AWS Batch Inference, CVE Exploits, and AI Ransomware

Bedrock Batch Inference: Claude Sonnet 4 and GPT-OSS

🚀 Amazon Bedrock now supports Batch inference for Anthropic Claude Sonnet 4 and OpenAI GPT-OSS (120B, 20B), enabling asynchronous processing of large workloads at approximately 50% of on-demand inference cost. The update targets bulk scenarios such as document analysis, large-scale summarization, content generation, and structured data extraction, and is optimized to deliver higher overall batch throughput on these newer models. Batch progress and workload metrics — including pending and processed records, tokens per minute, and Claude-specific pending tokens — are exposed at the AWS account level via Amazon CloudWatch.

Dissecting PipeMagic: Architecture of a Modular Backdoor

🔍 Microsoft Threat Intelligence details PipeMagic, a modular backdoor used by Storm-2460 that masquerades as an open-source ChatGPT Desktop Application. The malware is deployed via an in-memory MSBuild dropper and leverages named pipes and doubly linked lists to stage, self-update, and execute encrypted payload modules delivered from a TCP C2. Analysts observed exploitation of CVE-2025-29824 for privilege escalation followed by ransomware deployment, with victims across IT, finance, and real estate in multiple regions. The report includes selected IoCs, Defender detections, and mitigation guidance to help defenders detect and respond.

EchoLink: Rise of Zero-Click AI Exploits in M365 Enterprise

⚠️ EchoLink is a newly identified zero-click vulnerability in Microsoft 365 Copilot that enables silent exfiltration of enterprise data without any user interaction. This class of attack bypasses traditional click- or download-based defenses and moves laterally at machine speed, making detection and containment difficult. Organizations relying solely on native tools or fragmented point solutions should urgently reassess their exposure and incident response readiness.

CISA Adds Trend Micro Apex One KEV OS Command Injection

🛡️ CISA has added CVE-2025-54948, an OS command injection vulnerability in Trend Micro Apex One, to its Known Exploited Vulnerabilities (KEV) Catalog after observing active exploitation. The entry underscores the significant risk these flaws pose to federal and nonfederal networks and reiterates that BOD 22-01 requires Federal Civilian Executive Branch agencies to remediate KEV entries by specified deadlines. CISA strongly urges all organizations to prioritize timely remediation and integrate KEV fixes into standard vulnerability management practices.

Amazon Aurora MySQL 3.10 Declared Long-Term Support Release

🚀 Amazon Web Services has designated Aurora MySQL 3.10 (compatible with MySQL 8.0.42) as a long-term support (LTS) minor release, effective immediately. Clusters that choose the LTS minor version can remain on that release for at least three years or until the major engine’s standard support ends, whichever is sooner. During the LTS lifecycle, AWS will publish only targeted patches addressing select high-severity security and operational issues and will not introduce new features. This LTS designation is available in all regions where Aurora MySQL is offered.

Amazon S3 adds compute checksum to verify datasets

🔒 Amazon Web Services has added a compute checksum operation to S3 Batch Operations, enabling large-scale verification of stored datasets without restoring or downloading objects. You can submit a manifest or target a bucket with prefix/suffix filters, select algorithms such as SHA-256, MD5, CRC32C and others, and receive a detailed integrity report when the job completes. This capability complements S3's built-in validation and simplifies compliance, preservation, and accuracy checks across all storage classes and object sizes.

AI-powered financial scams flood social media ads now

⚠️ AI-driven deepfake ads on social media are increasingly used to impersonate banks, celebrities and news outlets to lure victims into investment fraud. Campaigns observed in 2024–2025, including the Nomani Trojan activity, use fake or hijacked accounts, localized messaging and deepfake testimonials to harvest credentials or steer targets into scam groups. Reported losses from investment fraud are substantial, so verify offers independently and avoid clicking unsolicited financial ads.

Amazon Connect embeds Tasks and Emails into websites

📨 Amazon Connect now supports embedding Tasks and Emails directly into websites and applications via a new contact form option in the communication widget. Supervisors and managers can use a drag-and-drop editor to design customer-facing forms and generate code snippets for seamless site integration. These interactions continue to be managed through existing Amazon Connect workflows, enabling flexible callback requests and web-based email submissions.

Amazon RDS io2 Block Express Now in AWS GovCloud Regions

🔒 Amazon announced that Amazon RDS io2 Block Express volumes are now available in AWS GovCloud (US‑West) and AWS GovCloud (US‑East) Regions. These volumes provide consistent sub‑millisecond latency and industry‑leading outlier latency control for mission‑critical database workloads. io2 Block Express supports up to 256,000 Provisioned IOPS, 4,000 MB/s throughput, 64 TiB volumes, and 99.999% durability. Customers can upgrade from io1 without downtime using the ModifyDBInstance API and modify existing io1, gp2, or gp3 volumes in the RDS Management Console.

