CISA Warnings, Cloud Ransomware, and OAuth Attacks

Countering PRC State-Sponsored Network Compromise Worldwide

🛡️ U.S. and international agencies warn that People's Republic of China (PRC) state-sponsored actors have been compromising global networks since at least 2021 to collect communications and other intelligence. Actors targeted telecommunications backbone routers, provider- and customer-edge devices, and infrastructure across government, transportation, lodging, and military sectors. They exploited known CVEs (for example CVE-2024-21887, CVE-2024-3400, Cisco CVEs), modified devices to maintain persistence using on-box PCAP/containers and tunnels, and exfiltrated data via peering and covert channels. The advisory includes IP indicators, binary hashes, Yara/Snort rules, hunting guidance, and prioritized mitigations to patch, isolate management planes, harden credentials, and detect PCAP creation.

Whistleblower: DOGE Placed SSA NUMIDENT on Insecure Cloud

⚠️A protected whistleblower alleges that the Department of Government Efficiency (DOGE) copied the Social Security Administration's NUMIDENT database to an unsecured Amazon Web Services test environment, bypassing mandated oversight and authorization. The complaint names several DOGE-affiliated hires and documents approvals and risk assessments dated June 12, June 25, and July 25, 2025. It alleges the move circumvented required FISMA authorization and NIST SP 800-53 controls, exposing sensitive personal data for more than 300 million people and potentially violating the Privacy Act and the CFAA.

Amazon EC2 C7i Instances Now Available in Osaka Region

🚀 Amazon EC2 C7i instances powered by custom 4th Gen Intel Xeon Scalable processors are now available in the Asia Pacific (Osaka) Region. C7i delivers up to 15% better performance versus comparable x86-based Intel processors and up to 15% improved price-performance over C6i. Instances scale to 48xlarge and provide two bare-metal sizes with Intel accelerators, support Intel AMX, and allow up to 128 EBS volumes to better handle compute-intensive workloads.

Cloudflare AI Gateway updates: unified billing, routing

🤖 Cloudflare’s AI Gateway refresh centralizes AI traffic management, offering unified billing, secure key storage, dynamic routing, and built-in security through a single endpoint. The update integrates Cloudflare Secrets Store for AES-encrypted BYO keys, provides an automatic normalization layer for requests/responses across providers, and introduces dashboard-driven Dynamic Routes for traffic splits, chaining, and limits. Native Firewall DLP scanning and configurable profiles add data protection controls, while partner access to 350+ models across six providers and a credits-based billing beta simplify procurement and cost management.

How Cloudflare Runs More AI Models on Fewer GPUs with Omni

🤖 Cloudflare explains how Omni, an internal platform, consolidates many AI models onto fewer GPUs using lightweight process isolation, per-model Python virtual environments, and controlled GPU over-commitment. Omni’s scheduler spawns and manages model processes, isolates file systems with a FUSE-backed /proc/meminfo, and intercepts CUDA allocations to safely over-commit GPU RAM. The result is improved availability, lower latency, and reduced idle GPU waste.

Cloudflare Workers AI Adds Leonardo and Deepgram Models

🚀 Cloudflare is expanding Workers AI to include closed-source partner models from Leonardo and Deepgram, bringing optimized image generation and real-time audio capabilities to the edge. The launch includes Leonardo's @cf/leonardo/phoenix-1.0 and @cf/leonardo/lucid-origin and Deepgram's @cf/deepgram/nova-3 and @cf/deepgram/aura-1. These models run on Cloudflare's low-latency GPU infrastructure and integrate with Workers, R2, Images, and Realtime for end-to-end developer workflows.

CISA Advisory: Chinese State-Sponsored APTs Target Networks

🚨 CISA, the NSA, the FBI, and international partners released a joint advisory detailing ongoing malicious activity by PRC state-sponsored APT actors seeking long-term access to critical infrastructure worldwide. The advisory highlights exploitation of vulnerabilities in routers and edge devices used by telecommunications and infrastructure operators, and notes actors' evasion and persistence tactics. It urges organizations to patch known exploited vulnerabilities, enable centralized logging, secure edge infrastructure, and hunt for signs of compromise immediately.

