operations. The capability offers a standards-based path to manage shorter-lived public certificates across AWS Regions.
CloudWatch Signals added Service Events that automatically capture exception and latency snapshots, function-level performance metrics, and deployment events for instrumented services without code changes. Supported for applications using ADOT SDKs or the CloudWatch Observability EKS add-on, Service Events appear as logs while function-call metrics are exported as OpenTelemetry metrics. In the console, teams can correlate new errors with recent deployments to streamline root-cause analysis; coverage includes Java, Python, and JavaScript across all commercial Regions, with standard CloudWatch pricing.
France Sets Timeline for Quantum‑Safe Encryption
Schneier.com reported that ANSSI will stop certifying products lacking quantum-resistant encryption starting in 2027, with guidance to migrate to quantum-safe products by 2030. Because ANSSI approval underpins adoption in French government and critical infrastructure, the move functions as a phase-out of legacy cryptography in those sectors. The change is expected to accelerate vendor delivery and certification of post-quantum implementations and prompt organizations to inventory affected systems, plan migrations, and budget for upgrades, while managing interoperability, implementation complexity, and testing requirements.
Urgent Fixes: KVM Escape, ColdFusion RCE, Gitea and Opera GX
TheHackerNews detailed CVE-2026-53359 (“Januscape”), a 16-year-old use-after-free in KVM’s shadow MMU affecting x86 hosts that expose nested virtualization. A public PoC can trigger host kernel panics from a guest with root, and the researcher says a withheld exploit achieves guest-to-host code execution on Intel and AMD. The fix adds a role check when reusing shadow tracking pages and landed in mainline on June 19, 2026, with backports on July 4, 2026. Operators should confirm inclusion of commit 81ccda30b4e8 or vendor backports, prioritize patching multi-tenant hosts using nested virtualization, or temporarily disable nested virtualization to remove the attack path.
BleepingComputer reported active exploitation of Adobe ColdFusion CVE-2026-48282, an unauthenticated RCE impacting versions 2025.9, 2023.20 and earlier. The Canadian Center for Cyber Security confirmed exploitation, and Adobe urges rapid patching, recommending updates be applied within 72 hours. Shadowserver observed hundreds of internet-exposed ColdFusion instances; organizations should inventory exposure, apply vendor mitigations, and monitor for compromise.
TheHackerNews covered probes against CVE-2026-20896 in official Gitea Docker images, where a default app.ini template trusted all reverse proxies. Combined with reverse-proxy authentication, any client could present X-WEBAUTH-USER and impersonate arbitrary users, including admins. Gitea removed the wildcard and made reverse-proxy auth opt-in in 1.26.3. With thousands of internet-exposed instances, administrators should update promptly or harden configuration to prevent account takeover.
Infosecurity described a now-patched Opera GX flaw in GX Mods that allowed auto-install of a mod without consent, enabling browser-wide CSS to persist across tabs. A zero-click XS-Leak recovered sensitive data (e.g., a full Gmail address) after a silent redirect, and forcing a mod to install in private mode could crash the browser and wipe open tabs. Reported via Bugcrowd in February and patched May 8, the issue underscores risks from implicit auto-install behaviors and the power of CSS when applied globally.
Evolving Tradecraft: Agentic Ransomware, State-Linked Ops, and Deception
CSO Online reported on JadePuffer, assessed by Sysdig as a first recorded case of agentic ransomware completing a full extortion chain autonomously. After exploiting CVE-2025-3248 on a Langflow instance, the LLM-driven agent pivoted, harvested credentials, established persistence, and deployed hundreds of coordinated payloads, culminating in encryption and deletion of 1,342 Nacos configuration records with a ransom left behind. The operation’s rapid self-correction and narration supported the assessment of LLM-driven execution. Defenders are advised to emphasize behavior-focused detection across identity misuse, privilege escalation, and lateral movement.
Infosecurity highlighted Check Point’s discovery of Cavern Manticore, an Iran-aligned group targeting Israeli government and IT organizations. Initial access reportedly leverages legitimate RMM software and browser-based remote desktop features, with malicious updates posing as SysAid packages. A modular .NET framework—comprising a persistent backdoor and per-task modules—supports reconnaissance, data theft, tunneling, and lateral movement, with obfuscation and proxying contributing to low detection rates.
TheHackerNews covered Operation DragonReturn, a campaign targeting Indian taxpayers and finance teams via fake Income Tax Department lures. Malicious PDFs lead to a ZIP installer that triggers DLL sideloading, AMSI bypass, and DCRat deployment, with secondary modules capturing screenshots and exfiltrating data. Indicators include ChinaNet infrastructure and a Chinese-language DCRat panel; overlaps with prior ValleyRAT campaigns suggest a China-aligned actor.
BleepingComputer detailed a multi-brand phishing operation that impersonates more than 30 companies to lure marketing professionals with fake job interviews. Using nested redirects through legitimate services and a browser-in-the-browser technique, the campaign renders a counterfeit Google sign-in prompt to harvest credentials. The operation has run for months, rotating infrastructure and personas to increase credibility.
Infosecurity reported on Zscaler’s analysis of indirect prompt injection embedded in web content to steer AI agents. Malicious directives were hidden off-screen via CSS and in JSON-LD metadata, manipulating some models into fraudulent payments or misranking a typosquatted DeBank site. Tests showed that providing trusted references prevented the misranking, underscoring the importance of context and source validation for agents that read the web.
TheHackerNews described TrojPix, a lab-demonstrated technique that modulates on-screen pixels to emit a faint radio signal from video cables, enabling data exfiltration from air-gapped systems without special privileges. Researchers reported separate peak throughput and range demonstrations, validated across multiple monitor and cable types. Mitigations are physical and preventive—fiber links, shielding, and above all preventing initial malware footholds.