< ciso
brief />
Vendor and Hyperscaler Watch Banner

All news in category “Vendor and Hyperscaler Watch

4623 articles · page 36 of 232

AWS Transfer Family Adds Cross-Region Federated Permissions

🔒 AWS Transfer Family web apps now support federated permissions with AWS IAM Identity Center across multiple Regions. Previously, Transfer web apps could only be created in the Region of the IAM Identity Center instance. With IAM Identity Center multi-Region replication, administrators can replicate workforce identities and create Transfer web apps in additional Regions, reducing latency and improving availability. Users sign in with existing credentials.
read more →

SageMaker HyperPod Adds Data Capture for Inference

🧾 Amazon SageMaker HyperPod now supports data capture for inference workloads, allowing organizations to record request and response payloads for monitoring, compliance, debugging, and offline analysis. You can capture traffic at the SageMaker endpoint, load balancer, or model pod and combine layers for richer observability. Captured data is delivered asynchronously to Amazon S3 with configurable sampling and encryption using customer-managed AWS KMS keys and is designed to never block inference. Enable data capture via the HyperPod Inference Operator or SageMaker JumpStart.
read more →

Microsoft Disrupts Malware Code-Signing Service Ring

🔒 Microsoft has disrupted the infrastructure behind a major malware code-signing service, seizing the group's site signspace[.]cloud and revoking more than 1,000 abused certificates. The company removed hundreds of attacker-controlled Azure virtual machines and linked the operation to a group it calls Fox Tempest. The service sold malware signing-as-a-service to ransomware affiliates, letting signed malicious installers evade Windows warnings and deploy backdoors, infostealers, and ransomware.
read more →

Preventing Unauthorized AWS Organizations Account Removal

🔒 The AWS Customer Incident Response Team describes a tactic where attackers use credentials with the organizations:LeaveOrganization permission to remove a member account from an AWS Organization, bypassing inherited safeguards such as Service Control Policies and centralized management. After removal, the account is disentangled from consolidated billing, organization-wide CloudTrail trails, and delegated GuardDuty findings, reducing visibility. The post urges deploying the DenyLeaveOrganizationSCP, enforcing least privilege, securing root users with MFA and centralized root management, and updating detection and response workflows to monitor related CloudTrail events.
read more →

Discord Rolls Out End-to-End Call Encryption Globally

🔒 Discord has enabled default end-to-end encryption (E2EE) for all voice and video calls after completing the deployment in March. The company extended the open-source DAVE protocol across desktop, mobile, web browsers, PlayStation, Xbox and Discord SDKs, and is removing legacy unencrypted fallback code. The encryption layer now covers DMs, group DMs, voice channels and Go Live streams, while Stage channels remain excluded. Discord says it has no current plans to apply DAVE to text due to major engineering constraints tied to its existing messaging architecture.
read more →

Amazon MWAA Adds Support for Apache Airflow 3.2 Release

🚀 Amazon Managed Workflows for Apache Airflow (Amazon MWAA) now supports Apache Airflow 3.2, the latest major release of the open-source orchestration framework. The update brings data-aware scheduling, asset partitioning, and expanded Human-in-the-Loop (HITL) features to simplify pipeline control and approvals. Other enhancements include Grid View virtualization, full XCom UI management, and async callable support in PythonOperator. Environments can be launched or upgraded in all supported MWAA regions via the AWS Console.
read more →

Azure Files Entra-Only Identities Advance Cloud Security

🔐 Microsoft has reached general availability for Entra-Only identities for Azure Files SMB, enabling native Microsoft Entra ID authentication for SMB file shares using cloud-only identities. This eliminates the need for on-premises Active Directory, Entra Connect, or managed domain controllers, simplifying architecture and reducing operational overhead. Entra acts as the Kerberos Key Distribution Center (KDC), issuing Kerberos tickets while preserving SMB protocol compatibility, and supports VDI scenarios with FSLogix, Managed Identities, macOS clients, and NTFS ACL editing. The capability is supported across HDD and SSD shares, available at no extra cost, and is being extended to sovereign cloud regions.
read more →

Google Cloud Data Agent Kit Unifies Agentic Data Tools

🔧 Data Agent Kit is an open-source toolkit from Google Cloud that brings data engineering and data science skills, plugins, and secure connectors directly into your IDE or CLI. It provides prebuilt agentic skills, Model Context Protocol (MCP) integrations to BigQuery, AlloyDB, and Cloud Storage, plus native extensions for VS Code, Gemini CLI, Claude Code, and Codex. By grounding agents in unified enterprise data, it reduces manual ETL and context-window costs and accelerates intent-driven pipelines; the kit is available in preview.
read more →

Google I/O '26: Gemini, Antigravity, and Workspace AI

🤖 Today at Google I/O, Google Cloud announced a broad set of AI advances delivered through Gemini Enterprise and Google Workspace, including Gemini 3.5 Flash, Gemini Omni, Antigravity, and Gemini Spark. These offerings include new models, an Agent Platform with a Managed Agents API, and CodeMender for automated code security. The updates emphasize agentic workflows, multimodal content creation, enterprise-grade security, and faster, cost-efficient model performance.
read more →

Google I/O: Tools for Building and Deploying Agents

🔧 At Google I/O, Google Cloud introduced a unified developer toolkit that brings Antigravity 2.0, the Gemini Enterprise Agent Platform, the Managed Agents API, and ADK 2.0 into a shared protocol layer to accelerate local development and secure cloud deployment. The post outlines a four-rung ladder from low-code Agent Studio to code-first ADK, all underpinned by the interoperable A2A protocol. New Antigravity desktop and CLI tools provide a consistent harness for coding agents, while Managed Agents offer agent-as-a-service with sandboxed execution. The platform emphasizes governance, skill reuse, evaluation tooling, and secure pipelines for production.
read more →