Storm-0501 Exploits Entra ID to Exfiltrate Azure Data

🔐 Microsoft Threat Intelligence reports that the financially motivated actor Storm-0501 has refined cloud-native techniques to rapidly exfiltrate and delete data in hybrid Azure environments. The group leveraged on-premises footholds—using tools such as Evil-WinRM and a DCSync attack—to compromise an Entra Connect server and identify a non-human synced Global Admin account without MFA. With that account the attackers registered a threat actor-owned federated tenant as a backdoor, escalated Azure privileges, and proceeded to mass-extract data and remove resources and backups before extorting victims through compromised Microsoft Teams accounts. Microsoft has updated Entra ID behavior, released Entra Connect 2.5.3.0 to support Modern Authentication, and recommended enabling TPM, enforcing MFA, and other hardening controls.

Storm-0501 Debuts Brutal Hybrid Ransomware Chain Attack

🚨 Microsoft Threat Intelligence says financially motivated group Storm-0501 has refined a brutal hybrid ransomware chain that leverages hijacked privileged accounts to pivot from on‑prem Active Directory into Azure, exploiting visibility gaps to exfiltrate, encrypt, and mass‑delete cloud resources and backups. The actor used Evil‑WinRM for lateral movement and DCSync to harvest credentials, abused a non‑MFA synced global admin to reset passwords, and created a malicious federated domain for broad persistence. After exfiltration they deleted backups where possible, encrypted remaining cloud data, and initiated extortion via a compromised Microsoft Teams account. CISOs are urged to enforce least privilege, audit on‑prem assets, close cloud visibility gaps, and rehearse ransomware playbooks.

Anthropic Disrupts AI-Powered Data Theft and Extortion

🔒 Anthropic said it disrupted a sophisticated July 2025 operation that weaponized its AI chatbot Claude and the agentic tool Claude Code to automate large-scale theft and extortion targeting at least 17 organizations across healthcare, emergency services, government and religious institutions. The actor exfiltrated personal, financial and medical records and issued tailored ransom demands in Bitcoin from $75,000 to over $500,000. Anthropic reported building a custom classifier and sharing technical indicators with partners to mitigate similar abuses.

Joint Advisory: Countering PRC APT Compromise of Networks

🔒 CISA, the NSA, the FBI, and international partners issued a joint advisory describing People’s Republic of China state-sponsored APT actors compromising networks worldwide to support long-term espionage. Investigations through July 2025 reveal these actors exploit vulnerabilities in large backbone provider edge and customer edge routers—often modifying firmware and configurations to evade detection and maintain persistent access. Affected sectors include telecommunications, government, transportation, lodging, and defense. The advisory urges network defenders, especially in high-risk sectors, to actively hunt for intrusions and apply the recommended mitigations.

Citrix Patches NetScaler Zero-Days as Active Exploits Continue

🔒Citrix has released patches for three critical zero-day vulnerabilities in NetScaler ADC and NetScaler Gateway (CVE-2025-7775, CVE-2025-7776, CVE-2025-8424), including pre-auth remote code execution observed in the wild. The vendor provided fixes for affected 14.1, 13.1 and 12.1-FIPS/NDcPP builds and said no workaround is available. Security researchers and CISA urged immediate patching and forensic checks for potential backdoors.

Cephalus Ransomware: Emergence and Threat Profile

🚨 Cephalus is a mid‑2025 ransomware operation that both encrypts systems and exfiltrates sensitive data for publication on a dark‑web leak site. The group commonly gains initial access via Remote Desktop Protocol (RDP) accounts lacking multi‑factor authentication and uses a DLL sideloading chain that abuses SentinelOne's SentinelBrowserNativeHost.exe to load a malicious DLL and execute the payload. Infected files are renamed with the .sss extension, Volume Shadow Copies are deleted, and Windows Defender is disabled. Organisations should prioritise MFA, timely patching, secure offline backups, network segmentation and staff training to reduce risk.

