All news in category "Vendor and Hyperscaler Watch"

Improving JavaScript Trustworthiness via WAICT for the Web

🔒 Cloudflare presents an early design for Web Application Integrity, Consistency, and Transparency (WAICT) to address the risks of mutable JavaScript in sensitive web apps. The proposal pairs expanded Subresource Integrity (SRI) and a signed integrity manifest with append-only transparency logs and third-party witnesses to provide verifiable inclusion and consistency proofs. Browser preload lists, proof-of-enrollment, and client-side cooldowns are used to avoid extra round trips and to limit stealthy changes. Cloudflare plans to participate as a service provider and to collaborate on standardization.

Amazon EC2 CPU Options Optimize License-Included Windows

🔧 Amazon EC2 now allows customers to modify CPU options on Windows Server and SQL Server license-included instances to reduce vCPU-based licensing costs. You can customize the number of vCPUs and disable hyperthreading to achieve higher memory-to-vCPU ratios while preserving instance memory and IOPS. This enhancement targets database workloads that need high memory and I/O but lower vCPU counts. See the Amazon EC2 User Guide and AWS blog post for implementation details and best practices.

Microsoft adds Hey Copilot wake word to Windows 11 PCs

🤖 Microsoft has added the "Hey Copilot" wake word to Windows 11, letting users initiate conversations with the AI-powered Copilot assistant hands-free. The feature is opt-in and must be enabled in the Copilot app's Settings under Voice mode; when active a chime sounds and a microphone icon appears above the taskbar. Wake word detection uses an on-device 10-second audio buffer stored locally and never recorded, while request processing requires internet access. Copilot Vision can analyze screen content for troubleshooting and guidance, and optional connectors let Copilot generate Office documents and access third-party accounts.

Hidden Costs of Penetration Testing and Alternatives

🛡️ Penetration testing remains a critical control, but the classic, one-size-fits-all approach can create hidden financial and operational burdens. Administrative overheads, complex scoping decisions and indirect remediation work all add time and cost while risking scope creep and disruption. The article recommends flexible, consumption-based models—such as PTaaS and Outpost24's CyberFlex—to improve coverage, transparency and ROI.

Leading Incident Response Through Empathy and Care

🛡️ Laura Faria, an incident commander with Cisco Talos Incident Response, discusses leading through chaos, empathy, and teamwork during high-pressure security incidents. She traces a career across multiple cybersecurity vendors and sales roles before joining Talos and stepping into incident command. Laura emphasizes purpose-driven response work, particularly when outages affect critical infrastructure and patient safety. The interview highlights resilience, collaboration, and practical leadership lessons.

AWS Global Accelerator Now Supports Two Asia Pacific Regions

🚀 AWS Global Accelerator now supports application endpoints in two additional AWS Regions — Asia Pacific (Thailand) and Asia Pacific (Taipei) — bringing total coverage to thirty-three Regions. The service offers static IP addresses, congestion-free AWS network routing, edge DDoS protections, and continuous health monitoring to enable deterministic multi-region failover without DNS dependencies. To use the new Regions, configure endpoints such as Application Load Balancers, Network Load Balancers, Amazon EC2 instances, or Elastic IPs and review the Global Accelerator documentation.

AWS Security Hub CSPM Adds CIS AWS Foundations v5.0

🛡️ AWS Security Hub CSPM now supports the CIS AWS Foundations Benchmark v5.0, introducing 40 automated configuration checks aligned to the industry standard. The new standard is available in all Regions where Security Hub CSPM operates, including AWS GovCloud (US) and the China Regions. AWS recommends using Security Hub CSPM central configuration to enable the standard across selected accounts and Regions with a single action. Customers can subscribe to the CSPM SNS topic for updates and try Security Hub free for 30 days.

Amazon DocumentDB Adds IPv6 Dual-Stack Support for AWS

🌐 Amazon DocumentDB now supports IPv6 addressing for new and existing clusters, enabling dual-stack (IPv4/IPv6) deployments within VPCs. Customers can enable IPv6 with a few clicks in the AWS Management Console or programmatically via the AWS CLI to reduce address overlap and simplify networking. The change helps teams standardize applications on IPv6 and is generally available on versions 4.0 and 5.0 in supported Regions. Amazon DocumentDB remains a fully managed, native JSON database designed for scale and operational simplicity.

Encoding-Based Attack Protection with Bedrock Guardrails

🔒 Amazon Bedrock Guardrails offers configurable, cross-model safeguards to protect generative AI applications from encoding-based attacks that attempt to hide harmful content using encodings such as Base64, hexadecimal, ROT13, and Morse code. It implements a layered defense—output-focused filtering, prompt-attack detection, and customizable denied topics—so legitimate encoded inputs are allowed while attempts to request or generate encoded harmful outputs are blocked. The design emphasizes usability and performance by avoiding exhaustive input decoding and relying on post-generation evaluation.

YouTube Experiences Worldwide Outage With Playback Error

⚠️ Users worldwide are reporting a widespread YouTube outage causing playback errors and site load failures across web and mobile. Reports began within the last 30 minutes and affected regions include the U.S., Europe, India, Japan, and Australia, according to outage aggregator DownDetector. Some users see messages such as "Playback error" or "Something went wrong," while others experience slow or incomplete page loads. Google has not yet confirmed a cause; it remains unclear whether the issue stems from server problems, maintenance, or network disruptions.

