< ciso
brief />
Vendor and Hyperscaler Watch Banner

All news in category “Vendor and Hyperscaler Watch

4606 articles · page 4 of 231

Amazon EVS adds support for VMware Cloud Foundation 9

🆕 Amazon Elastic VMware Service (EVS) now supports VMware Cloud Foundation (VCF) 9.0 and 9.1, enabling customers to run VCF directly within their Amazon VPC on EC2 bare-metal instances. You retain full control over installation, operations, and management of the VMware virtualization stack and can continue using existing tools, processes, and skills. AWS also launched the Solutions for EVS GitHub repository with examples, templates, and infrastructure-as-code artifacts to accelerate deployments. The release is available in all regions where Amazon EVS is offered.
read more →

Enforce least-privilege in multi-agent AI chains

🔒 This post describes a reference implementation using Cedar on AWS to prevent silent privilege escalation in multi-agent AI delegation chains. It outlines a three-layer policy model—agent-to-tool, agent-to-agent delegation, and originating user authorization—using verified token claims and HMAC-signed context. The architecture uses an MCP adapter Lambda and a Cedar evaluator Lambda to enforce policies sequentially and halt on the first deny. It includes schema, entity registrations, policy examples, deployment steps, and end-to-end test scenarios demonstrating how the model enforces least privilege.
read more →

Nexus SDV: Secure, Scalable AI Platform for Vehicles

🔒 Google Cloud and Valtech introduce Nexus SDV, an open-source, modular platform that enables AI-native, scalable management of software-defined vehicles. The platform integrates with Android Automotive OS and supports up to 100 million devices while emphasizing TCO reduction via Arm-based compute and Bigtable. Nexus AI leverages Gemini models and the Gemini Enterprise Agent Platform for real-time telemetry analysis and agentic vehicle capabilities. Security is built-in with mTLS/PKI, identity brokering, secret management, network isolation, and an enterprise Secure AI Framework.
read more →

Five key CSPM insights from Frost & Sullivan 2025

🔒 Frost & Sullivan’s 2025 Frost Radar reframes Cloud Security Posture Management (CSPM) as a continuous, risk‑based governance layer inside CNAPPs rather than a periodic compliance exercise. The report forecasts CSPM market growth through 2030 and highlights integration of posture with workload protection, identity, data security, and DevSecOps. It underscores Microsoft’s leadership in unifying posture with runtime telemetry and SecOps workflows.
read more →

AWS Certificate Manager adds managed ACME endpoints

🛡️ AWS Certificate Manager (ACM) now offers a fully managed ACME server endpoint that issues public TLS certificates with 45-day validity from Amazon Trust Services, compatible with any ACMEv2 client such as Certbot, cert-manager, and acme.sh. PKI teams can create managed ACME endpoints with domain scopes, wildcard controls, and delegated issuance without sharing DNS credentials. Domain validation is performed once at the endpoint level, and issuance and renewal activities are auditable via the ACM console, AWS CloudTrail, and Amazon CloudWatch. ACME support is available in all commercial AWS Regions; see ACM pricing and documentation for details.
read more →

CloudWatch Service Events for Application Signals

🔔 AWS announced Service Events for Amazon CloudWatch Application Signals, which automatically captures exception and latency event snapshots, function-level performance data, and deployment events from instrumented services without additional code changes. Customers can view whether a deployment introduced new exceptions via CloudWatch > Application Signals > [Service] > Errors in the console. Service Events works with ADOT SDKs or the CloudWatch Observability EKS add-on and supports Java, Python, and JavaScript. Data is stored as logs and function-call metrics as OpenTelemetry metrics; standard CloudWatch pricing applies.
read more →

Cloudflare Workers Cache: Tiered Edge Caching

🧭 Today Cloudflare launched Workers Cache, a tiered cache that sits in front of your Worker and is enabled via a simple Wrangler config and standard Cache-Control headers. Cacheable requests hit Cloudflare first so fresh responses are returned without running the Worker; on a miss the Worker runs and stores the response for subsequent requests. The cache supports stale-while-revalidate, Vary, tag- and prefix-based purges, and per-entrypoint control, and is available to all Workers on any plan.
read more →

AI Governance Needs New Rules and Enterprise Leadership

🔒 This piece argues that the AI era is fundamentally different from prior technology waves and that organisations must adopt holistic, enterprise-wide governance rather than treating AI as solely a cybersecurity issue. The author emphasizes operational integrity, transparency, accountability, and the need for guardrail-style governance to enable safe innovation. It urges leaders to start building practical governance frameworks now and to involve CEOs, boards, and business units alongside security teams.
read more →

SaaS single points of failure threaten campuses

📘 Higher education now runs core academic operations on a few massive SaaS platforms, creating systemic single points of failure. When a major LMS was breached during finals week 2026, campuses lost access to rosters, grade books and coursework despite SLAs and certifications. The author argues IT must architect independent, read-only continuity layers synchronized from source systems to maintain operations during vendor outages or attacks.
read more →

AWS CodePipeline now available in New Zealand Region

🚀 AWS CodePipeline is now available in Asia Pacific (New Zealand) Region (ap-southeast-6). CodePipeline is a continuous delivery service that models, visualizes, and automates release processes including build, test, and deployment. It integrates with AWS services like CodeBuild, CodeDeploy, and CloudFormation, and supports third-party tools such as GitHub. The service includes governance controls like manual approvals, IAM-based access, and artifact encryption to help enforce security and compliance.
read more →