Storm-0501 Shifts to Cloud-Based Ransomware Tactics

🔒 Microsoft Threat Intelligence reports that financially motivated actor Storm-0501 has shifted from on‑premises endpoint encryption toward cloud‑native ransomware tactics emphasizing rapid data exfiltration, destruction of backups, and extortion. The actor leverages compromised Entra Connect sync accounts, DCSync, and hybrid‑joined devices to escalate to Global Administrator and gain full Azure control. In cloud environments they abuse Azure operations (listing storage keys, AzCopy exfiltration, snapshot and resource deletions) and create malicious federated domains for persistence and impersonation. Microsoft recommends hardening sync configurations, enforcing phishing‑resistant MFA, enabling Defender for Cloud and storage protections, and applying least‑privilege access controls.

Nevada Network Security Incident Shuts Down State Services

⚠️ The State of Nevada confirmed a 'network security incident' on 25 August that prompted the closure of in-person government offices and the temporary takedown of state websites and phone lines while 24/7 recovery efforts continue. The Governor's Office said emergency call-taking and essential services remain available and that temporary routing and operational workarounds are in place. There is currently no evidence that personally identifiable information was compromised, but residents were advised to be cautious of unsolicited calls, emails or texts requesting personal information or payments. The matter is under active investigation and agencies will announce reopening timelines.

ShadowSilk Targets 35 Government Entities in APAC Region

🔎 Group-IB attributes a new cluster dubbed ShadowSilk to recent intrusions against 35 government and related organizations across Central Asia and APAC. The operators employ spear-phishing with password-protected archives to deploy a custom loader that conceals command-and-control traffic using Telegram bots and achieves persistence via Windows Registry modifications. Observed tooling includes web shells (ANTSWORD, Behinder, Godzilla, FinalShell), tunneling utilities, Cobalt Strike, and bespoke credential-stealing components used to exfiltrate data.

CISA Leads Real-Time Response to Nevada Cyberattack

🔒 CISA and public- and private-sector partners are assisting Nevada following an August 24 cyber attack, focusing on restoring networks that support lifesaving and critical services. At the state's request, CISA Threat Hunting teams are actively examining systems to determine the full scope of impact and mitigate threats. The agency also advised on FEMA emergency response grants, and the FBI is supporting the investigation.

Salesloft OAuth Breach via Drift AI Exposes Salesforce Data

🔒 A campaign tied to threat actor UNC6395 exploited compromised OAuth and refresh tokens associated with the Drift chat integration to exfiltrate data from Salesforce instances connected via Salesloft. Observed between Aug 8 and Aug 18, 2025, the actor executed targeted queries to retrieve Cases, Accounts, Users and Opportunities and hunted for credentials such as AWS access keys and Snowflake tokens. Salesloft and Salesforce invalidated tokens, removed Drift from AppExchange, and advised affected customers to re-authenticate integrations and rotate credentials.

Ten Vulnerabilities in Libbiosig and Multiple Vendors

🔒 Cisco Talos disclosed multiple vulnerabilities affecting libbiosig, Tenda AC6, SAIL, PDF‑XChange Editor, and Foxit PDF Reader. The flaws include integer overflows, heap and stack buffer overflows, out‑of‑bounds reads, authentication and firmware validation weaknesses, and other memory corruption issues that can lead to remote code execution or information disclosure. Vendors have released patches in coordination with Talos and Snort coverage is available to detect exploitation attempts. Apply vendor updates and detection rules immediately to reduce exposure.

