Week in Cybersecurity: Chrome 0-Days, Router Botnets, AWS Breach & Rogue AI
This weekly security digest highlights Google Chrome’s two actively exploited 0-days (CVE-2026-3909/3910) patched by Google, plus widespread router botnets like SocksEscort and KadNap leveraging firmware abuse; it also details UNC6426’s AWS breach via an nx npm supply-chain compromise and GitHub‑to‑AWS trust abuse. The roundup covers new threats such as the Roundish Roundcube toolkit, AI-agent collaboration risks, phishing targeting AWS credentials, a AppsFlyer SDK supply-chain incident, and ransomware like GIBCRYPTO, along with notable security news (Meta ending Instagram E2EE) and new defense tools like Dev Machine Guard and Trajan.