All news in category "Vendor and Hyperscaler Watch"

Microsoft Named Leader in 2025 Container Management

🚀 Microsoft announced it was recognized as a Leader in the 2025 Gartner Magic Quadrant for Container Management, reflecting the scope and customer impact of its container portfolio. Azure Kubernetes Service (AKS), Azure Container Apps, and hybrid/multicloud capabilities with Azure Arc are highlighted for developer productivity, operational simplicity, and AI readiness. The company emphasized developer tooling like AKS Automatic (preview), Azure Developer CLI, and GitHub Copilot, plus integrated security through Microsoft Defender for Containers and Azure Policy. Customer examples such as ChatGPT, Telefônica Brasil, Coca‑Cola, Hexagon, and Delta Dental illustrate real-world outcomes.

Palo Alto Networks Opens Local Cloud Region in South Africa

🌍 Palo Alto Networks has launched a new cloud location in South Africa to bring its AI-powered security platforms closer to local organizations. The region will host core services including Cortex XSIAM, Prisma SASE, Advanced WildFire, Advanced DNS Security, Strata Cloud Manager and Strata Logging Service. Local hosting is designed to reduce latency, meet data residency and sovereignty requirements, and deliver real-time detection, automated response and centralized logging. The investment aims to support South Africa’s digital transformation while addressing rising ransomware and phishing threats across the region.

CrowdStrike Named Leader in GigaOm SSPM Radar 2025

🔒 CrowdStrike has been named the only Leader and Outperformer in the 2025 GigaOm Radar for SaaS Security Posture Management (SSPM). The recognition highlights the CrowdStrike Falcon platform's unified, AI-native approach—combining Falcon Shield, identity protection and cloud security—to detect and remediate misconfigurations, identity threats, and unauthorized SaaS access. Falcon Shield's extensive integrations, automated policy responses via Falcon Fusion SOAR, and GenAI-focused controls underpin its market-leading posture and support continuous visibility across human and non-human identities.

Malware Analysis on AWS: Building Secure Isolated Sandboxes

🔒 This AWS blog explains how security teams can run malware analysis in the cloud while complying with AWS policies and minimizing risk. It recommends an architecture that uses an isolated VPC with no internet egress, ephemeral EC2 detonation hosts accessed via AWS Systems Manager Session Manager, and secure S3 storage via VPC gateway endpoints with encryption. The post emphasizes strong IAM and SCP guardrails, immutable hosts, automated teardown, centralized logging, and monitoring with CloudTrail and GuardDuty to maintain visibility and lifecycle control.

AWS Nitro protections shield EC2 from L1TF Reloaded

🔒 AWS confirms that guest data on instances running on the Nitro System and Nitro Hypervisor is not at risk from the research known as L1TF Reloaded, and no additional customer action is required. The researchers demonstrate that the technique chains half-Spectre gadgets with L1 Terminal Fault (L1TF) to transiently leak data on some hypervisors, but Nitro’s security-first architecture prevented data extraction. Nitro’s design relies on eXclusive Page Frame Ownership (XFPO) secret hiding, a minimal hypervisor footprint, and layered mitigations; AWS also notes coordinated disclosure and that it sponsored part of the research.

GPT-5 in Azure AI Foundry: Enterprise AI for Agents

🚀 Today Microsoft announced general availability of OpenAI's flagship model, GPT-5, in Azure AI Foundry, positioning it as a frontier LLM for enterprise applications. The GPT-5 family (GPT-5, GPT-5 mini, GPT-5 nano, GPT-5 chat) spans deep reasoning, real-time responsiveness, and ultra-low-latency options, all accessible through a single Foundry endpoint and managed by a model router to optimize cost and performance. Foundry pairs agent orchestration, tool-calling, developer controls, telemetry, and compliance-aware deployment choices to help organizations move from pilot projects to production.

