< ciso
brief />
Vendor and Hyperscaler Watch Banner

All news in category “Vendor and Hyperscaler Watch

4612 articles · page 24 of 231

VS Code introduces two‑hour extension update delay

🔒 Microsoft will delay automatic extension updates in Visual Studio Code by two hours to reduce exposure to potentially compromised releases. The feature, available in VS Code 1.123, allows immediate manual updates via the "Update" button and shows reasons and scheduled times for pending updates. Trusted publishers such as Microsoft, GitHub, and OpenAI are exempt and continue to update immediately. The change follows similar cooldown controls added across package managers to curb software supply chain threats.
read more →

Amazon Bedrock AgentCore adds interactive shells

🖥️ Amazon Bedrock AgentCore Runtime introduces the InvokeAgentRuntimeCommandShell API, providing a persistent, PTY-backed terminal over WebSocket into running agent sessions. This complements existing one-shot execution via InvokeAgentRuntimeCommand and delivers a full terminal experience inside an isolated microVM with features like colors, tab completion, Ctrl+C, resize, and automatic reconnect. Developers hosting coding agents (for example, Claude Code, OpenAI Codex, Amazon Kiro) can now authenticate, drop into the agent microVM, inspect files, run ad-hoc commands, and debug while retaining session state across reconnects. Each interactive session uses a runtime session ID and shell ID for resume; up to 10 concurrent shells are supported per runtime.
read more →

Simplified S3 Tables and Iceberg permissions in GovCloud

🔒 AWS Glue Data Catalog now supports IAM-based authorization for Amazon S3 Tables and Apache Iceberg materialized views in AWS GovCloud (US) Regions. This change lets you consolidate required permissions for storage, catalog, and query engines into a single IAM policy. The capability eases integration with analytics services such as Amazon Athena, Amazon EMR, Amazon Redshift, and AWS Glue. You can still opt in to AWS Lake Formation for fine-grained access controls.
read more →

OpenSearch UI arrives in AWS GovCloud regions

🔔 Amazon OpenSearch Service now offers its modernized operational analytics UI in AWS GovCloud (US-East) and AWS GovCloud (US-West), enabling unified access to managed domains and serverless collections from a single endpoint. The release introduces Workspaces for team collaboration and a revamped Discover experience with multi-source data selection, PPL and SQL support, DQL and Lucene compatibility, updated visuals, and query autocomplete. The UI updates are available regardless of the underlying managed cluster or collection version.
read more →

Fine-grained B2C Access Control with Cognito

🔐 This article demonstrates how to implement enterprise-grade authentication and authorization for a Streamlit sample application using Amazon Cognito for identity and Amazon Verified Permissions with Cedar policies for fine-grained access control. It outlines a layered architecture that separates identity verification, authorization evaluation, application logic, and enforcement to reduce blast radius. The post explains Cedar policy anatomy and common patterns—ownership, role-based, hierarchical, and emergency access—plus evaluation precedence where forbid policies take priority. Practical guidance covers required tools, provisioning steps, policy design tips, and testing recommendations to help developers scale secure applications.
read more →

RubyGems adds cooldown to Bundler to curb supply-chain risks

🔒 The RubyGems team added a cooldown option to Bundler to delay installing recently published gems, aiming to reduce exposure to software supply-chain attacks. The feature checks timestamps and ignores gems until they have been published for a configurable number of days, allowing time for malicious modifications to be discovered. Administrators can override the delay when rapid patching is required, balancing security and operational needs.
read more →

AWS Fargate adds 32vCPU tasks for ECS

🖥️ Amazon Elastic Container Service (Amazon ECS) with AWS Fargate now supports 32vCPU compute configurations, offering memory choices of 60 GiB, 120 GiB, or 244 GiB for both x86 and ARM Linux workloads. These larger task sizes enable high-performance computing, large-scale data processing, and AI inference use cases by allowing deployment of bigger containers and scaling beyond previous limits. The sizes are available on Fargate and Fargate Spot across commercial and GovCloud (US) Regions, and integrate with existing Compute Savings Plans. Configure task definitions with 32 vCPU and select a memory option to deploy via console, CLI, or IaC.
read more →

AWS adds C8in instances in Asia Pacific and Europe

🚀 Amazon EC2 C8in instances are now available in additional AWS regions including Asia Pacific (Sydney, Singapore, Malaysia) and Europe (Frankfurt). These instances use custom sixth-generation Intel Xeon Scalable processors exclusive to AWS and the latest sixth-generation AWS Nitro cards, offering up to 43% higher performance versus C6in. C8in supports sizes up to 384 vCPUs and 600 Gbps networking, targeting network-intensive distributed compute and large-scale analytics. They are offered via Savings Plans, On-Demand, and Spot.
read more →

XChat launch raises serious privacy and security doubts

🔒 Elon Musk’s XChat launched on iOS in April 2026 as a purportedly private messaging alternative, but its encryption model and key handling have raised alarm among experts. XChat stores users’ private keys on servers protected by HSMs and uses four-digit PINs to encrypt those keys for multi-device sync, a design that undermines classic end-to-end guarantees. Practical issues — message requests sent without E2EE, confusing PIN prompts, and weak brute-force protection — further complicate user security. The net result: XChat offers convenience at the cost of meaningful privacy assurances.
read more →

