AWS Goes Dark, Oracle Drops 245 Patches, and a Chinese AI Model Just Undercut GPT-5.5 by 83%

It's a busy Wednesday in infrastructure land — one major cloud is still picking itself up off the floor, and your Oracle patching queue just got a lot longer.

AWS Outage Hits Multiple Regions — Again. Do You Have a Plan?

If your phone blew up this morning with alerts, you weren't alone. AWS suffered a widespread multi-region outage today, taking down services for businesses and developers across the board. Specific root cause details are still trickling out, but the blast radius was significant enough to reignite every "why aren't you multi-cloud?" conversation in every Slack workspace simultaneously.

Here's the hard truth: if your disaster recovery plan says "wait for AWS to fix it," that's not a DR plan — that's a hope strategy. This is a good forcing function to audit your dependencies. Which workloads are truly region-redundant? Which ones assume us-east-1 is always up? (Spoiler: it isn't.)

Practical steps right now: pull your architecture diagrams, identify single-cloud single-region dependencies, and prioritize the ones tied to revenue or customer-facing SLAs. Even a lightweight failover to a secondary provider — Vultr, Hetzner, or yes, NetActuate (more on them below) — buys you meaningful resilience. Multi-cloud doesn't have to mean rewriting everything. It means having somewhere else to go when the big one goes down.

Today was a reminder. Don't waste it.

Oracle June CSPU: 245 Patches, Zero Excuses

Oracle dropped its second monthly Critical Security Patch Update for 2026, and the number is not small — 245 vulnerabilities addressed across the Oracle product stack. This includes Database, Fusion Middleware, E-Business Suite, MySQL, Java SE, and more.

If you're managing Oracle infrastructure, your patching schedule just became a priority conversation. Oracle's CSPU cadence is now monthly (they shifted from quarterly a while back), which means the window between "patch released" and "exploit in the wild" keeps shrinking. Threat actors read Oracle advisories too.

What to do right now: pull the full advisory from Oracle's support portal, cross-reference against your installed product versions, and triage by CVSS score. Anything 9.0+ gets patched in the next change window — no exceptions. If you're running Oracle in a regulated environment (healthcare, finance, government), your compliance team needs a heads-up today.

One thing I'll say from experience: Oracle environments tend to have long change management cycles baked in by culture. That worked when patches dropped quarterly. It doesn't work anymore. If your organization is still treating Oracle patching like a quarterly ritual, this is the month to have that conversation with leadership.

NetActuate Adds Cloud Routers, Magic Mesh, and VPC Load Balancing Across 45+ Markets

NetActuate quietly dropped a significant platform expansion this week, and it's worth paying attention to if you're evaluating edge infrastructure. The additions: cloud routers, Magic Mesh (their overlay networking layer), stateful firewall, and VPC load balancing — now available across 45+ global markets.

The "Magic Mesh" branding will make any Ubiquiti person do a double-take, but functionally it's an overlay mesh that simplifies multi-site connectivity without requiring you to manage BGP sessions manually. Pair that with the new stateful firewall and VPC load balancing, and NetActuate is starting to look like a credible alternative for edge deployments where you want more control than hyperscalers offer but don't want to rack your own gear in 40 cities.

For the homelabbers and small MSPs in this community: the cloud router feature is particularly interesting. If you're running Ubiquiti gear on-prem and need a clean handoff to cloud infrastructure, having a proper cloud-side router with stateful firewall — rather than bolting security groups onto a flat network — is a meaningful architectural improvement. Worth spinning up a test environment and kicking the tires, especially given today's AWS news.

GLM-5.2 Beats GPT-5.5 on Coding Benchmarks at 1/6th the Cost — and It's Open Weights

Z.ai just released GLM-5.2, a 753-billion parameter open-weights model that's outperforming GPT-5.5 on multiple long-horizon coding and engineering benchmarks — and doing it at roughly one-sixth the cost. That's not a rounding error. That's a pricing category difference.

The "long-horizon" framing matters here. This isn't just autocomplete or single-function generation. GLM-5.2 is benchmarked on tasks that require sustained reasoning across large codebases — the kind of agentic coding work where most models fall apart after a few hundred tokens of context. If those benchmarks hold up in real-world use (always verify independently), this is a serious tool for infrastructure automation, script generation, and config management workflows.

The open-weights piece is the real story for this audience. You can run this yourself. No API dependency, no per-token billing anxiety, no data leaving your environment. For teams handling sensitive infrastructure configs or operating in air-gapped environments, self-hosted open-weights models have always been the only viable path. GLM-5.2 just made that path significantly more capable.

Hardware requirements for a 753B model are still substantial — you're looking at multi-GPU or high-end inference hardware — but quantized versions will follow. Keep this one on your radar.

Proxmox Mail Gateway 9.1 Brings Client-Side Encryption to Backups

Proxmox Mail Gateway 9.1 shipped this week with a headline feature that sysadmins running Proxmox Backup Server should care about immediately: client-side encryption for backups, covering both data and metadata.

This is a meaningful security posture upgrade. Previous backup encryption in the Proxmox ecosystem encrypted data at rest on the server side, which means whoever controls the backup server can read your backups. Client-side encryption flips that — the data is encrypted before it leaves the source, and the backup server never sees the plaintext. Your keys, your data.

The metadata encryption piece is often overlooked but equally important. Unencrypted metadata can leak information about file names, sizes, timestamps, and directory structure even when content is protected. PMG 9.1 closes that gap.

If you're running Proxmox in a multi-tenant environment, an MSP context, or anywhere that a compromised backup server would be a catastrophic disclosure event, upgrade and enable client-side encryption now. The 9.1 release is also based on Debian 13.5, so you're getting an updated base along with the security improvements. Standard advice applies: test the restore process after enabling encryption. Encrypted backups you can't restore are just expensive noise.

Want this in your inbox? Subscribe here · Follow on LinkedIn · Join the Discord