Microsoft announces Phishing Triage Agent public preview

🛡️The Phishing Triage Agent is now in Public Preview and automates triage of user-reported suspicious emails within Microsoft Defender. Using large language models, it evaluates message semantics, inspects URLs and attachments, and detects intent to classify submissions—typically within 15 minutes—automatically resolving the bulk of false positives. Analysts receive natural‑language explanations and a visual decision map for each verdict, can provide plain‑language feedback to refine behavior, and retain control via role‑based access and least‑privilege configuration.

Microsoft launches Secure Future Initiative patterns

🔐 Microsoft announced the launch of the Secure Future Initiative (SFI) patterns and practices, a new library of actionable implementation guidance distilled from the company’s internal security improvements. The initial release includes eight patterns addressing urgent risks such as phishing-resistant MFA, preventing identity lateral movement, removing legacy systems, standardizing secure CI/CD, creating production inventories, rapid anomaly detection and response, log retention standards, and accelerating vulnerability mitigation. Each pattern follows a consistent taxonomy—problem, solution, practical steps, and operational trade-offs—so organizations can adopt modular controls aligned to secure by design, by default, and in operations principles.

Portkey Integrates Prisma AIRS to Secure AI Gateways

🔐 Palo Alto Networks and Portkey have integrated Prisma AIRS directly into Portkey’s AI gateway to embed security guardrails at the gateway level. The collaboration aims to protect applications from AI-specific threats—such as prompt injections, PII and secret leakage, and malicious outputs—while preserving Portkey’s operational benefits like observability and cost controls. A one-time configuration via Portkey’s Guardrails module enforces protections without code changes, and teams can monitor posture through Portkey logs and the Prisma AIRS dashboard.

Microsoft Bounty Program: $17M Distributed in 2025

🔒 The Microsoft Bounty Program distributed $17 million this year to 344 security researchers across 59 countries, marking the largest total payout in the program’s history. In partnership with the Microsoft Security Response Center (MSRC), researchers helped identify and remediate more than a thousand potential vulnerabilities across Azure, Microsoft 365, Windows, and other Microsoft products and services. The program also expanded coverage and awards for Copilot, identity and Defender scopes, Dynamics 365 & Power Platform AI categories, and refreshed Windows attack scenario incentives to prioritize high-impact research.

OSS Rebuild: Reproducible Builds to Harden Open Source

🔐 Google’s Open Source Security Team today announced OSS Rebuild, a new project to reproduce upstream artifacts and supply SLSA-grade provenance for popular package ecosystems. The service automates declarative build definitions and reproducible builds for PyPI, npm, and Crates.io, generating attestations that meet SLSA Build Level 3 requirements without requiring publisher changes. Security teams can use the project to verify published artifacts, detect unexpected embedded source or build-time compromises, and integrate the resulting provenance into vulnerability response workflows. The project is available as a hosted data set and as open-source tooling and infrastructure for organizations to run their own rebuild pipelines.

Implementing Defense-in-Depth for AWS CodeBuild Pipelines

🔒 This guide consolidates practical recommendations for securing AWS CodeBuild CI/CD pipelines, emphasizing webhook configuration, trust boundaries, and least-privilege access. It warns against automatic pull request builds from untrusted contributors and prescribes push-based, branch-based, and contributor-filtered webhook patterns, plus staged rollout using Infrastructure as Code. Additional safeguards include scoped GitHub tokens, per-build IAM roles, isolated build environments, CloudTrail logging, and manual approval gates for sensitive deployments.

Secure File Sharing in AWS: Security and Cost Guide

🔒 This second part of the guide examines three AWS file‑sharing mechanisms — CloudFront signed URLs, an Amazon VPC endpoint service backed by a custom application, and S3 Access Points — contrasting their security, cost, protocol, and operational trade‑offs. It highlights CloudFront’s edge caching and WAF/Shield integration for low‑latency public delivery, PrivateLink for fully private TCP connectivity, and Access Points for scalable IAM‑based S3 access control. The post emphasizes choosing or combining solutions based on access patterns, compliance, and budget.

