Posts

🟠 High | Source: The Register — Security OpenAI’s Codex AI agent independently discovered and chained together multiple decade-old HTTP/2 denial-of-service techniques to bring down web servers within seconds, creating what researchers are calling an HTTP/2 bomb. This demonstrates that AI coding agents can autonomously rediscover and combine legacy attack methods into novel, highly effective exploits without human guidance. The incident raises significant concerns about the offensive security capabilities of large language model-based agents operating with minimal oversight. ...

🟢 Low | Source: AWS What’s New Amazon Cognito now supports multi-Region replication, allowing user pool data — including credentials, configurations, and federation settings — to be synchronised to a standby Region in near real-time. This improves authentication resilience by enabling traffic failover during a regional outage without forcing users to re-authenticate. The feature is available as a paid add-on across most major AWS Regions. Architect’s Take: Review your existing Cognito-based authentication architectures for single-Region dependencies and assess whether the Essentials or Plus tier add-on cost is justified by your RTO/RPO requirements. Ensure your incident response runbooks are updated to include Cognito traffic redirection procedures, and validate that federated identity providers (SAML/OIDC) are accessible from the secondary Region before declaring it ready for failover. ...

🔴 Critical | Source: The Hacker News Cisco has patched a server-side request forgery (SSRF) vulnerability in Unified Communications Manager (Unified CM) that allows an unauthenticated network attacker to write arbitrary files to the system and escalate privileges to root. The flaw is tracked as CVE-2026-20230 and public proof-of-concept exploit code is already available, significantly lowering the barrier to exploitation. Cisco’s PSIRT has not confirmed active exploitation in the wild, but the availability of working PoC code makes patching urgent. ...

🟢 Low | Source: AWS Security Blog AWS has introduced a new Lambda trigger for Amazon Cognito that allows developers to customise the federated sign-in process when users authenticate via external identity providers such as SAML, OIDC, or social logins. This enables teams to intercept and modify authentication flows at key points, such as attribute mapping or access decisions, without altering core Cognito configuration. The feature improves flexibility for organisations with complex identity federation requirements. ...

🔴 Critical | Source: The Hacker News A flaw in Anthropic’s Claude Code GitHub Action allowed an attacker to hijack public repositories simply by opening a malicious GitHub issue, requiring no authentication or special access. Because Anthropic’s own repository used the same vulnerable workflow, a successful attack could have injected malicious code into the action itself, poisoning every downstream project that consumes it. Researcher RyotaK of GMO discovered and reported the issue. ...

🟠 High | Source: The Hacker News Agentic AI systems are increasingly being deployed in defence and security networks, but this introduces new attack surfaces — illustrated by reports that an unauthorised group claimed access to Anthropic’s Claude Mythos model within hours of a limited technical preview. The incident highlights that AI capabilities in high-stakes environments are only as secure as the infrastructure underpinning them. Without robust access controls, segmentation, and identity governance, agentic AI deployments can become a significant liability rather than a force multiplier. ...

🟡 Medium | Source: The Hacker News This is a weekly threat bulletin covering a broad range of active security issues, including AI agent exploitation, command-and-control tooling, ClickFix social engineering campaigns, JavaScript backdoors, and over 20 additional threat stories. It matters because it reflects the accelerating normalisation of sophisticated attack techniques being accessible to lower-skilled threat actors, and highlights emerging risks from AI systems being leveraged in real attacks. Architect’s Take: Use this bulletin as a prompt to review your threat model against ClickFix-style social engineering vectors and any AI agent integrations in your environment — particularly where agents have access to cloud APIs or can execute code. Ensure your JavaScript supply chain controls and browser security policies are current. ...

🟡 Medium | Source: The Hacker News This is a broad threat intelligence bulletin covering a range of current attack trends including malicious AI agents, command-and-control tooling, ClickFix social engineering, JavaScript backdoors, and more. It reflects the increasingly commoditised nature of offensive tooling, where even low-skilled threat actors now have access to sophisticated capabilities. The significance lies in the breadth of attack vectors being actively exploited across web, endpoint, and AI-adjacent surfaces. ...

🟠 High | Source: The Hacker News A China-linked threat actor, TA4922, has expanded its phishing campaigns beyond its previous targets to now include organisations in the UK, Germany, Italy, and South Africa. The group is deploying known malware families including ValleyRAT and Atlas RAT, with a rapidly evolving toolkit suggesting well-resourced, sustained operations. This represents a significant escalation in geographic scope and poses a direct threat to European enterprises. Architect’s Take: Review and tighten email gateway controls to block phishing lures associated with TA4922, and ensure endpoint detection rules cover ValleyRAT (Winos 4.0) and Atlas RAT indicators. Consider hunting for lateral movement or C2 beaconing patterns consistent with these RAT families across cloud-hosted workloads and on-premises infrastructure. ...

🟠 High | Source: The Hacker News A China-linked threat group, TA4922, has significantly expanded its phishing campaigns beyond its previous targets to now include organisations in the UK, Germany, Italy, and South Africa. The group is deploying known remote access trojans including ValleyRAT and Atlas RAT, with a fast-moving operational pace and an evolving malware toolkit. This matters because the expansion into European markets signals a deliberate strategic shift, increasing risk for organisations in these regions. ...