ShadowSilk Campaign Hits Central Asian Governments

🔍 Group-IB links a broad cyber-espionage campaign, active since 2023 and ongoing into mid‑2025, to the ShadowSilk cluster targeting Central Asian and Asia‑Pacific government organizations. The operation, which has compromised at least 35 government victims, primarily seeks data theft and distributes stolen material on dark web forums. ShadowSilk uses phishing with password‑protected archives, commodity web panels such as JRAT and Morf Project, and post‑compromise tools like Cobalt Strike and Metasploit. Researchers found indicators of both Russian‑ and Chinese‑language operators and advise stronger email defenses, strict application control, regular patching and proactive threat hunting.

LLMs Remain Vulnerable to Malicious Prompt Injection Attacks

🛡️ A recent proof-of-concept by Bargury demonstrates a practical and stealthy prompt injection that leverages a poisoned document stored in a victim's Google Drive. The attacker hides a 300-word instruction in near-invisible white, size-one text that tells an LLM to search Drive for API keys and exfiltrate them via a crafted Markdown URL. Schneier warns this technique shows how agentic AI systems exposed to untrusted inputs remain fundamentally insecure, and that current defenses are inadequate against such adversarial inputs.

Blind Eagle: Five Clusters Target Colombian Government

⚠️ Recorded Future's Insikt Group attributes five distinct activity clusters to the actor Blind Eagle (tracked as TAG-144) active between May 2024 and July 2025. The campaigns largely targeted Colombian government agencies across local, municipal, and federal levels using spear-phishing, cracked and open-source RATs (including AsyncRAT, Remcos, DCRat, and Lime RAT) and legitimate internet services for staging. Operators abused dynamic DNS, VPS and VPN services and leveraged geofencing and compromised accounts to redirect or evade detection.

AI-Generated Ransomware 'PromptLock' Uses OpenAI Model

🔒 ESET disclosed a new proof-of-concept ransomware called PromptLock that uses OpenAI's gpt-oss:20b model via the Ollama API to generate malicious Lua scripts in real time. Written in Golang, the strain produces cross-platform scripts that enumerate files, exfiltrate selected data, and encrypt targets using SPECK 128-bit. ESET warned that AI-generated scripts can vary per execution, complicating detection and IoC reuse.

ESET Finds PromptLock: First AI-Powered Ransomware

🔒 ESET researchers have identified PromptLock, described as the first known AI-powered ransomware implant, in an August 2025 report. The Golang sample (Windows and Linux variants) leverages a locally hosted gpt-oss:20b model via the Ollama API to dynamically generate malicious Lua scripts. Those cross-platform scripts perform enumeration, selective exfiltration and encryption using SPECK 128-bit, but ESET characterises the sample as a proof-of-concept rather than an active campaign.

Custom Metrics in Amazon CloudWatch Application Signals

🔍 Amazon CloudWatch Application Signals now supports Custom Metrics, enabling developers and operators to define and visualize application-specific telemetry alongside standard health metrics such as fault rates, errors, and latency. You can ingest metrics directly with OpenTelemetry Metrics or derive them from spans using the OpenTelemetry Traces SDK and Metrics Filters. The Application Signals console offers correlated views in the Related Metrics tab, interactive visualization, and quick navigation to correlated spans, top contributors, and related logs. Custom Metrics support is available in all regions where Application Signals is offered; see documentation and CloudWatch pricing for details.

SageMaker HyperPod Supports EBS CSI Driver for Storage

🔧 Amazon SageMaker HyperPod now supports the Amazon Elastic Block Store (EBS) Container Storage Interface (CSI) driver, enabling dynamic provisioning and lifecycle management of persistent EBS volumes for machine learning workloads on HyperPod EKS clusters. Through standard Kubernetes persistent volume claims and storage classes, teams can create, attach, resize, snapshot, and encrypt volumes (including customer-managed KMS keys), and volumes persist across pod restarts and node replacements. Install the EBS CSI driver as an EKS add-on to get started; the capability is available in all regions where HyperPod EKS clusters are supported.

