All news in category “Vendor and Hyperscaler Watch”

🛡️ Cloudflare is extending Project Galileo to include Bot Management and AI Crawl Control, giving participating journalists, independent publishers, and non-profits free tools to monitor and manage AI crawlers. These services help distinguish legitimate search crawlers from AI scrapers, analyze crawler behavior by type and provider, and apply tailored rules to protect content. The goal is to help news organizations preserve traffic, protect intellectual property, and negotiate fair compensation with AI companies.

🔒 GitHub is implementing stronger defenses for the npm ecosystem after recent supply-chain attacks that compromised repositories and spread to package registries. The platform will require 2FA for local publishing, shorten token lifetimes to seven days, deprecate classic tokens and TOTP in favor of FIDO/WebAuth, and promote trusted publishing. Changes will roll out gradually with documentation and migration guides to reduce disruption.

🔒 Apple has introduced Memory Integrity Enforcement in the iPhone 17, a hardware-aware, always-on defense against memory-safety exploits used by spyware like Pegasus. Building on Arm’s MTE and its 2022 Enhanced Memory Tagging Extension, Apple’s implementation tags allocations with secrets and verifies them on every access. The company says the protection runs continuously without noticeable performance loss. Apple collaborated with Arm and tuned the chip-level design to make exploitation of memory-corruption bugs significantly harder while preserving compatibility with existing code.

🔐 GitHub said it will change npm authentication and publishing practices in the near future to address recent supply-chain attacks, including the Shai-Hulud incident. The company will require 2FA for local publishes, deprecate legacy tokens and TOTP in favor of FIDO, introduce seven-day granular publishing tokens, and enable OIDC-based trusted publishing. The npm CLI will also auto-generate provenance attestations to prove source and build environment.

🚀 Amazon EC2 R8gb instances are now generally available as EBS-optimized compute powered by AWS Graviton4. AWS reports up to 30% better compute performance versus Graviton3 and up to 150 Gbps of EBS bandwidth, delivering higher block storage throughput than same-sized Graviton4 counterparts. Sizes scale to 24xlarge (including a metal option) with up to 768 GiB memory and 200 Gbps networking; select large sizes support EFA. Initially available in US East (N. Virginia) and US West (Oregon).

🔁 Amazon RDS now supports single-step cross-Region and cross-account copying of snapshots for Amazon RDS and Amazon Aurora. This new capability eliminates the prior two-step process and removes the need for an intermediate snapshot, helping customers achieve tighter recovery point objectives while reducing storage and operational costs. The feature is available in all AWS Regions, including AWS China and AWS GovCloud (US), and can be used today via the AWS Management Console, AWS CLI, or AWS SDKs.

🤖 Amazon Web Services announced the Nova Act extension, embedding the agent development workflow directly into popular IDEs such as Visual Studio Code, Kiro, and Cursor. The extension unifies natural-language script creation, fine-grained scripting controls, and integrated browser testing into a single interface, reducing context switching across tools. Built on the Nova Act SDK (research preview since March 2025), the extension is available today from IDE extension marketplaces and the project’s GitHub repository includes documentation and examples to get started.

📞 Amazon Connect now lets administrators associate custom, predefined attributes with individual interaction segments. Attributes such as business unit, account type, or contact reason can be centrally managed and applied through contact flows or the UpdateContact API, ensuring each segment retains accurate business context during transfers and multi-party interactions. For example, engagements that start in Support and move to Sales keep distinct business unit names per segment. This capability strengthens reporting and analytics across the customer journey and is available in all AWS regions.

🔒 AWS announced general availability of EC2 instance attestation in September 2025, enabling customers to cryptographically verify that only trusted software and configurations run on EC2 instances, including those with AI chips and GPUs. The feature uses NitroTPM and Attestable AMIs to create and compare cryptographic measurements of AMI contents. It integrates with AWS KMS so key operations can be restricted to instances that pass attestation. EC2 instance attestation is available in all AWS Commercial Regions, including AWS GovCloud (US).

🔐 IAM Identity Center now supports customer-managed AWS KMS keys to encrypt workforce identity data, including user and group attributes. While AWS-owned keys remain the default, a customer-managed key (CMK) lets organizations control key lifecycle, policies, and usage permissions for stronger security and compliance. CMKs can be set when enabling a new organization instance or added to existing ones, and their usage is auditable via AWS CloudTrail. Support is available for access to accounts and select AWS applications across all IAM Identity Center regions; standard KMS charges apply.

