Weekly Threat Landscape: Chrome 0-Days, AWS Breaches, and the Rise of Rogue AI

Saw the weekly recap this morning and that 'ah, great' feeling hit hard. It’s not just one thing; it’s the combination of active Chrome zero-days, router botnets, and that AWS breach analysis that is keeping me up. It feels like the theoretical risks of last year are this year's active exploitation campaigns.

Specifically, the Chrome 0-days (CVE-2026-1510 in Skia and CVE-2026-1512 in V8) are concerning because they bypass standard sandboxing. If you haven't pushed the latest patch yet, prioritize it. We threw together a quick KQL query to hunt for suspicious child processes spawned by Chrome, which is often the first sign of exploit chains trying to escape the renderer:

DeviceProcessEvents
| where InitiatingProcessFileName == "chrome.exe"
| where ProcessVersionInfoCompanyName != "Google LLC" or ProcessVersionInfoOriginalFileName in ("cmd.exe", "powershell.exe", "wscript.exe")
| project Timestamp, DeviceName, FileName, ProcessCommandLine, InitiatingProcessCommandLine
| order by Timestamp desc

Equally troubling is the section on Rogue AI Agents. We’re seeing prompt injection evolve from "ignore instructions" to actual data exfiltration via "reasoning" attacks. It’s getting harder to distinguish between a curious user and a compromised agent.

On the infra side, the router botnet activity (specifically targeting MIPS-based devices) is a reminder to check those edge logs.

How is everyone handling the AI agent exposure in your orgs? Are you sandboxing them completely, or trying to implement strict output filtering?