All news in category "Vendor and Hyperscaler Watch"

AWS Lambda Code Signing Now Available in GovCloud Regions

🔐 AWS Lambda now supports code signing in AWS GovCloud (US-West and US-East) through the managed AWS Signer service. Lambda validates signatures at deployment to ensure code has not been altered and that it originates from trusted signers. Administrators can create Signing Profiles, bind allowed profiles to functions, and configure whether failed signature checks produce warnings or reject deployments. Access and permissions are controlled via IAM, and there is no additional charge to use this capability.

Kali Linux 2025.3: 10 New Tools, Nexmon & NetHunter

🔧 Kali Linux 2025.3 delivers ten new tools and expanded Wi-Fi and NetHunter capabilities. Notable additions include Caido (client and server), Detect It Easy, Gemini CLI, krbrelayx, ligolo-mp, and vwifi-dkms for dummy Wi‑Fi networks. Nexmon support is restored for Broadcom/Cypress chips and Raspberry Pi devices, while NetHunter gains Samsung S10 support and CARsenal updates. Users can upgrade via the Kali rolling repository or download the new ISOs.

GKE Autopilot Features Now Available to Qualified Clusters

🚀 Google Cloud has extended core Autopilot capabilities to qualified Standard GKE clusters, enabling access to the new container-optimized compute platform via built-in compute classes. Available initially to clusters in the Rapid release channel running 1.33.1-gke.1107000 or later, these features include the autopilot and autopilot-spot compute classes and a provisioning mode that supports gradual adoption. Benefits include rapid horizontal and vertical scaling, pay-for-request billing, efficient bin-packing, and support for GPUs and TPUs for AI workloads.

AWS ARC Region Switch Now Available in New Zealand

🔁 Amazon Web Services has made the Application Recovery Controller Region switch feature available in the Asia Pacific (New Zealand) Region. Region switch lets teams orchestrate and execute cross-account and cross-Region recovery steps while providing real-time dashboards and consolidated data collection to support regulator and compliance reporting. The feature supports failover/failback for active/passive designs and shift-away/return for active/active architectures, and automatically replicates plans to all Regions where the application runs.

Gemini CLI Extensions Enable Google Data Cloud Access

🔧 Google released open-source Gemini CLI extensions that integrate Gemini with Google Data Cloud services, enabling terminal-based access to BigQuery, Cloud SQL, and AlloyDB. Developers install the CLI (recommended v0.6.0), add extensions, and configure IAM and environment variables to connect to projects. Extensions support provisioning databases and users, natural-language querying, AI forecasting, and conversational analytics, though some require enabling additional APIs.

Fortinet Veterans Program Enables Cybersecurity Careers

🔐 Fortinet’s Veterans Program, in partnership with VetSec, provides veterans and spouses free access to training, hands-on labs, and certification vouchers to accelerate entry into cybersecurity. Participants progress from foundational courses through associate-level credentials, including structured offerings such as the Networking Fundamentals Bootcamp. Graduates like Jeramiah Poff and Derek Zobler reported direct job placements—roles ranging from security architect to cyberthreat hunter—demonstrating measurable workforce impact.

Agent Factory: Building the Open Agentic Web Stack

🔧This wrap-up of the Agent Factory series lays out a repeatable blueprint for designing and deploying enterprise-grade AI agents and introduces the agentic web stack. It catalogs eight essential components—communication protocols, discovery, identity and trust, tool invocation, orchestration, telemetry, memory, and governance—and positions Azure AI Foundry as an implementation. The post stresses open standards such as MCP and A2A, emphasizes interoperability across organizations, and highlights observability and governance as core operational requirements.

Enabling Data Scientists to Become Agentic Architects

🧭 Google outlines an AI-native stack to transform data scientists into agentic architects, unifying development, real-time data access, and production-grade agent deployment. Enhancements to Colab Enterprise notebooks add native SQL cells, editable visualizations, and an interactive Data Science Agent that can orchestrate BigQuery ML, DataFrames, and Spark workflows. The Lightning Engine is now generally available to accelerate Spark, while previews for stateful BigQuery continuous queries and autonomous embedding generation bring real-time streaming and vector search into analytics. A 'Build-Deploy-Connect' toolkit, including the Agent Development Kit, MCP Toolbox, and Gemini CLI extensions, helps move notebook prototypes into secure, scalable agent fleets.

Automatic SSL/TLS: Upgrading 6M Domains for Quantum Safety

🔐 Cloudflare's Automatic SSL/TLS now upgrades origin-facing encryption by default, having strengthened over 6 million domains without operator intervention. The system scans origins, verifies content and certificates, then gradually ramps stronger SSL/TLS modes from 1% to 100% of traffic, aborting safely on failures. This prepares sites for the post-quantum era by favoring hybrid key agreements (X25519 + ML-KEM) and will soon automate post-quantum handshakes and ad-hoc rescans.

Simpler Path to a Safer Internet: CSAM Tool Update

🔒 Cloudflare has simplified access to its CSAM Scanning Tool by removing the prior requirement for National Center for Missing and Exploited Children (NCMEC) credentials. The tool relies on fuzzy hashing to create perceptual fingerprints that detect altered images with high confidence. Since the change in February, monthly adoption has increased sixteenfold. Detected matches result in blocked URLs and owner notifications so site operators can remediate.