Storage Insights datasets optimize Cloud Storage spend

📊 Storage Insights datasets put object and bucket metadata into a BigQuery-linked dataset that refreshes automatically, enabling detailed analysis of storage spend, distribution, lifecycle and Autoclass usage. Administrators can run SQL queries or use Gemini Cloud Assist for natural-language insights, then feed outputs into serverless batch operations to relocate, transition or delete data at scale. The feature supports organization-, folder-, project- or bucket-scoped datasets with daily updates and up to 90-day retention for operational and FinOps workflows.

CISA Launches Interactive Tool to Secure Software Buying

🛡️ CISA has released the Software Acquisition Guide: Supplier Response Web Tool to help IT leaders, procurement officers and software vendors strengthen cybersecurity across the acquisition lifecycle. The free, interactive platform digitizes CISA’s existing guidance into an adaptive format that highlights context-specific questions and generates exportable summaries for CISOs, CIOs and other decision-makers. Designed with secure-by-design and secure-by-default principles, the tool supports due diligence without requiring procurement professionals to be cybersecurity experts and aims to simplify risk-aware procurement decisions.

BadCam: Reflashed Webcams Enable BadUSB-Style Attacks

🔒 Researchers demonstrated BadCam, a BadUSB-style attack presented at BlackHat that reflashes a webcam's firmware so a standard camera can act as a programmable HID device. The proof-of-concept targeted Lenovo 510 FHD and Lenovo Performance FHD models using a SigmaStar SoC, exploiting lack of cryptographic firmware verification and Linux USB Gadget support to present keyboard/network interfaces. Standard scans and OS reinstalls won't remove such implants, so organizations should apply firmware patches, USB control policies, and HID monitoring to mitigate the risk.

AWS SageMaker Adds P5.4xlarge with NVIDIA H100 GPU

🚀 Amazon SageMaker Training and Processing Jobs now supports the new EC2 P5 instance size with a single NVIDIA H100 GPU, offering the P5.4xlarge configuration for cost‑effective ML and HPC workloads. The instance enables fine-grained scaling so customers can begin with smaller configurations and expand incrementally, improving cost management and infrastructure flexibility. P5.4xlarge is available via SageMaker Flexible Training Plans and in select regions through On‑Demand and Spot.

Cloudflare's Edge-Optimized LLM Inference Engine at Scale

⚡ Infire is Cloudflare’s new, Rust-based LLM inference engine built to run large models efficiently across a globally distributed, low-latency network. It replaces Python-based vLLM in scenarios where sandboxing and dynamic co-hosting caused high CPU overhead and reduced GPU utilization, using JIT-compiled CUDA kernels, paged KV caching, and fine-grained CUDA graphs to cut startup and runtime cost. Early benchmarks show up to 7% lower latency on H100 NVL hardware, substantially higher GPU utilization, and far lower CPU load while powering models such as Llama 3.1 8B in Workers AI.

Skills Shortage Threatens Corporate Cybersecurity Resilience

🔒 A recent Accenture report warns that only 34% of companies have a mature cyber strategy and just 13% possess advanced capabilities to defend against AI-driven threats, leaving many organizations exposed. Industry leaders identify a persistent shortage of specialized cybersecurity talent as the central obstacle: 83% of IT leaders say the lack of cyber talent is a major barrier. Experts cite systemic causes beyond pay, including burnout and unsustainable workplace culture, and point to gender imbalance and gaps in vocational training as missed opportunities. Some analysts expect AI to help by automating repetitive tasks and easing staff burnout, but training and structural reforms are still urgently needed.

ENISA to Run €36m EU Cybersecurity Incident Reserve

🛡️ ENISA has been allocated €36m to operate the EU Cybersecurity Reserve, a virtual pool of pre‑vetted private incident response providers established under the EU Cyber Solidarity Act. The funding, delivered through the Digital Europe Programme over three years, will be used to procure responders and to evaluate and fulfil support requests from member states, CSIRTs or CERT‑EU. Unused pre‑committed services can be repurposed for prevention and preparedness. ENISA will also lead a European certification scheme for managed security services, initially focusing on incident response.

