All news in category “Vendor and Hyperscaler Watch”

🔍 CVE Lite CLI is an OWASP-backed, open-source scanner for JavaScript and TypeScript lockfiles that emphasizes local, early feedback for dependency vulnerabilities. The tool inspects npm, pnpm, and Yarn lockfiles using OSV data, distinguishes direct vs transitive issues, and recommends practical upgrade paths. It is designed as a lightweight developer tool complementing, not replacing, enterprise SCA platforms and intentionally keeps core vulnerability analysis deterministic while offering AI as an explanatory layer.

🔒 GitHub has introduced staged publishing on npm, requiring a human maintainer to complete a two-factor authentication (2FA) challenge before a package version becomes publicly installable. The prebuilt tarball is uploaded to a staging queue and only becomes available after explicit approval. Maintainers must have publish access, an existing package, and enabled 2FA. GitHub also added three install-source flags to control non-registry installs.

🔒 Amazon SageMaker Unified Studio now supports domain management for both Identity Center and IAM-based domains outside the AWS Console. Administrators and data management teams can create and manage projects, configure workforce identity, administer users and permissions, and set networking properties. VPC configuration and account associations are consistent across domain types and available in all Regions where Unified Studio is offered.

🔍 AWS Transform now includes enhanced migration assessment capabilities that support what-if scenarios, customizable assumptions, flexible file formats, and expanded TCO assessment features. These updates enable rapid building of migration business cases and faster decision-making. The tool accepts inputs from RVTools, CMDBs, AWS discovery exports, and many third-party discovery tools. New analysis options cover EC2, FSx, S3, SQL Server on EC2, virtual desktops, and additional Cloud Value Framework pillars.

🛠️ Amazon SageMaker Unified Studio now adds business context, metadata, and data governance features for IAM-based domains. Customers can annotate AWS Glue Data Catalog tables with business names, descriptions, and README documentation, and use AI-generated metadata to automate cataloging. Teams can build business glossaries, define metadata form templates, and capture structured attributes like classification, retention, and ownership. These capabilities enable search, filtering by glossary or metadata fields, and access requests with automated Lake Formation permission grants, and are available in all regions where SageMaker Unified Studio is supported.

🔐 AWS Security Agent now generates verification scripts for penetration test findings to help teams reproduce and validate discovered vulnerabilities. The tool creates ready-to-run scripts for each confirmed finding that include setup instructions, documented environment variables, and redacted sensitive values. Teams download the script, configure variables, and execute it against targets to streamline triage and speed remediation. Verification scripts are available in all Regions where AWS Security Agent is supported.

🔒 Microsoft announced it was recognized as a Leader in The Forrester Wave™: Workforce Identity Security Platforms, Q2 2026, receiving top scores for current offering and strategy. The post emphasizes the need to unify identity signals, access policies, and response workflows to reduce fragmentation and improve security. It highlights Microsoft Entra capabilities in ITDR, phishing-resistant authentication, access control, and identity verification. The article also stresses the growing importance of managing AI and non-human identities through continuous, context-aware enforcement.

🚀 Microsoft announces the public preview of cross-cluster networking for Azure Kubernetes Fleet Manager, bringing transparent east‑west multi-cluster connectivity powered by Advanced Container Networking Services. Built on Cilium and Kubefleet, this managed capability extends the Kubernetes networking model across clusters to enable direct pod-to-pod communication, policy enforcement, and observability while preserving cluster isolation. The managed approach reduces operational overhead for multi-cluster fleets and supports resilient, global, and shared‑services architectures.

🔄 Amazon WorkSpaces now supports WorkSpace Migration for all Linux operating systems offered by the service, enabling seamless migration between Linux OS versions and distributions. The feature automatically transfers user data from a Linux WorkSpace’s home directory to the new WorkSpace, removing the need for manual data copying. Supported in AWS commercial and AWS GovCloud (US) Regions where WorkSpaces Personal is available, the capability helps streamline OS upgrades and migrations without disrupting end users.

🛡️ This article highlights how St. Luke’s University Health Network and ManpowerGroup modernized security to enable AI-powered operations. It describes how both organizations unified visibility across cloud, identity, endpoint, and email by adopting Microsoft Security Copilot, Microsoft Defender, and Microsoft Sentinel, and how automation reduced noise and accelerated response. The piece frames security as a strategic enabler for scaling AI responsibly under Zero Trust and governance principles.