Prisma Browser Enables Essential Eight-Aligned Controls

🔒 Prisma Browser is a cloud-delivered secure enterprise browser that extends policy-aligned controls to all web sessions regardless of device or location. It isolates workspaces and enforces last-mile identity, data and threat protections, integrating with Prisma Access and Cloud Delivered Security Services powered by Precision AI. Assessed to IRAP PROTECTED, it is positioned to help Australian government and regulated organisations implement Essential Eight-aligned controls without deploying endpoint agents.

Simplified Amazon Bedrock Model Access and Governance Controls

🔐 Amazon Bedrock now automatically enables serverless foundation models in each AWS Region, removing the prior per-model enablement step and retiring the Model Access page and PutFoundationModelEntitlement IAM permission. Access is managed through standard AWS controls—IAM and Service Control Policies (SCPs)—so account- and organization-level governance remains intact. Existing model restrictions enforced by IAM or SCPs continue to apply, and previously enabled models are unaffected. Administrators should transition to scoped IAM/SCP policies and patterns such as wildcards and NotResource denies to maintain least-privilege control.

Amazon WorkSpaces Core Managed Instances: New Regions

🚀 AWS has expanded Amazon WorkSpaces Core Managed Instances to five regions — US East (Ohio), Asia Pacific (Malaysia and Hong Kong), Middle East (UAE), and Europe (Spain) — with partner support from Citrix, Workspot, Leostream, and Dizzion. Managed Instances provision compute resources in customers' AWS accounts while AWS handles the infrastructure lifecycle for persistent and non-persistent VDI workloads, enabling highly customizable CPU, memory, and graphics configurations, including accelerated graphics instances. Customers can continue to use Savings Plans, discounts, and On-Demand Capacity Reservations and will incur standard compute costs plus an hourly WorkSpaces Core fee.

Gemini Code Assist brings AI code reviews to GitHub

🔐 Gemini Code Assist on GitHub for enterprises delivers AI-powered code reviews across GitHub Enterprise Cloud and privately hosted GitHub Enterprise Server. Organization-level controls let platform teams define a central style guide, set comment severity, and enforce baseline checks while preserving repo-level customization. Built on Google Cloud security and privacy commitments, the public preview includes higher pull-request quotas and stateless prompt handling to protect customer code.

Google Named a Leader in the 2025 Gartner SIEM Magic Quadrant

🔒 Google Security Operations has been named a Leader in the 2025 Gartner Magic Quadrant for SIEM, recognized for both Ability to Execute and highest Completeness of Vision. The AI-driven platform leverages Gemini to automate data analysis, assist investigations with natural language, and orchestrate responses, combining curated detections, SOAR, and case-centric workflows. Customers report measurable outcomes — up to 240% ROI over three years, 50% faster MTTR, and 65% faster MTTI — driven by automation and an emerging agentic SOC vision.

Hardening Customer Support Tools to Prevent Lateral Attacks

🔐 Microsoft Deputy CISO Raji Dani outlines the importance of hardening customer support tools and identities to reduce the risk of lateral movement and data exposure. The post recommends dedicated, isolated support identities protected by Privileged Role MFA and strict device controls. It advocates case-based RBAC with just-in-time and just-enough access, minimizing service-to-service trust, and deploying robust telemetry to speed detection and response. These layered controls apply to in-house teams and third-party providers.

Vertex AI Context Caching: Reduce Cost and Latency

⚡ Vertex AI context caching saves and reuses precomputed input tokens so developers avoid repeatedly sending and recomputing long contextual content, reducing latency and cost for large-context AI applications. It provides implicit caching — automatic, default, short-lived KV caches (deleted within 24 hours) integrated with Provisioned Throughput — and explicit CachedContent objects that are paid once and then reused at a deep discount with optional CMEK protection. Caches support multimodal inputs and very large context windows.

Fortinet Named Challenger in 2025 Gartner SIEM Magic Quadrant

🛡️ Fortinet announced that FortiSIEM was named a Challenger in the 2025 Gartner Magic Quadrant for SIEM, marking the vendor's eighth consecutive inclusion. FortiSIEM centralizes IT/OT event collection and combines advanced detection analytics, a CMDB, built-in SOAR automation and FortiAI-Assist GenAI to accelerate detection, investigation and response. Fortinet also notes that FortiSIEM 7.4, released in May 2025 after Gartner’s evaluation, adds federated search, expanded dashboards and enhanced analyst guidance to further improve SOC efficiency.

Detecting Dark Web Threats on Your Network with NDR

🔍 Network Detection and Response (NDR) can reveal dark web activity that hides within routine enterprise traffic by identifying anonymization protocols, unusual ports, and anomalous behavioral patterns. The article outlines four practical steps: identify dark web gateways (Tor, I2P, Freenet), understand NDR capabilities, deploy sensors across core, edge and internal segments, and run detection and hunting workflows including baselining, Tor/I2P/P2P monitoring, DNS and VPN checks. It emphasizes automated alerts for characteristic Tor ports and signatures, lateral-movement detection, C2 beaconing analysis, and enrichment with threat intelligence, and highlights Corelight’s Open NDR Platform as a vendor solution.

AWS SAM CLI Adds Finch Support for Local Development

🔧 AWS Serverless Application Model CLI (SAM CLI) now supports Finch as an alternative to Docker for local container-based development and testing. Developers can continue to build, test, debug, and package serverless applications locally using the same SAM CLI workflows, including sam build, sam local invoke, sam local start-api, and sam local start-lambda. SAM CLI will automatically detect and use Finch when Docker is not available, and you can also set Finch explicitly as your preferred container tool. Finch is an open-source, AWS-supported project that offers an additional choice for local serverless tooling.