Cloudflare WARP Adds Post-Quantum Key Agreement Support

🔐 Cloudflare's WARP client now supports post-quantum key agreement across both consumer (1.1.1.1) and enterprise (Cloudflare One Agent) offerings, tunneling traffic over MASQUE with hybrid post-quantum/classical ciphersuites. The upgrade provides immediate protection against harvest-now-decrypt-later attacks by wrapping user traffic in post-quantum MASQUE tunnels even when individual connections inside the tunnel are not yet PQ-protected. Cloudflare staged the rollout with temporary downgrades, phased population enablement, and an MDM override to balance robustness and downgrade-resistance while meeting FIPS/FedRAMP constraints.

INDOT Used Google AI to Save 360 Hours and Meet Deadline

🚀 Indiana Department of Transportation built a week-long pilot on Google Cloud to meet a 30-day executive order, using a Retrieval-Augmented Generation workflow that combined rapid ETL, Vertex AI Search indexing, and Gemini. The system scraped and parsed decades of internal policies and manuals, produced draft reports across nine divisions with 98% fidelity, and saved an estimated 360 hours of manual effort, enabling INDOT to submit on time.

SaaS-to-SaaS Proxy: Centralized Visibility and Control

🌐Cloudflare is prototyping a SaaS-to-SaaS proxy that consolidates SaaS connections through a single front door to improve monitoring, detection, and response. Two deployment models are proposed: a customer-controlled vanity hostname proxy that returns visibility to data owners, and a vendor-side reverse proxy that strengthens platform security. Both approaches use key splitting to avoid persisting full bearer tokens and enable instant revocation. Cloudflare is seeking feedback and offering early access.

Cloudflare Launches Content Signals Policy for robots.txt

🛡️ Cloudflare introduced the Content Signals Policy, an extension to robots.txt that lets site operators express how crawlers may use content after it has been accessed. The policy defines three machine-readable signals — search, ai-input, and ai-train — each set to yes/no or left unset. Cloudflare will add a default signal set (search=yes, ai-train=no) to managed robots.txt for ~3.8M domains, serve commented guidance for free zones, and publish the spec under CC0. Cloudflare emphasizes signals are preferences, not technical enforcement, and recommends pairing them with WAF and Bot Management.

What Happens When You Engage Talos Incident Response

🔐 Cisco Talos Incident Response (Talos IR) provides rapid, 24/7 crisis support and proactive services to contain, investigate, and remediate cybersecurity incidents. Talos combines deep threat intelligence, digital forensics, and a vendor-agnostic approach to work with existing tools and environments. Engagements follow a structured IR lifecycle—Preparation, Identification, Containment, Eradication, Recovery, and Lessons learned—to minimize disruption and build long-term resilience.

JS Bank modernizes with Google stack and ChromeOS rollout

🚀 JS Bank migrated its distributed IT estate to a unified Google ecosystem—deploying 1,500 Chromebooks and Chromeboxes while adopting Google Workspace and Chrome Enterprise Premium. The change delivered nearly 90% endpoint standardization, cut device management time by 40%, and halved daily support tickets. Built-in ChromeOS protections simplified security and reduced reliance on multiple third-party antivirus and anti-malware tools.

Amazon Route 53 Resolver Query Logging Now in NZ Region

🛰️ Amazon Route 53 Resolver Query Logging is now available in Asia Pacific (New Zealand). You can log DNS queries originating in VPCs to capture queried domain names, the AWS resources that issued the queries (including source IP and instance ID), and the responses received. Logs can be delivered to Amazon S3, CloudWatch Logs, or Amazon Data Firehose, and query logging configurations may be shared across accounts via AWS RAM. There is no additional Route 53 charge for enabling query logging, though storage and ingestion on the chosen destination may incur costs.

AWS removes network burst limits for I7i and I8g instances

🚀 Today AWS removed networking bandwidth burst duration limits for Amazon EC2 I7i and I8g instances larger than 4xlarge, doubling the network bandwidth available at all times for those sizes. Where instances previously relied on a network I/O credit mechanism to burst above a baseline, larger I7i and I8g instances can now sustain their maximum network performance indefinitely. The change delivers more predictable, uninterrupted throughput for memory- and network‑intensive workloads such as distributed databases, real‑time analytics and AI preprocessing; smaller sizes retain existing baseline-and-burst behavior.

Amazon EC2 Auto Scaling — Forced Immediate Cancel Feature

⚡ Amazon EC2 Auto Scaling now allows customers to force-cancel ongoing instance refreshes immediately by setting WaitForTransitioningInstances to false when calling the CancelInstanceRefresh API. The change bypasses waiting for in-progress launches, terminations, or instance lifecycle hooks, enabling rapid aborts of deployments during incidents or to roll forward to corrected releases. The capability is available in all AWS regions, including AWS GovCloud (US).

Five Questions CISOs Should Ask Security Vendors Today

🔍 CISOs are inundated with vendor outreach and need a short, practical checklist to evaluate security offerings. Senior security leaders recommend starting by confirming a vendor understands your organization and presenting solutions that reduce workload, consolidate tools, or demonstrably improve operations rather than add noise. Key topics include integration and maintenance, update cadence and product roadmap involvement, and concrete real‑world use cases that validate claims. Watch for vague claims, FUD, buzzwords, or resistance to feedback — they signal potential long‑term friction.