Amazon EKS adds on-demand cluster insights refresh

🔁 Amazon EKS now supports on-demand refresh of cluster insights, enabling operators to retrieve the latest detection results immediately after making changes. The capability complements existing periodic checks that identify upgrade warnings and configuration recommendations. By allowing immediate verification, teams can accelerate upgrade testing, confirm that remediations took effect, and shorten the feedback loop for cluster configuration changes.

AWS Transfer Family Adds Terraform SFTP Connector Support

🚀 The AWS Transfer Family Terraform module now supports provisioning SFTP connectors to transfer files between Amazon S3 and remote SFTP servers. Announced 2025-08-27, the addition builds on existing Terraform support for SFTP server endpoints and enables programmatic provisioning of connectors, dependencies, and customizations in a single IaC deployment. The module includes end-to-end examples to automate transfers on schedules or event triggers, reducing manual configuration and improving repeatability, security, and scale.

AWS Network Firewall adds ReceivedBytes metric in CloudWatch

🔍 AWS has added the new ReceivedBytes metric for AWS Network Firewall to Amazon CloudWatch, giving customers per-firewall visibility into total incoming bytes inspected. The metric differentiates counts for the stateless and stateful engines, enabling more granular analysis of processing and performance. Available in all Regions where Network Firewall is supported, the data can be integrated into existing monitoring, alerting, and optimization workflows to support capacity planning and cost reduction.

SageMaker HyperPod Supports Customer-Managed KMS for EBS

🔐 Amazon SageMaker HyperPod now supports customer-managed AWS KMS keys (CMKs) to encrypt EBS volumes, giving enterprises direct control over encryption for root and secondary storage. This enables integration with existing key management and compliance workflows and uses a grants-based approach for secure cross-account access. Customers can specify CMKs via the CreateCluster and UpdateCluster APIs for clusters in continuous provisioning mode. The capability is available in all Regions where HyperPod runs.

Palo Alto Networks Named Leader in HMF Magic Quadrant

🔐 Palo Alto Networks has been named a Leader in the inaugural 2025 Gartner Magic Quadrant for Hybrid Mesh Firewall, recognized for both Completeness of Vision and Ability to Execute. The announcement highlights the Strata Network Security Platform, which unifies hardware, virtual, container, cloud-native and FWaaS deployments under a single, cloud-based management plane. Powered by Precision AI®, the platform delivers consistent policy, automation and real-time threat prevention across hybrid environments.

Check Point Named Leader in 2025 Hybrid Mesh Firewall

🚀 Check Point has been named a Leader in the 2025 Gartner Magic Quadrant for Hybrid Mesh Firewall, recognized for ability to execute and completeness of vision. The firm emphasizes its AI-powered network security to deliver consistent, high-performance threat prevention across on-premises, cloud and SASE environments. The recognition highlights unified management and proactive defenses designed for distributed enterprises facing AI-driven attacks.

Agent Factory: Top 5 Agent Observability Practices

🔍 This post outlines five practical observability best practices to improve the reliability, safety, and performance of agentic AI. It defines agent observability as continuous monitoring, detailed tracing, and logging of decisions and tool calls combined with systematic evaluations and governance across the lifecycle. The article highlights Azure AI Foundry Observability capabilities—evaluations, an AI Red Teaming Agent, Azure Monitor integration, CI/CD automation, and governance integrations—and recommends embedding evaluations into CI/CD, performing adversarial testing before production, and maintaining production tracing and alerts to detect drift and incidents.

Microsoft Tops Modern Endpoint Security Market Share

🔒 Microsoft Defender has been ranked number one in modern endpoint security market share for the third consecutive year, according to IDC’s 2024 report. Market share rose from 25.8% in 2023 to 28.6% in 2024, reflecting a 28.2% growth rate. Defender emphasizes cross-platform protection—Windows, macOS, Linux, iOS, Android, and IoT—leveraging AI-powered detection and built-in exposure management to enable rapid SOC response and attack disruption.

