< ciso
brief />
Vendor and Hyperscaler Watch Banner

All news in category “Vendor and Hyperscaler Watch

4606 articles · page 13 of 231

Check Point Integrates OpenAI Frontier Cyber Models

🤖 Check Point is embedding OpenAI frontier cyber models into its security products through the Daybreak Cyber Partner Program to deliver sharper prevention, faster remediation, and stronger security operations. The partnership emphasizes built-in guardrails, misuse monitoring, and task-focused outputs. Initial explorations target agentic network security orchestration and CTEM Agentic Exposure Validation to improve policy translation, configuration validation, exposure summarization, prioritization, and remediation drafting.
read more →

BigQuery Managed Python UDFs Now Generally Available

🐍 BigQuery now supports fully managed Python User-Defined Functions (UDFs) in GA, enabling data teams to run custom Python code securely inside BigQuery using SQL or BigQuery DataFrames. The service runs on BigQuery-managed serverless infrastructure that auto-scales and removes the need to manage containers. It provides access to popular Python libraries, vectorized PyArrow processing, configurable container resources, concurrency controls, and streaming logs for observability. Billing is integrated with BigQuery SKUs and supports spend commitments and cost monitoring.
read more →

AWS Network Firewall changes default stateful action

🚨 AWS Network Firewall now sets the default stateful action for newly created firewall policies to Application drop established (server-directed only), replacing the previous Application drop established (bidirectional). This safer default prevents silent drops of legitimate server-to-client TCP packets (for example, window updates, keep-alives, and resets) that caused intermittent connection issues. No action is required for new policies; existing environments that rely on bidirectional behavior for post-quantum cryptography (PQC) fragmented TLS handshakes should consult the documentation for guidance on switching or adding the to_server flag to TCP drop rules.
read more →

AWS Continuum aims to streamline code security

🔒 AWS has introduced Continuum, a service to continuously discover, investigate, and remediate vulnerabilities across first-party and third-party codebases. The platform uses AI to validate exploitability, generate remediation recommendations, and propose fixes that integrate with existing development workflows. New capabilities include automatic threat modeling in STRIDE format, while more established features derive from the Security Agent product. Continuum supports graduated trust from human-in-the-loop review to an "enforce mode" for autonomous remediation.
read more →

AWS Batch adds ordered instance allocation strategies

🚀 AWS Batch introduces two new allocation strategies—Best Fit Progressive Ordered (BFPO) and Spot Capacity Optimized Prioritized (SCOP)—allowing customers to specify ordered instance type preferences for on‑demand and Spot compute environments. Use BEST_FIT_PROGRESSIVE_ORDERED for on‑demand and SPOT_CAPACITY_OPTIMIZED_PRIORITIZED for Spot environments, supplying an ordered list of instance types or families. These options are configurable via the AWS Batch API (CreateComputeEnvironment or UpdateComputeEnvironment) or the AWS Management Console and are available in all Regions where AWS Batch is offered.
read more →

IAM Identity Center adds separate account and app quotas

🔔 AWS IAM Identity Center now supports separate quotas for AWS accounts and applications. By default, administrators can configure up to 7,000 AWS accounts and 7,000 applications independently, so use of one does not reduce capacity for the other. Existing customers with higher limits retain those limits automatically. Quota increases remain available via the AWS Service Quotas console.
read more →

Implementing Egress Controls to Prevent Data Exfiltration

🔒 This post outlines an architecture and controls for preventing data exfiltration from AWS environments by combining centralized network inspection, DNS filtering, and data perimeter policies. It explains a hub-and-spoke pattern using Transit Gateway, AWS Network Firewall, and Route 53 Resolver DNS Firewall to inspect and block unauthorized outbound traffic, including scenarios involving compromised workloads and agentic AI. The article details layered preventive, detective, and corrective measures using AWS services such as GuardDuty, Security Hub, IAM Access Analyzer, EventBridge, and Firewall Manager to automate detection and response.
read more →

Amazon MSK adds AI Agent Skills for operators

🤖 Amazon MSK now offers AI Agent Skills that provide AI coding assistants with expert, up-to-date guidance for operating Amazon MSK. The skills cover common operational tasks including troubleshooting, sizing, configuring, monitoring, and migration from external Kafka clusters. Teams can use these skills to keep clusters healthy, improve performance, and accelerate migration to MSK Express with higher throughput and faster scaling. Setup involves configuring the Agent Toolkit for AWS via the AWS CLI and using supported coding agents like Kiro, Claude Code, or Cursor.
read more →

Amazon MSK Replicator adds mTLS support for Express

🔒 Amazon MSK Replicator now supports mutual TLS (mTLS) authentication for replicating data from external Apache Kafka clusters — including on‑premises, self‑managed on AWS, or other cloud providers — to Amazon MSK Express brokers. This enables migrations, disaster recovery, and hybrid or multi‑cloud data distribution using mTLS‑configured external clusters. MSK Replicator automates replication while preserving topic names and avoiding infinite loops, and also synchronizes consumer group offsets bidirectionally to allow independent movement of producers and consumers.
read more →

Google enforces developer verification on Android

🔒 Google will begin enforcing Android developer verification on September 30, 2026, in Brazil, Indonesia, Singapore, and Thailand. Certified devices from major OEMs will block normal installs of apps whose developers have not registered an identity with Google, affecting sideloaded and independent apps most. The Android Developer Verifier service rolls out to phones running Android 8+ starting June, with APIs and limited-distribution accounts arriving mid-year.
read more →