Amazon ECS adds pause-and-continue deployment hooks

⏸️ Amazon Elastic Container Service (Amazon ECS) now supports configurable pause points in service deployments, allowing operators to halt progression at critical stages for manual approvals, tests, or operational checks. ECS emits Amazon EventBridge events at pause points and provides the ContinueServiceDeployment API to resume or rollback. Pause hooks support timeouts up to 14 days and configurable timeout actions. The feature integrates with native deployment strategies and is available across commercial and GovCloud Regions.
read more →

Amazon Inspector Now Available in Asia Pacific (Taipei)

🔔 AWS has launched Amazon Inspector in the Asia Pacific (Taipei) Region, extending automated vulnerability management to customers there. The service continuously scans Amazon EC2 instances, container images pushed to Amazon ECR, and AWS Lambda functions for software vulnerabilities and unintended network exposure across an AWS Organization. New accounts are eligible for a 15-day free trial that performs full scans of eligible resources at no cost. After the trial, usage is billed according to public Amazon Inspector pricing.
read more →

Microsoft to Elevate Windows 11 Driver Quality in 2026

🔧 Microsoft is launching the Driver Quality Initiative to raise the bar for Windows 11 drivers, emphasizing security, stability, and performance across media, display, camera, audio, connectivity, and peripherals. The initiative centers on four pillars: moving drivers from kernel to user mode or Microsoft class drivers; stricter partner verification and automated checks; improved Windows Update catalog hygiene; and expanded telemetry on stability, performance, battery and thermal impact. Microsoft says it will work closely with OEMs and silicon partners including AMD and Intel, and the changes will be phased in across 2026 as WinHEC resumes. The company frames this as a partnership to restore trust in Windows quality after recent criticism.
read more →

Pattern-Based Policy as Code for Governing IaC on AWS

🔒 This AWS Security blog post outlines a pattern-based approach to policy as code, using Open Policy Agent (OPA) in CI/CD pipelines to validate Terraform plan JSON before deployment. It organizes checks around recurring control intents—required metadata, allowed configuration, exposure restriction, protection enforcement, and privilege constraint—to simplify review and maintenance. The article includes examples for S3 secure transport, VPC security group exposure, and IAM trust policy constraints, and describes artifact retention and phased rollout best practices.
read more →

Microsoft: macOS Update Causes Persistent Teams Prompts

📍 Microsoft confirmed that some macOS systems are showing non-dismissible location-permission prompts from Microsoft Teams. The company says a recent macOS security update is not retaining users' location-permission selections, causing the dialog to reappear. Microsoft is working with Apple and exploring a Teams-side mitigation while advising a manual macOS settings workaround. Affected users should toggle location access for Microsoft Teams and Microsoft Teams ModuleHost in System Settings.
read more →

GitHub reduces low-impact bounties as AI submissions surge

🔒 GitHub is shifting low-impact bug bounty payouts from cash to swag and asking researchers to stop submitting low-quality or out-of-scope reports. The company says a sharp rise in submissions—exacerbated by generative AI tools—has produced many reports that don’t show meaningful security impact. GitHub welcomes AI-assisted research but requires human validation of AI-generated findings and will exclude certain report types from rewards. The change aims to speed triage and prioritize substantive vulnerabilities.
read more →

Amazon Managed Grafana Adds IPv6 Dual-Stack Support

🌐 Amazon Managed Grafana now supports dual-stack connectivity, allowing workspaces to communicate over both IPv4 and IPv6. Dual-stack mode requires workspaces to run Grafana 10.4 or later and is available in all regions where the service is generally available. This capability reduces the need to manage overlapping VPC address spaces and eases migrations to IPv6 while retaining IPv4 compatibility. Enable dual-stack through the console, API, or CLI and consult the Amazon Managed Grafana User Guide for configuration details.
read more →

Cloudflare Integrates Claude Managed Agents with Sandboxes

🚀 Cloudflare and Anthropic have integrated Claude Managed Agents with Cloudflare Sandboxes, allowing teams to run the Claude agent loop on Anthropic while Cloudflare executes code, secures connections, and provides detailed observability. A default deployment template offers enhanced security through customizable outbound proxies, sandbox metrics and logs, SSH access, and configurable sandbox images. You can choose traditional microVMs or lightweight V8 isolates to optimize for performance and cost, and use Cloudflare Mesh or Workers VPC to connect agents to private services without exposing them to the Internet.
read more →

AWS Console Adds Local Zones to Region Selector Now

🗺️ The AWS Management Console now displays AWS Local Zones in the Region selector, showing Local Zones alongside standard Regions in the console's top navigation. Selecting the Local Zones tab lists all opted-in Local Zones and clicking one brings users to the parent Region's Console page to view and manage resources. This streamlines navigation for customers operating across multiple Local Zones parented to different AWS Regions. The capability is available across all AWS Local Zones in public AWS Regions; to get started, open the Region selector in the Management Console.
read more →

AWS Glue Zero-ETL Expands to Asia Pacific (Mumbai) Region

🔔 AWS Glue zero-ETL integrations are now available in the Asia Pacific (Mumbai) region. With this expansion, customers can replicate data from sources such as Amazon DynamoDB, Oracle Database@AWS, self-managed databases (Oracle, SQL Server, MySQL, PostgreSQL) and supported SaaS apps directly into analytics targets without building ETL pipelines. It automates schema mapping, change data capture, and incremental replication to reduce latency and accelerate analytics and ML workflows.
read more →