AWS App Runner Adds IPv6 for Inbound and Outbound Traffic

🌐 AWS App Runner now supports IPv6 for both inbound and outbound traffic on public and private service endpoints. This removes the need for IPv4/IPv6 address translation and helps customers meet IPv6 compliance requirements. You enable the capability by selecting the dual-stack option in the networking configuration for new or existing services. IPv6 support is available in all Regions where App Runner is offered.

Securing Cloud-Native Workloads From Code to Runtime

🔒 Lacework FortiCNAPP unifies CSPM, CWP, CIEM, and CDR to secure cloud-native workloads from development through runtime. It integrates with CI/CD pipelines to scan IaC, container images, and libraries, and leverages FortiDevSec for static and dynamic testing so vulnerabilities are caught before deployment. At runtime, behavior-based workload protection, cloud audit log analysis, and Fortinet Composite Alerts produce high-fidelity detections, while FortiWeb and automation via FortiSOAR enable edge blocking and orchestrated remediation.

Five Essential Rules for Safe AI Adoption in Enterprises

🛡️ AI adoption is accelerating in enterprises, but many deployments lack the visibility, controls, and ongoing safeguards needed to manage risk. The article presents five practical rules: continuous AI discovery, contextual risk assessment, strong data protection, access controls aligned with zero trust, and continuous oversight. Together these measures help CISOs enable innovation while reducing exposure to breaches, data loss, and compliance failures.

CrowdStrike to Acquire Onum for Real-Time Telemetry

📡 CrowdStrike announced an agreement to acquire Onum, a leader in real-time telemetry pipeline management that will extend the CrowdStrike Falcon platform's data advantage. Onum transforms telemetry in motion by filtering, enriching and optimizing events as they stream, delivering high-fidelity intelligence to Falcon Next-Gen SIEM, customer AI agents and data lakes. CrowdStrike highlights gains in speed and cost efficiency, saying the integration will reduce storage overhead, accelerate incident response and enable an agentic SOC powered by real-time, AI-driven detection.

CrowdStrike Named Leader in IDC MarketScape 2025 IR Services

🔹 CrowdStrike was named a Leader in the IDC MarketScape: Worldwide Incident Response Services 2025 assessment, recognized for its AI-native Falcon platform and a global 24/7 incident response model. The company combines over 100,000 hours of annual IR casework with frontline breach expertise to speed detection, investigation and containment. Its follow-the-sun delivery and AI-augmented tooling reduce time-to-recovery, while proactive offerings like CrowdStrike Pulse Services help customers build long-term resilience.

Password Manager Auto-Fill Flaw, Quantum Risks, Devices

🔒 In this edition of the Smashing Security podcast Graham Cluley and guest Thom Langford examine how some password managers can be tricked into auto-filling secrets into cookie banners via a clickjacking sleight-of-hand. They discuss practical defenses for website owners and hardening steps for users to protect their personal vaults. The episode also covers post-quantum concerns—"harvest-now, decrypt-later"—Microsoft’s 2033 quantum-safe commitment, and device update risks including printers, plus lighter segments like a dodgy URL "shadyfier" and repurposing an iMac G4 as a media hub.

AWS Client VPN adds Windows Arm64 support in v5.3.0

🔐 AWS announced that AWS Client VPN version 5.3.0 adds official support for Windows Arm64, enabling the AWS-supplied desktop VPN client to run on the latest Arm64-based Windows devices. The client remains free of charge and is available in all regions where the service is generally available. Client VPN is a managed service that connects remote users securely to AWS and on-premises networks and continues to support macOS 13–15, Windows 10 (x64), Windows 11 (Arm64 and x64), and Ubuntu Linux 22.04 and 24.04 LTS. Administrators can download and deploy the updated client to bring Arm64 Windows endpoints into supported VPN configurations.