🚀 Amazon Keyspaces (for Apache Cassandra) is now available in the Asia Pacific (Malaysia) and Asia Pacific (Thailand) Regions, enabling customers to build Cassandra-compatible applications with lower latency and keep data within the Region to meet residency requirements. The managed, serverless service offers virtually unlimited throughput and storage while customers pay only for used resources. These Regions provide the same features as other AWS Regions, including point-in-time recovery, Multi-Region replication, CDC streams, and IPv6 support, reducing operational overhead of running Cassandra clusters.

🧭 Microsoft is piloting agentic AI in Edge for Business to streamline multi-step workflows like form-filling, site navigation, and cross-tab data gathering. A limited preview introduces a unified new-tab experience with calendar entries, files, and Copilot prompts to reduce context-switching. Enterprises can enforce data protections—blocking copy/paste, keeping prompts and responses inside their Microsoft 365 tenant, and auditing or blocking sensitive uploads. The features integrate with Purview to detect and prevent policy violations when users sign into Edge for Business.

🚀 Azure NetApp Files extends cloud storage performance for Electronic Design Automation (EDA) by delivering predictable, high-throughput shared storage at massive concurrency. New capabilities like large volumes and breakthrough mode enable thousands of parallel jobs with consistent latency, validated by SPECstorage® Solution 2020 EDA_BLENDED benchmarking. Leading semiconductor firms are adopting ANF for production EDA workloads.

🔒 Apple reports it prevented more than $2.2bn in fraudulent App Store transactions over the past year and blocked over 1.1 billion fraudulent account creations. By combining human review with machine learning and AI models, Apple says it accelerated fraud detection and disrupted new deceptive tactics. In 2025 the company also terminated 193,000 developer accounts, deactivated 40.4 million user accounts, and prevented use of 5.4 million stolen credit cards.

🔒 Google is folding CodeMender into its broader Agent Platform strategy, expanding the AI-powered security agent from standalone vulnerability remediation toward an integrated, governed enterprise agent ecosystem. Launched in October 2025 to autonomously identify and patch vulnerabilities using Gemini models, CodeMender reportedly upstreamed dozens of fixes but lacks published performance metrics on accuracy and regressions. The integration emphasizes governance, observability, and identity, positioning CodeMender as a controlled participant in AI-native development and security pipelines rather than an unsupervised remediation tool.

🔒 AWS Clean Rooms now supports mutable, fine-grained payment configurations that let collaboration members flexibly assign payment responsibilities. Customers can designate which partners are authorized to pay for specific cost types—such as SQL queries, PySpark jobs, ML training and inference, and synthetic data generation—after a collaboration is created. Authorized payers can be added or removed via change requests that require member approval; SQL and PySpark analyses may have multiple payers and one can be chosen at submission.

🔐 AWS Secrets Manager now supports managed external secrets for Datadog vended keys and Snowflake Programmatic Access Tokens, enabling automatic rotation of third-party credentials directly within Secrets Manager. The update covers Datadog API keys, Application keys, and admin credential pairs for service accounts. For Snowflake, Secrets Manager can rotate Programmatic Access Tokens using Snowflake's native authentication and offers a configurable grace period to minimize disruption. These additions join existing integrations such as BigID, Confluent Cloud, MongoDB Atlas, and Salesforce and are available in all Regions where managed external secrets is supported.

🔍 Amazon CloudWatch Logs Insights query language gains 13 new commands and functions to enhance log querying, transformation, and analysis. New features include string and numeric functions like round, startswith, endswith, case, regex_replace, and haversine, encoding/decoding functions such as urlencode, urldecode, base64encode, base64decode, and parse/analysis commands like parse logfmt, expand, and relevantfields. These additions enable prefix filtering, inline Base64 decoding, logfmt parsing, JSON array expansion, geographic distance calculation, and automatic surfacing of relevant fields across high-cardinality groups.

🔒 AWS has completed the S&P Global Know Your Third Party (KY3P) assessment to validate its security posture and help customers reduce supplier due diligence. The KY3P assessment is evidence-based and evaluates operation of controls across privacy, network, access, and physical security domains. Results can be mapped to frameworks such as NIST CSF v2, PCI DSS 4.0, and ISO 27001:2022 to provide customers with standardized risk data and improved visibility into supply chain risks.

🟦 Amazon EC2 C7i-flex, M7i-flex, and M7i instances powered by custom 4th Gen Intel Xeon Scalable (Sapphire Rapids) processors are now available in the Asia Pacific (Hyderabad) region. These custom AWS-only processors deliver up to 15% better performance versus comparable x86 Intel processors used by other clouds. C7i-flex and M7i-flex provide up to 19% improved price-performance for common general-purpose workloads, while M7i offers up to 15% price-performance gains and larger sizes including bare metal with Intel accelerators.