🚀 Amazon Redshift Serverless is now generally available in the AWS Asia Pacific (Taipei) region, enabling analysts, developers, and data scientists to run and scale analytics without provisioning or managing clusters. The service automatically provisions and intelligently scales compute, with per-second billing for workload duration. Users can query data via Query Editor V2 or existing BI tools, load data from Amazon S3, restore snapshots, and directly query open formats like Apache Parquet, while benefiting from unified billing across data sources.

🔒 This post describes an automated approach to validate and document exceptions to AWS Security Hub findings, enabling security teams to enforce governance while developers request and implement compensating controls. The solution leverages EventBridge, SQS, Lambda, and DynamoDB to validate controls, collect evidence, and maintain an immutable audit trail. It preserves segregation of duties, supports multiple validation types, and includes deployment scripts and CloudFormation templates. The authors emphasize the reference architecture is a starting point and must be reviewed and adapted before production use.

🔒 Amazon Connect Contact Lens now provides automatic sensitive data redaction for voice and chat conversational analytics in French (France, Canada), Portuguese (Portugal, Brazil), Italian, German, and Spanish (Spain). You can remove PII, financial account numbers and PINs, and Internet access details from transcripts and audio files, choosing to redact selected entities or all detected sensitive data. Redacted values can be replaced with a generic placeholder (e.g., [PII]) or an entity-specific placeholder (e.g., [NAME]). Sensitive data redaction is available in all AWS Regions where Amazon Connect is offered.

🔧 Microsoft removed a compatibility hold that prevented devices with integrated cameras from installing Windows 11, version 24H2 after fixing a face/object detection bug that could cause the Camera app, Windows Hello facial sign-in, and other camera-using apps to freeze. The safeguard (ID 53340062) has been lifted; eligible devices with no other holds should be offered the update via Windows Update within 48 hours, and restarting may speed the offer. Microsoft recommends installing the latest security update, which includes the fix.

📊 Amazon Connect's Flow Designer now includes an analytics mode that surfaces aggregate metrics across drag-and-drop flows to help teams build and optimize customer journeys. You can visualize step-level behavior, including where users abandon, encounter errors, or are transferred to agent queues, enabling targeted troubleshooting and configuration fixes. This capability is included with Amazon Connect (with unlimited AI) pricing and is available in all AWS regions.

🔁 Mozilla now allows Firefox extension developers to roll back recently approved versions to a previously approved release, enabling fast mitigation of critical bugs and regressions. When reverted, users cannot install the problematic version, and browsers with automatic updates will revert affected installations within 24 hours. Developers can republish a prior build via the Developer Hub or the Add-on Submission API. Rollbacks require at least two approved versions on addons.mozilla.org, while self-distributed extensions may revert to any approved version.

🌐 Cloudflare announced sponsorships for two independent open-source projects: Ladybird, a browser built from scratch with new LibWeb and LibJS engines, and Omarchy, an opinionated Arch Linux setup for developers. The company frames its contributions as unconditional, aimed at preserving diversity, privacy, security, and performance across client and developer tooling. Both projects are early-stage, invite community contributions, and may influence broader web platform standards and developer workflows.

🔧 Cap'n Web is a compact, open-source RPC protocol and TypeScript implementation designed for the modern web stack. It provides an object-capability model with bidirectional calls, function and object references, and promise pipelining while using human-readable JSON for transport. The library runs in browsers, Node.js, and Cloudflare Workers, ships as a sub-10KB minified bundle, and integrates with TypeScript tooling. It's experimental but already used inside Cloudflare and released under the MIT license.

🚀 Cloudflare is offering 12 months of its paid Developer features free to eligible US students with a verified .edu billing email. The program expands usage allotments for Workers, Pages Functions, KV, Durable Objects, Hyperdrive, Workers Logpush, and Queues so students can build APIs, full‑stack apps, and data pipelines without immediate cost. Eligible accounts also gain access to a dedicated student Discord community and clear redemption steps for new and existing .edu accounts.

🚀 Cloudflare has opened its Startup program to registered non-profit, civil society, and public interest organizations, offering up to $250,000 in credits to support developer and core services. Eligible groups can use credits for databases & storage, compute, AI, media, and performance and security tools. Applications are open now through December 1, 2025; awards will be made based on project description, technical needs, and expected impact. Applicants must be a registered 501(c)(3) or equivalent and describe the tool they plan to build or scale.