< ciso
brief />
Vendor and Hyperscaler Watch Banner

All news in category “Vendor and Hyperscaler Watch

4609 articles · page 21 of 231

AWS launches Workload Credentials Provider for certs

🔒 AWS announced the AWS Workload Credentials Provider, a lightweight client-side tool that automates export and deployment of certificates from AWS Certificate Manager and local caching of secrets from AWS Secrets Manager. It removes the need for custom EventBridge-based automation for certificate renewals, supports Windows and Linux, and works with Apache and NGINX. The provider is open source and compatible with Secrets Manager Agent functionality.
read more →

GitHub to disable npm install scripts by default

🔒 GitHub announced breaking changes shipping in npm v12 that disable install-time lifecycle scripts by default to reduce software supply chain risk. The update stops preinstall, install, and postinstall scripts, blocks resolving Git and remote URL dependencies unless explicitly allowed, and changes default allow settings such as --allow-git to "none". Developers are advised to upgrade to npm 11.16.0+, review warnings, and use npm approve-scripts to opt in for trusted packages.
read more →

GitHub to disable automatic npm install scripts by default

🔒 GitHub will change npm v12 defaults in July to block automatic execution of dependency install scripts unless a project explicitly allows them. The change prevents preinstall, install and postinstall scripts — including implicit node-gyp rebuilds — from running by default, narrowing a common supply chain attack vector. Experts generally praised the move as overdue but warned it only reduces, not eliminates, supply chain risk and will push attackers to other methods.
read more →

OpenAI GPT-5.4 and GPT-5.5 Now in US East (N. Virginia)

🚀 AWS has expanded availability of OpenAI's GPT-5.4 and GPT-5.5 models to the US East (N. Virginia) Region on Amazon Bedrock. These models support a 272K-token context window, accept text and image input, and are accessible via the Responses API with server- and client-side tool calling, projects, and response streaming. GPT-5.5 targets advanced coding, research, analysis, and long-running agentic tasks, while GPT-5.4 focuses on frontier reasoning, coding, tool use, and long-context workflows.
read more →

OpenSearch Adds MCP App Support for Agentic Observability

🛠️ Amazon OpenSearch Service now integrates MCP Apps to bring observability workflows into compatible agentic IDEs like Claude Desktop and VS Code. With this integration, local AI agents can investigate incidents using logs, traces, metrics, and alerts stored in OpenSearch domains, collections, and Amazon Managed Service for Prometheus. Each MCP App returns both a concise text summary for agent reasoning and an interactive visualization for human review within the same conversation thread.
read more →

EC2 Future-dated Capacity Reservations: Cancellation

🔔 Amazon EC2 Future-dated Capacity Reservations now support cancellation, allowing customers to secure capacity up to 120 days in advance and cancel if plans change. Depending on timing, a cancellation charge may apply; when it does, EC2 provides a quoted charge for review and acceptance before cancellation completes. Cancellation charges are reportable in the AWS Cost and Usage Report (CUR) 2.0 under a new Capacity Reservation Status value. The feature is available to all Future-dated Capacity Reservation customers, with regional availability listed on the AWS Capabilities by Region site and further details in the Capacity Reservation user guide.
read more →

ECS Managed Daemons add PID and IPC sharing

🔧 Amazon ECS Managed Daemons now support inter-task visibility and communication by adding pidMode and ipcMode settings. These allow daemons to share process and IPC namespaces with application containers when set to "shared", while the default "none" keeps them isolated. Daemons run once per instance and start before applications, enabling independent deployment of agents like tracing, profiling, and security tools. The feature is available in all AWS Regions at no extra cost.
read more →

Google Cloud introduces Lightning Engine for Spark

⚡ Google Cloud has announced general availability of Lightning Engine for Managed Service for Apache Spark, available in both serverless and managed cluster modes. Built on Gluten and Velox with Google-engineered enhancements, the engine compiles Spark physical plans into native C++ to accelerate vectorized operations, window functions, and sorting. It also optimizes connectors for Cloud Storage and BigQuery and adds cost-based optimizations like hash table caching, aggregation pushdown, and adaptive shuffle partitioning.
read more →

VPC Flow Logs Adds EC2 Tags and Next-Hop Metadata

🔍 Amazon VPC Flow Logs now supports EC2 resource tag embedding and next-hop interface metadata to simplify network monitoring and troubleshooting. With tag support you can include values from network interfaces, EC2 instances, and Auto Scaling groups, removing the need to join log data with external tag metadata. Next-hop metadata captures interface ID, subnet, AZ, VPC, and interface type to clarify traffic paths through NAT Gateways, NLBs, and Transit Gateways.
read more →

Amazon EC2 M9g and M9gd with Graviton5

🚀 Amazon EC2 M9g and M9gd instances powered by AWS Graviton5 processors are now generally available. M9g targets general-purpose workloads and agentic AI tasks, while M9gd adds local NVMe SSD storage for low-latency, high-throughput use cases. These instances offer up to 25% better compute performance over Graviton4-based M8g/M8gd and deliver sizable gains for databases, web apps, and ML. They run on the sixth-generation Nitro System and introduce the Nitro Isolation Engine for formally verified workload isolation.
read more →

Amazon EC2 P6-B200 now in AWS GovCloud (US-East)

