Posts

🟠 High | Source: The Hacker News Google’s June 2026 Android security update addresses 124 vulnerabilities, including a high-severity privilege escalation flaw (CVE-2025-48595) in the Android Framework component that is actively being exploited in the wild. The flaw requires no user interaction, making it particularly dangerous as attackers can escalate privileges silently. Organisations with Android devices in their mobile fleet or BYOD programmes should treat this update as urgent. Architect’s Take: Prioritise enforcement of this patch across managed Android devices via your MDM solution (e.g. Intune, Jamf, or Google Endpoint Management) — focus first on devices accessing corporate cloud resources or sensitive SaaS applications. Review your mobile threat defence policies to detect any exploitation attempts against unpatched devices in the interim. ...

🟢 Low | Source: The Register — Security Cisco has publicly praised its AI model ‘Mythos’ for its performance in automated vulnerability discovery but has declined to disclose the number of bugs it actually found. Separately, Anthropic has expanded its Project Glasswing initiative by adding 150 new partners, signalling growing industry investment in AI-driven security tooling. The opacity around Mythos’ results raises questions about transparency and how organisations should evaluate AI security claims. ...

🟠 High | Source: The Hacker News Russian state-linked threat group Gamaredon is actively exploiting CVE-2025-8088, a path traversal vulnerability in WinRAR, to deploy a chain of malware against Ukrainian targets. The attack begins with an HTML Application payload (GammaPhish) which then downloads further malware including GammaWorm and GammaSteel, designed for data theft and lateral propagation. This is a targeted, state-sponsored campaign with significant implications for organisations operating in or with Ukraine. ...

🟠 High | Source: The Hacker News A high-severity vulnerability in Oracle WebLogic Server (CVE-2024-21182) has been added to CISA’s Known Exploited Vulnerabilities catalogue following confirmed active exploitation in the wild. The flaw allows an unauthenticated attacker with network access to take full control of affected servers without any credentials. Any organisation running Oracle WebLogic in cloud or on-premises environments should treat this as an urgent remediation priority. Architect’s Take: Audit your cloud environments immediately for internet-exposed or network-accessible WebLogic instances and apply Oracle’s patch from the January 2024 Critical Patch Update without delay. As an interim control, restrict network access to WebLogic admin ports using security groups or firewall rules, and consider placing instances behind a WAF or application gateway. ...

🟢 Low | Source: AWS What’s New AWS Config now supports internal service linked rules, allowing AWS services like Security Hub CSPM to deploy and manage their own Config rule evaluations independently of customer-managed rules. Evaluation results are delivered directly to the originating AWS service at no additional charge to customers. This separation means AWS services can run compliance checks without interfering with customer-configured Config setups. Architect’s Take: No immediate action is required, but architects should review their AWS Config cost models and compliance dashboards — internal service linked rules operate independently and won’t affect existing customer rules or recorders, so there is no risk of unintended interference. Take note that Security Hub CSPM will now leverage this mechanism, which may affect how you interpret Config rule counts and evaluation results in your environment. ...

🟢 Low | Source: AWS What’s New AWS Deadline Cloud now supports persistent EBS volumes for Service-Managed Fleet workers, preserving software environments and assets across worker lifecycle events. Previously, workers used only ephemeral storage, meaning software had to be reinstalled on every recycle. This change reduces startup times and improves job throughput for compute-intensive rendering and simulation workloads. Architect’s Take: Review IAM policies and EBS volume access controls to ensure persistent volumes cannot be accessed by unintended workers or principals across lifecycle boundaries. Consider enabling EBS encryption at rest for all SMF persistent volumes and validate that TTL policies are configured to minimise unnecessary data retention in line with your data classification requirements. ...

🟢 Low | Source: AWS What’s New Amazon SageMaker Studio’s quick setup time has been reduced from over two minutes to under twenty seconds. New Studio environments now automatically receive a managed IAM policy granting serverless model customisation permissions, including fine-tuning, evaluation, and deployment to SageMaker or Bedrock endpoints. This reduces friction for ML practitioners but introduces pre-configured IAM permissions that security teams should review. Architect’s Take: Review the scope of the automatically attached AmazonSageMakerModelCustomizationCoreAccess managed policy against your least-privilege baselines — auto-provisioned IAM policies with deployment permissions to Bedrock and SageMaker endpoints may exceed what individual users or teams require. Consider whether your landing zone or Service Control Policies should restrict or audit automatic policy attachment in SageMaker Studio environments. ...

🟡 Medium | Source: AWS Security Blog AWS has published guidance on securing multi-tenant AI agent deployments using Amazon Bedrock AgentCore resource-based policies. SaaS providers can use these controls to isolate tenants, enforce VPC-only traffic for regulated workloads, and manage cross-account access — all from a shared infrastructure. This matters because poorly isolated multi-tenant AI systems can expose one customer’s data or capabilities to another. Architect’s Take: If you are building or reviewing a multi-tenant SaaS platform on Bedrock AgentCore, implement resource-based policies now to enforce tenant isolation boundaries — pay particular attention to cross-account trust conditions and VPC endpoint restrictions to meet regulatory obligations such as UK GDPR and financial sector requirements. ...

🟠 High | Source: AWS Security Bulletins A vulnerability in AWS’s Kiro agentic IDE (versions prior to 0.11) allows remote unauthenticated attackers to write to execution-sensitive files such as .vscode/tasks.json, which can trigger automatic command execution when a folder is opened. The flaw stems from insufficient access control restrictions in the IDE’s file write tool. This is particularly concerning as it can be exploited via crafted instructions, potentially through AI agent interactions. ...