AWS Secrets Manager adds Paddle and GitLab support

🔐 AWS Secrets Manager now supports managed external secrets for Paddle API Keys and GitLab Access Tokens. This feature enables automatic rotation of third-party credentials directly from AWS Secrets Manager, using Paddle's native rotation API and GitLab's atomic rotation mechanism. Customers can rotate Paddle API keys with a configurable grace period and rotate GitLab Personal, Group, and Project Access Tokens. These integrations join existing partners and are available in all Regions where managed external secrets is supported.
read more →

Flipper Zero firmware shifts to community-led model

🔧 Flipper Devices will continue maintaining the official Flipper Zero firmware with a smaller internal team while shifting feature development toward community contributors. The firm is prioritizing new hardware like the Flipper One and Busy Bar, and will handle incoming requests via GitHub Discussions with weekly evaluations and community voting. Community pull requests will be accepted under stricter review and mandatory integration and regression testing. The team will retain oversight, with particular scrutiny of AI-generated low-level code and UI or documentation changes.
read more →

Adobe adds second monthly Patch Tuesday cycle

🛡️ Adobe will publish security updates twice each month to address faster vulnerability discovery and exploitation. The company will keep its existing second-Tuesday schedule and add a fourth-Tuesday release starting July, applying to advisories with CVEs needing customer action. Adobe cited increased threats and investment in vulnerability discovery as drivers for the new cadence. The change mirrors industry trends toward more frequent patching.
read more →

AWS CodeBuild adds Amazon Linux 2023 host option

🔧 AWS CodeBuild now supports Amazon Linux 2023 for on-demand build hosts via a new host kernel selection setting. This managed CI service lets you choose between Amazon Linux 2 (kernel 4) and Amazon Linux 2023 (kernel 6) for new or non-production projects to validate builds while keeping production unchanged. Host kernel selection is broadly available across Regions except GovCloud (US) and China, which only offer Amazon Linux 2023.
read more →

WebAuthn Redirection Added to Browser RDP Clients

🔒 Prisma Browser added WebAuthn redirection to its in-browser RDP client, becoming the first non-Windows client to support Microsoft’s MS-RDPEWA protocol. The team found gaps in the spec, reverse-engineered undocumented Windows server behavior, and created a custom Chromium extension API to accept precomputed clientDataHash values. This approach reuses Chromium’s FIDO2 stack to support USB keys, Touch ID, Windows Hello and phone-as-authenticator transports.
read more →

SageMaker Unified Studio now supports Terraform

🔧 Amazon SageMaker Unified Studio now supports Terraform provisioning via the open-source terraform-aws-sagemaker-unified-studio module. Platform teams can deploy domains through version-controlled templates and integrate SageMaker Unified Studio into existing infrastructure-as-code pipelines. The module manages domain infrastructure and IAM roles, includes sub-modules for blueprints and projects, and uses the Terraform AWS Cloud Control Provider.
read more →

Amazon EC2 X8i instances expand to Asia regions

🚀 Amazon EC2 X8i instances are now available in Asia Pacific (Seoul), Asia Pacific (Malaysia) and Asia Pacific (Tokyo). These instances use custom Intel Xeon 6 processors exclusive to AWS and are SAP-certified, offering up to 43% higher performance, 1.5x more memory (up to 6TB) and 3.3x more memory bandwidth versus prior X2i instances. They target memory-intensive workloads such as SAP HANA, large databases, analytics, and EDA, and come in 14 sizes including bare metal options. Purchase options include Savings Plans, On-Demand, and Spot.
read more →

EC2 Dedicated Hosts Now Support AMD SEV‑SNP

🔒 Amazon EC2 now supports AMD Secure Encrypted Virtualization‑Secure Nested Paging (SEV‑SNP) on Dedicated Hosts, allowing confidential computing workloads to run on physical servers dedicated to a single customer. Customers can allocate a Dedicated Host with SEV‑SNP enabled and launch compliant instances while retaining control over instance placement and host affinity. The host is provisioned with AMD security firmware at allocation to keep confidential environments current. Dedicated Host SEV‑SNP is available in all AWS commercial Regions with AMD instances.
read more →

SageMaker HyperPod adds AMI versioning and auto-patch

🛠️ Amazon SageMaker HyperPod now reports AMI versions across clusters and can automatically apply backward-compatible security patches without disrupting workloads. Administrators can view AMI semantic versions (major.minor.patch), detect drift, and roll back to prior versions — preserving NVIDIA drivers, CUDA, and other bundled software — via the UpdateClusterSoftware API. Auto-patching is opt-in per instance group, applies only when nodes are idle, and avoids major/minor upgrades; it can be enabled through CreateCluster or UpdateCluster APIs. A new AMI support policy defines patch support timelines; both features are available for EKS-orchestrated HyperPod clusters in supported Regions.
read more →

Meet Brain: Azure’s AI system for reliability

🔎 Brain is Azure’s centralized AIOps cloud health intelligence system that forms a real-time digital twin with Azure Resource Graph. It fuses telemetry, AI/ML models, service topology, and customer impact into unified health determinations that drive notifications, deployment safeguards, and outage declarations. This post introduces Brain’s design, inputs and outputs, and how it enables faster, more consistent reliability actions across Azure.
read more →