🚀 Amazon EC2 P6-B200 instances powered by NVIDIA Blackwell GPUs are now available in the AWS GovCloud (US-East) Region. These instances deliver up to 2x performance versus P5en for AI training and inference, with 8 GPUs and 1440 GB of high-bandwidth GPU memory. They include 5th Gen Intel Xeon processors, a 60% boost in GPU memory bandwidth, up to 3.2 Tbps EFAv4 networking, and run on the AWS Nitro System for secure scaling.
read more →

AWS Cost and Usage Report 2.0 adds editable exports

📣 AWS now allows customers to update AWS Cost and Usage Report 2.0 table configurations through the AWS Management Console and SDK/CLI. This change lets users modify export content, time granularity, column selection, export format, and destination settings without deleting and recreating exports. Updated preferences take effect starting with the next scheduled export delivery. The feature removes the previous requirement to recreate exports to adopt new CUR 2.0 schema enhancements.
read more →

Cloudflare adds private origin routing for apps

🛡️ Today Cloudflare launched Application Services for Private Origins in closed beta for eligible Enterprise customers, enabling secure routing to private IP origins without exposing them to the public Internet. This lets Cloudflare’s WAF, bot management, rate limiting, Workers, and other services sit in front of private applications using existing private connectivity such as Cloudflare Tunnel, Cloudflare Mesh, or Cloudflare WAN. The feature uses a toggle on proxied DNS records or an API attribute to instruct Cloudflare’s private networking layer to route traffic to private networks, and extends Layer 4 support via Spectrum for TCP/UDP services.
read more →

Practical defenses for unauthorized workplace AI

🛡️ This article outlines how enterprises can detect and block unauthorized AI tools—ranging from public chatbots like ChatGPT and Claude to meeting recorders and local model runners. It recommends monitoring NGFW/web-filter logs, EDR/EPP and MDM tools, browser policies, DNS reroutes, and application allowlists. The guidance covers detection indicators (domains, executables, SNI, calendar invites) and concrete lockdown steps (category blocks, policy toggles, OAuth restrictions). Emphasis is placed on offering approved alternatives and using layered controls rather than outright bans.
read more →

OMB M-26-14: From Data Hoarding to Active Defense

🔐 The OMB Memo M-26-14 ends compliance-driven data hoarding and mandates a risk-based, machine-speed logging approach. It requires six months of logs to be hot and searchable and one year retrievable, expands visibility to IoT/OT, and emphasizes continuous event monitoring and AI-driven detection. Legacy SIEMs struggle to meet these goals; Palo Alto Networks positions Cortex XSIAM as a FedRAMP-certified solution built for index-free, AI-enabled, cross-domain threat hunting.
read more →

FSx Intelligent‑Tiering expands to eight more Regions

🚀 Amazon FSx for OpenZFS now supports the Intelligent‑Tiering storage class in eight additional AWS Regions across the US, Europe, Asia Pacific, and South America. The Intelligent‑Tiering class automatically moves data among Frequent Access, Infrequent Access, and Archive tiers based on usage patterns and can include an optional SSD read cache for active data. This provides high performance for active workloads and lower-cost storage for less-active data, with up to 85% savings versus FSx SSD and up to 20% versus on‑premises HDD NAS.
read more →

SageMaker Unified Studio adds EMR Serverless Spark

🚀 Amazon SageMaker Unified Studio Notebooks now support Amazon EMR Serverless with Apache Spark Connect, enabling PySpark and Spark SQL execution on EMR Serverless Spark Applications directly from notebook cells. Users can choose their Spark runtime from the Notebook side panel, with the selection applying to both Python and SQL cells. The feature integrates with SageMaker Data Agent to generate code and execution plans from natural language prompts and offers pre-initialized capacity, unified Spark UI monitoring, and VPC connectivity for isolated workloads. It is available in all regions where SageMaker Unified Studio is offered and supports both Unified Studio notebooks and JupyterLab IDEs.
read more →

Reconstructing AI activity for investigations

🔍 Microsoft outlines a structured approach to investigate AI interactions across Microsoft 365 Copilot and Azure AI services, emphasizing telemetry from Purview, Defender, and Sentinel. The new investigator playbook follows a scope–context–signal methodology to identify who interacted with AI systems, what resources were accessed, and when events occurred. It operationalizes detection logic, KQL queries, and schema references to help response teams build coherent investigative narratives and assess impact.
read more →

Amazon S3 Access Grants Arrive in Germany Region

🛈 Amazon S3 Access Grants are now available in the AWS European Sovereign Cloud (Germany) Region. The feature maps identities from directories like Microsoft Entra ID and AWS IAM principals to S3 datasets, enabling automated, scalable data permission management. This simplifies granting S3 access to end users based on corporate identities. Check the AWS Region Table for full regional availability and refer to the product page for details.
read more →

Meta to Use Off‑Site Business Data for Personalization

🔒 Meta announced it will repurpose information businesses share about users' activity off its platforms to personalize Feed content and AI chatbot responses, expanding beyond targeted ads. The company said no new data collection is involved and that users can control this through an updated "Activity from other businesses" setting, replacing "Your activity off Meta technologies." The change will roll out next month in the U.S. and several other countries.
read more →