AWS Outposts adds self-service lifecycle controls

🛠️ AWS Outposts introduces self-service lifecycle management allowing customers to configure, quote, order, manage subscriptions, renew, and decommission Outposts via the AWS Management Console, CLI, and API. A new configuration and quoting tool provides real-time cost estimates across payment options and term lengths, surfaces account and regional constraints, and converts quotes to orders for new deployments or capacity additions. Subscription details and term information are exposed programmatically, and guided workflows support renewal or decommissioning with resource cleanup. These capabilities are available in all commercial AWS Regions that support AWS Outposts.
read more →

Google AI Studio Starter Tier: Quick prototyping

🧩 Google Cloud's Starter Tier for Google AI Studio provisions a managed, limited stack (Cloud Run, Firestore, Cloud SQL for PostgreSQL, Firebase Auth) so individual Google Accounts can publish prototypes without a billing account. The environment is fully managed by Google, with region, APIs, and security policies preselected. It supports two active apps, a simplified console, and automatic agent-driven provisioning and code generation. Quotas, locked APIs, ephemeral storage, and upgrade paths to paid projects are explained.
read more →

Zero Trust as the AI control plane for Southeast Asia

🔒 At Zscaler’s Zenith Live 2026 in Vienna, the vendor argued that AI agents are rapidly becoming digital workers while regulators tighten data residency and supply‑chain threats move closer to core operations. Zscaler proposes extending its Zero Trust Exchange and SASE platform to govern AI agents, unmanaged devices, multi‑cloud workloads, and B2B partners, positioning zero trust as the control plane for secure AI adoption in regulated, highly connected markets like Southeast Asia. The company emphasised an AI Broker, endpoint AI security, and an AI Access Graph to map and protect AI assets and data flows.
read more →

Analysis of Reported Credential Compromise of FortiGate

🔐 Fortinet has observed malicious actors harvesting FortiGate credentials in an activity labeled "FortiBleed." Their initial analysis indicates attackers are reusing credentials from prior incidents and leveraging brute-force techniques against devices lacking strong passwords and multi-factor authentication. This is not a new Fortinet vulnerability and is unrelated to recent advisories. Fortinet is investigating, notifying impacted customers, and recommending immediate defensive actions and hardening.
read more →

Apple change to Hide My Email raises privacy concerns

🔒 Apple is changing the domain used for newly generated Hide My Email aliases from "@icloud.com" to "@private.icloud.com", a tweak that has drawn criticism from privacy-minded users. The shift makes generated addresses identifiable as aliases, potentially allowing sites to block anonymous sign-ups. Existing aliases will continue to function, while new ones will be issued on the new domain later this summer. Users warned this could reduce the feature's effectiveness for anonymity.
read more →

Cloudflare introduces temporary agent accounts

⚙️ Today Cloudflare announced Temporary Cloudflare Accounts for AI agents, enabling agents to run wrangler deploy --temporary to deploy Workers instantly without human sign-up. Temporary deployments remain live for 60 minutes and can be claimed by a user to become permanent; unclaimed accounts expire automatically. The feature integrates with Wrangler, which now informs agents about the --temporary flag, letting agent-driven development iterate quickly through deploy, verify, and redeploy cycles.
read more →

AWS launches Continuum to manage code vulnerabilities

🛡️ AWS has introduced Continuum, a new platform that manages code vulnerabilities across discovery, prioritization, validation and remediation. Launched at AWS Summit New York on June 17, Continuum ingests both structured and unstructured data from an organization’s environment and begins in a human-supervised "learn mode." The platform includes the AWS Security Agent and features for pen testing, code scanning and threat modelling, with outputs in STRIDE format.
read more →

Prisma AIRS local cloud launch in Japan

🚀 Palo Alto Networks is launching a local cloud location for Prisma® AIRS™ in Japan to secure emerging AI deployments. The expansion provides domestic data residency, low-latency processing, and phased rollout of comprehensive AI security features for models, agents, and artifacts. It aims to help Japanese organizations adopt Generative AI and agentic workflows with improved operational efficiency and cyber resilience.
read more →

AWS Announces Hanoi Local Zone with Local Storage

📢 AWS today announced general availability of a new Local Zone in Hanoi, Vietnam, bringing infrastructure closer to end users. The Hanoi Local Zone supports Amazon EC2 with C7i, M7i, and R7i instances, Amazon S3 including One Zone-IA, and Amazon EBS with Local Snapshots and multiple volume types. Customers can enable the zone (ap-southeast-1-han-1a) via AWS Global View or the ModifyAvailabilityZoneGroup API.
read more →

CloudWatch Synthetics adds multilocation canaries

🛰️ Amazon CloudWatch Synthetics now supports multilocation canaries, enabling teams to run a single canary across multiple AWS Regions from one management point. This eliminates the need to create separate regional canaries, reducing operational overhead and configuration drift. Replica canaries run independently while consolidating run data, metrics, and artifacts in the primary Region, and alarms can be configured to trigger only on multi-region issues. Multilocation canaries are available in all commercial AWS Regions that support CloudWatch Synthetics.
read more →