< ciso
brief />
Tag Banner

All news with #alibaba cloud tag

4 articles

Unpatched XRING bug in XQUIC allows remote crash

🛡️ A single wrong variable in Alibaba's XQUIC library lets any remote client crash servers using default QPACK settings with ordinary HTTP/3 traffic. FoxIO researcher Sébastien Féry disclosed the XRING flaw on July 8 and showed a crash triggered by about 260 bytes of legal QPACK frames. All XQUIC releases through v1.9.4 are affected; no patch or CVE was available as of July 10. Operators can mitigate by setting SETTINGS_QPACK_MAX_TABLE_CAPACITY to 0 or disabling HTTP/3 until a fix ships.
read more →

Five Qwen Models Added to Amazon SageMaker JumpStart

🔔 AWS has added five new Qwen foundation models to SageMaker JumpStart, including Qwen3-Coder-Next, Qwen3-30B-A3B, Qwen3-30B-A3B-Thinking-2507, Qwen3-Coder-30B-A3B-Instruct, and Qwen3.5-4B. The models support agentic coding, extended reasoning, multimodal and multilingual workloads, and lightweight deployments. Customers can deploy them from SageMaker Studio or via the SageMaker Python SDK to accelerate development of coding agents and multimodal applications.
read more →

VoidLink Linux Malware Targets Multi-Cloud Environments

🔍 New analysis by Ontinue details VoidLink, a Linux-based command-and-control framework that generates implant binaries for credential theft, data exfiltration and stealthy persistence across cloud and enterprise hosts. The agent fingerprints AWS, GCP, Azure, Alibaba and Tencent environments and adapts its behavior, loading modular plugins for container escape and kernel-level stealth. Researchers identified unusual development artefacts — structured "Phase X:" labels, duplicated numbering, verbose debug logs and embedded documentation — that suggest parts of the implant were written or assisted by a large language model coding agent with limited human review.
read more →

Amazon Bedrock Adds Four Qwen3 Open-Weight Models Now

🤖 Amazon Web Services added four Qwen3 open-weight foundation models to Amazon Bedrock as fully managed, serverless offerings. The lineup—Qwen3-Coder-480B-A35B-Instruct, Qwen3-Coder-30B-A3B-Instruct, Qwen3-235B-A22B-Instruct-2507, and Qwen3-32B—covers both dense and Mixture-of-Experts (MoE) architectures. The coder variants specialize in agentic coding, function calling, and tool use, while the 235B and 32B models provide general reasoning and efficient dense computation. These models are available now across multiple AWS regions, enabling developers to build advanced AI applications without managing infrastructure.
read more →