Secure File Sharing on AWS: Security and Cost Options

🔐 This post by Swapnil Singh (updated July 28, 2025) compares AWS file-sharing options and explains security and cost trade-offs to help architects choose the right approach. Part 1 focuses on AWS Transfer Family, Transfer Family web apps, S3 pre-signed URLs, and a serverless pre-signed URL pattern (API Gateway + Lambda), outlining strengths, limitations, and pricing considerations. It emphasizes requirements gathering—access patterns, protocols, security, operations, and business constraints—and presents a decision matrix and high-level guidance for selecting a solution.

CISA Releases Thorium: Scalable Malware Analysis Platform

🛡️ CISA, in partnership with Sandia National Laboratories, released Thorium, an automated, scalable malware and forensic analysis platform that consolidates commercial, custom, and open-source tools into unified, automated workflows. Thorium is configured to ingest over 10 million files per hour per permission group and schedule more than 1,700 jobs per second, enabling rapid, large-scale binary and artifact analysis while maintaining fast query performance. It scales on Kubernetes with ScyllaDB, supports Dockerized tools and VM/bare-metal integrations, and enforces strict group-based access controls along with tag and full-text filtering for results.

Microsoft .NET Bounty Program Raises Awards to $40,000

🔒 Microsoft has expanded the .NET Bounty Program, increasing maximum awards to $40,000 and broadening coverage to include all supported .NET and ASP.NET versions, adjacent technologies like F#, templates, and GitHub Actions. The program simplifies award tiers, aligns impact categories with other Microsoft bounty programs, and defines report quality as complete (working exploit) or not complete, encouraging detailed, actionable submissions.

Microsoft .NET Bounty Program Increases Awards to $40,000

🛡️ Microsoft has updated the .NET Bounty Program, expanding scope and increasing maximum payouts to $40,000 for high-impact vulnerabilities. The program now covers all supported versions of .NET and ASP.NET (including Blazor and F#), repository templates, and GitHub Actions in .NET repositories. Awards are now tied to explicit severity and report quality criteria, with higher payments for complete, exploit-backed reports.

Migrating Oracle TDE Keystore on EC2 to AWS CloudHSM

🔐 This AWS Security Blog post, republished July 30, 2025, demonstrates how to migrate an Oracle 19c Transparent Data Encryption (TDE) keystore on Amazon EC2 from a file-based wallet to AWS CloudHSM using the CloudHSM Client SDK 5. It walks through prerequisites—CloudHSM cluster, CloudHSM admin and crypto users, network connectivity—and stepwise commands to install the client and PKCS#11 library, adjust Oracle WALLET_ROOT/TDE_CONFIGURATION, and run the ADMINISTER KEY MANAGEMENT migration. The guide also covers creating an auto-login keystore, verifying V$ENCRYPTION_WALLET status, and outlines benefits such as FIPS-validated hardware, centralized management, and improved compliance.

CISA Releases Open-Source Eviction Strategies Tool

🛡️CISA published a no-cost Eviction Strategies Tool, developed with MITRE, to help cyber defenders build tailored incident response plans and adversary eviction strategies within minutes. The package includes COUN7ER, a database of atomic post-compromise countermeasures, and the Cyber Eviction Strategies Playbook NextGen web app to match findings to countermeasures. It exports results in JSON, Word, Excel and markdown and is available under the MIT Open Source License.

Automate Disabling AD Users from GuardDuty Findings

🔐 This AWS Security Blog post explains how to use Amazon GuardDuty to detect suspicious activity and automatically disable accounts in AWS Managed Microsoft AD. It walks through deploying a managed directory and a directory-administration EC2 instance, configuring AWS Systems Manager Run Command documents, and orchestrating those actions with AWS Step Functions triggered by Amazon EventBridge. The guide includes required permissions, testing steps using GuardDuty’s test domains, and notes on extending the automation to reset passwords or send notifications.