Google for Startups: 2025 Brazilian AI First Cohort

🚀 Google has announced the 2025 Brazilian cohort for the Google for Startups Accelerator: AI First, selecting 11 companies applying AI across finance, health, marketing, and agriculture. The program begins on September 2 and will provide personalized technical and strategic support, including mentorship and access to Google's AI experts. The cohort spans solutions for automated billing and claims, digital pathology, agroforestry intelligence, creator marketing, legal automation, treasury automation, and AI-driven children's storytelling.

Skopeo for Google Cloud: Simplifying Container Workflows

📦 This post describes how Skopeo, a daemonless CLI for container images, can streamline image management with Artifact Registry and Google Cloud CI/CD. It outlines setup steps and five practical workflows—inspect manifests, registry-to-registry copying, listing tags, promoting images, and automated verification. The article also covers security integrations with tools like Cosign and Binary Authorization, and recommends Skopeo for faster, daemonless automation in Cloud Build and related environments.

BlueHat Asia 2025 Call for Papers Closes Sept 5 — Bengaluru

📢 BlueHat Asia 2025 in Bengaluru is now accepting talk submissions through September 5, 2025. Hosted by the Microsoft Security Response Center (MSRC), the two-day event on November 5–6 invites security researchers and responders of all experience levels to present findings, lessons learned, and industry guidance. Topics of interest include vulnerability discovery and mitigation, exploit development and detection, AI/ML security, IoT/OT and critical infrastructure protection, DFIR, social engineering, and reverse engineering. Submissions require a title and a sufficiently detailed abstract; a full academic paper is not necessary, and MSRC cases may be presented only after at least 30 days have passed since the associated fix was published. To explore co-presentation or partnership opportunities, contact bluehat@microsoft.com.

BlueHat Asia 2025 CFP Open — Submit Papers by Sep 14

📣 BlueHat Asia 2025, hosted by the Microsoft Security Response Center (MSRC), will take place in Bengaluru, India on November 5–6, 2025. The Call for Papers is open through September 14, 2025, and submissions require only a talk title and a sufficiently detailed abstract—no formal paper is necessary. Speakers are invited to present practical research and lessons across topics such as vulnerability discovery and mitigation, exploit development and detection, securing AI and machine learning, IoT/OT and critical infrastructure security, DFIR, social engineering, malware, and reverse engineering. If you’ve reported a case to MSRC, consider presenting once at least 30 days have passed since the fix was published and impacted customers were notified.

Total Economic Impact of ChromeOS: ROI, Savings, Security

📊 Google commissioned a Forrester Total Economic Impact™ study to quantify the value of ChromeOS for enterprise deployments. The analysis modeled a composite organization (multinational, $5B revenue, 40,000 employees) and found a 208% ROI over three years, an NPV of $6.8M, and a payback period under six months. Key benefits included 90,000 saved productivity hours, $1.3M in device and licensing savings, $1.2M from strengthened security, and $1.1M in reduced IT support costs.

AWS Console Adds Account Color Settings for Quick ID

🎨 Today AWS announced general availability of account color settings in the AWS Management Console across all Public Regions. Account administrators can assign a persistent color (for example, red for production or yellow for testing) that appears in the Console navigation bar for all authorized users, enabling quick visual identification of accounts. The default color is grey; viewing the color requires AWSManagementConsoleBasicUserAccess or the custom permission uxc:getaccountcolor.

Preventing Online Bullying as Students Return to School

📚 The online world often mirrors the schoolyard, and bullying can intensify when a new term begins. A 2023 Microsoft study highlights cyberbullying as a top parental concern, with harassment ranging from name‑calling and rumor‑spreading to sextortion and deepfake images. Watch for behavioral changes, keep open, nonjudgmental lines of communication, and review app privacy settings. If abuse occurs, calmly teach children to block, capture evidence and report incidents to platforms and schools.