AWS Direct Connect Opens Location in Barcelona, Spain

📡AWS announced a new AWS Direct Connect location at the Equinix BA1 data center near Barcelona, Spain, enabling private, direct connectivity to all public AWS Regions (excluding China), AWS GovCloud Regions, and AWS Local Zones. This is the first Direct Connect site in Barcelona and the third in Spain, offering dedicated 10 Gbps and 100 Gbps circuits with MACsec encryption available. Direct Connect enables private physical connections between AWS and customer data centers or colocation facilities, delivering a more consistent network experience than the public internet.

AWS Batch introduces default-x86_64 and default-arm64 pools

🔔 AWS Batch now offers two new default instance type categories: default-x86_64 and default-arm64. These options automatically select the most cost-effective EC2 instance types across generations based on your job queue requirements and will be expanded as new instance types become available in a region. You can enable them via the instanceType parameter for managed compute environments; the existing optimal option remains supported. Only Compute Environments in an ENABLED and VALID state will receive automatic updates.

Amazon S3 Express One Zone adds FIS resilience testing

🛠 AWS now supports resilience testing for S3 Express One Zone using AWS Fault Injection Service (FIS), enabling simulated network disruptions that cause data plane requests to timeout for directory buckets. The FIS network disruption action is included in the AZ Availability: Power Interruption scenario and is available in all Regions where the storage class is offered. You can run experiments via the AWS Management Console, AWS CLI, or the FIS API to validate monitoring, recovery procedures, and improve application resilience; consult FIS pricing for cost details.

Amazon QuickSight Raises Calculated Field Limits Globally

🔎 Amazon QuickSight has increased calculated-field capacities: analyses can now include up to 2,000 calculated fields (previously 500) and datasets can include up to 500 calculated fields (previously 200). The expansion enables authors and data curators to build more transformations and extract richer, more complex insights from very large datasets and diverse end-user personas. In regions where Amazon Q is available, users can also construct calculations using natural language. The new limits are currently available across all supported QuickSight regions.

Amazon Connect Adds Recurring Activities to Schedules

🔁 Amazon Connect now supports recurring activities in agent schedules, enabling managers to create repeating events such as daily stand-ups or weekly team meetings with a few clicks. You can configure recurring series for individual agents or share a single recurring series across multiple agents, removing the need to create each occurrence manually. This capability is available in all AWS Regions where Amazon Connect agent scheduling is offered and is designed to improve manager productivity and keep agent calendars up to date.

AWS Marketplace Launches Streamlined AMI Fulfillment

🚀 AWS Marketplace has introduced a streamlined fulfillment experience for Amazon Machine Image (AMI) and AMI with CloudFormation products across both the website and console. The update combines configuration and purchase steps on a single page, clearly presenting fulfillment options, related AWS services, and seller-provided guidance. It also brings a new in-console launch experience for container products, providing a consistent multi-region, multi-language workflow.

Helping Child Bloggers: Practical Safety Guidance for Parents

📸 Parents should engage when children show interest in blogging, using open discussion to build trust and teach online safety. The article recommends creating accounts together, reviewing privacy settings, disabling geolocation, choosing strong unique passwords, and enabling two-factor authentication to reduce account-takeover risk. It also outlines what not to post, how to monitor usernames, and how to spot scams, doxing, and stalker behavior.

Building the Frontier Firm with Microsoft Azure Modernization

🚀 Microsoft frames a new enterprise archetype—Frontier Firms—that embed AI agents across workflows and rearchitect operations around a modern cloud foundation. The post warns that AI cannot scale on legacy systems and that technical debt undermines agility, security, and innovation. It cites IDC findings showing substantial gains in agility, resilience, ROI, and speed to market when organizations migrate and modernize on Azure, and urges continuous modernization and use of Microsoft’s App Modernization Guidance.

What I Wish I Knew Before Becoming a CISO — Advice

🔒 Drawing on a Black Hat panel and an eclectic career spanning Unix administration, MSSP operations, and multiple roles at Fortinet, the author distills practical guidance for aspiring and new CISOs. Key points stress that the role is not purely technical but a business resilience function demanding clear, data-driven communication, calendar discipline, and strong team building. The post also highlights burnout risks and the critical need for D&O insurance and legal preparedness.