Cloudflare AI Gateway Adds Dollar-Based Spend Limits

🛡️ Cloudflare announces spend controls in AI Gateway, plus a closed beta for identity-driven budgets and routing using Cloudflare Access and existing identity providers. The update introduces dollar-denominated budgets, real-time cost tracking, and options to block or route requests when limits are reached. Identity integration enables per-user and per-team attribution and policies to manage who can access which models and how much they may spend.
read more →

AWS CLI adds interactive install for Agent Toolkit

🔧 Today AWS added an interactive wizard to the AWS Command Line Interface that installs and manages the Agent Toolkit for AWS across multiple coding agents. The toolkit provides an MCP server, 40+ agent skills, and plugins to give agents guidance and guardrails. Users can run aws configure agent-toolkit to detect installed agents, choose skills per agent, and search, install, or update skills via the CLI. The MCP Server is available in US East (N. Virginia) and Europe (Frankfurt).
read more →

AWS MCP Server Adds Cross-Account Cross-Role Access

🚀 Today AWS introduced cross-account and cross-role access for the AWS Model Context Protocol (MCP) Server, part of the Agent Toolkit for AWS. This update lets AI coding agents such as Kiro, Claude Code, or Codex operate across multiple AWS accounts and IAM roles within a single session without restarts. Previously, changing accounts required stopping the session, updating local credentials, and restarting the MCP server; now agents can specify a profile per command. The feature is intended to streamline multi-account workflows and reduce context-switch friction. The MCP Server is available in US East (N. Virginia) and Europe (Frankfurt).
read more →

IG Report Criticizes NIST Over NVD Backlog

🔍 A U.S. Commerce Department inspector general report faults NIST for management and strategy shortcomings that contributed to a growing backlog in the National Vulnerability Database (NVD). The report cites duplicated effort with CISA, insufficient communication, and inconsistent severity scoring as key issues, while NIST points to budget cuts and disputed the report’s tone. Industry experts say the backlog reflects broader funding and process failures and warn that AI-driven increases in vulnerability discovery demand rethinking NVD processes.
read more →

SageMaker Data Agent adds business context integration

🧭 Amazon SageMaker Data Agent now integrates with SageMaker Catalog business context and metadata, letting data practitioners discover datasets and generate more accurate SQL and Python code using business terminology rather than cryptic table names. The agent leverages curated catalog content, including metadata synced from Collibra, Atlan, and Alation, to identify tables and columns, plan multi-step workflows, and respect governance by checking subscription status and providing access request links. This feature is available in SageMaker Unified Studio notebooks and the Query Editor in regions where Unified Studio is offered.
read more →

Amazon Cognito modernizes infrastructure for scale

🔒 Amazon Cognito migrated hundreds of millions of user profiles to a next-generation storage infrastructure to enable higher throughput, customer-managed encryption keys, and multi-Region replication while preserving backward compatibility and zero downtime. The architecture focuses on identity-first design, independent datasets, and reversible changes to support rapid feature iteration. Migration used shadow mode, dual-write, data backfill, anti-entropy validation, and incremental rollouts with rollback to ensure data integrity and preserve application behavior.
read more →

Brave launches Origin: paid minimalist browser

🔒 Brave Software released Brave Origin, a paid, minimalist edition of its browser that omits cryptocurrency, AI, rewards, and monetization-focused features. The company positions Origin for users seeking a streamlined, privacy-focused experience while retaining core protections like Brave Shields. Origin is available as a standalone download or as an upgrade for existing installations, priced at a one-time $59.99 for up to 10 devices (free on Linux).
read more →

Gain visibility into DDoS attacks with flow logs

🛡️ This post explains how AWS Shield Advanced attack flow logs capture metadata during DDoS events and publish records to Amazon S3, CloudWatch Logs, or Data Firehose. It outlines the fields included in each flow log entry, describes delivery configuration and required IAM permissions, and shows how to create the CloudWatch Logs delivery objects that connect a Shield protection to a destination. The article also covers output formats, file size and timing, cost considerations, and cross-account/Region aggregation options.
read more →

How to disable AI features across major platforms

🛡️ This article provides practical, step-by-step tactics for detecting and disabling built-in AI features in popular enterprise platforms including Microsoft Copilot, Google Gemini, Chrome, and Apple Intelligence. It covers detection via logs and admin consoles, recommended policy settings in Microsoft 365, Group Policy, Chrome Enterprise, Google Workspace, and MDM profiles for Apple, plus network-level blocks and caveats about potential feature breakage. The guidance emphasizes granular controls, SKU management, and layered protections such as NGFW/web-filter rules and application control.
read more →

Cisco Live report: AI, networking, and wellbeing

🐶 At Cisco Live U.S. in Las Vegas, the author describes the conference pace, the value of quiet spaces and noise-canceling gear, and the welcome presence of therapy dogs sponsored by Splunk. Discussions at the event centered on AI from an infrastructure and security lens, including the daunting scale of data and associated defense challenges. Cisco Talos highlights expansion of its Threat Hunting program using AI-driven telemetry plus expert validation to find advanced intrusions like a recent KongTuke C2 discovery.
read more →

Amazon EKS Capabilities add CloudWatch Vended Logs

🟣 Amazon EKS Capabilities can now be configured as log delivery sources using Amazon CloudWatch Vended Logs to capture logs from managed controllers such as Argo CD, AWS Controllers for Kubernetes (ACK), and kro. Customers can enable delivery via CloudWatch APIs or the AWS Console and send logs to CloudWatch Logs, Amazon S3, or Amazon Kinesis Data Firehose. The feature is available in all Regions that support EKS Capabilities and incurs standard CloudWatch Vended Logs pricing with no additional EKS charge.
read more →