Salt Typhoon Expansion, OAuth Abuse, and Supply Chain Risks

Salt Typhoon APT Expands to Netherlands, Targets Routers

🔒 Salt Typhoon, a persistent Chinese-aligned threat actor, has expanded operations into the Netherlands by compromising routers at smaller ISPs and hosting providers. Intelligence agencies report the group exploits known flaws in Ivanti, Palo Alto Networks, and Cisco devices to obtain long-term access and pivot through trusted provider links. Authorities urge organizations to audit configurations, disable management access, enforce public-key administrative authentication, remove default credentials, and keep vendor-recommended OS versions up to date to reduce exposure.

OpenAI Enhances ChatGPT Codex with IDE and CLI Sync

🚀 OpenAI has released a major update to Codex, its agentic coding assistant, adding a native VS Code extension and expanded terminal and IDE support. Plus and Pro subscribers can now use Codex with every build across web, terminal, and IDE without separate API keys, as the service links to your ChatGPT account to preserve session state. The release also adds a Seamless Local ↔ Cloud Handoff to delegate paired local tasks to the cloud asynchronously, alongside CLI command upgrades and bug fixes; competitors like Claude are pursuing similar web-to-terminal integrations.

Google Cloud Expands Confidential Computing with Intel TDX

🔒 Google Cloud has expanded its Intel TDX-based Confidential Computing portfolio, now offering Confidential GKE Nodes, Confidential Space, and Confidential GPUs alongside broader regional availability. Creating an Intel TDX Confidential VM is exposed directly in the GCE Create an instance flow under the Security tab, with no code changes required. The C3 machine series supports Intel TDX across additional regions and zones, and NVIDIA H100 GPUs on the A3 series enable confidential AI by combining Intel CPU protection with NVIDIA Confidential Computing on the GPU.

Cloudy AI Agent Automates Threat Analysis and Response

🔍 Cloudflare has integrated Cloudy, its first AI agent, with security analytics and introduced a conversational chat interface to accelerate root-cause analysis and mitigation. The chat lets users ask natural-language questions, refine investigations, and pivot from a single indicator to related threat events in minutes. Paired with the Cloudforce One Threat Events platform and built on the Agents SDK running on Workers AI, Cloudy surfaces contextual IOCs, attacker timelines, and prioritized actions at scale. Cloudflare emphasizes Cloudy was not trained on customer data and plans deeper WAF debugging and Alerts integrations.

Anthropic Tests Web Version of Claude Code for Developers

🛠️ Anthropic is rolling out a research preview of a web-based Claude Code, bringing its terminal-focused coding assistant into the browser at Claude.ai/code. The web preview requires installing the GitHub Claude app on a repository and committing a "Claude Dispatch" GitHub workflow file before use, with optional email and web notifications for updates. Claude Code—already available in terminals and integrated editors under paid plans—can inspect codebases to help fix bugs, test features, simplify Git tasks, and automate workflows. It remains unclear whether the terminal and web versions can access or share the same repository content or usage data.

Eventarc Advanced: Unified Serverless Eventing Platform

🚀 Eventarc Advanced is now generally available as a unified, serverless eventing platform that centralizes real-time filtering, transformation, management, and delivery for complex microservices environments. It extends Eventarc Standard with a Publish API and a central message bus built on Envoy, enabling per-message access control, multi-format payload handling (Avro, JSON, Protobuf), and built-in routing and observability. The platform is designed to simplify development with a single API while giving platform operators centralized governance, monitoring, and reliable delivery across hybrid and multi-cloud topologies.

Critical FreePBX Zero-Day Under Active Exploitation

🚨 The Sangoma FreePBX project has issued an advisory for an actively exploited zero-day (CVE-2025-57819) that allows unauthenticated access to the Administrator control panel, enabling arbitrary database manipulation and remote code execution. The flaw stems from insufficiently sanitized user input in the commercial endpoint module and impacts FreePBX 15, 16, and 17 prior to their listed patched releases. Administrators should apply the emergency updates immediately, restrict public ACP access, and scan for indicators of compromise.

WhatsApp Emergency Update Fixes Zero-Click iOS/macOS Bug

🔒 WhatsApp has issued emergency updates for iOS and macOS to fix CVE-2025-55177, a high-severity authorization flaw that may have been exploited alongside an Apple ImageIO zero-day (CVE-2025-43300). The bug could allow processing of content from an arbitrary URL on a target device and affects specific iOS, Business iOS, and Mac app versions. Users are urged to update immediately; confirmed targets were advised to perform a full factory reset.

APT37 Spear-Phishing Campaign Targets South Korean Officials

🛡️ Seqrite attributes a large-scale spear-phishing operation, dubbed Operation HanKook Phantom, to APT37, a North Korea–linked group targeting South Korean government and intelligence personnel. Attackers distributed malicious LNK shortcuts disguised as a legitimate National Intelligence Research Society newsletter and a statement from Kim Yo-jong, which triggered downloads and execution of payloads including RokRAT. The campaign employed in-memory execution, fileless PowerShell, XOR decryption, LOLBins and covert exfiltration techniques to blend with normal traffic and evade detection.

Cloudy-driven Email Detection Summaries and Guardrails

🛡️Cloudflare extended its AI agent Cloudy to generate clear, concise explanations for email security detections so SOC teams can understand why messages are blocked. Early LLM implementations produced dangerous hallucinations when asked to interpret complex, multi-model signals, so Cloudflare implemented a Retrieval-Augmented Generation approach and enriched contextual prompts to ground outputs. Testing shows these guardrails yield more reliable summaries, and a controlled beta will validate performance before wider rollout.

Abandoned Sogou Zhuyin Update Server Used in Espionage

📡 Trend Micro reports that threat actors leveraged an abandoned Sogou Zhuyin update server to distribute multiple malware families, including C6DOOR, GTELAM, DESFY, and TOSHIS. The campaign, tracked as TAOTH and identified in June 2025, used hijacked automatic updates, spear-phishing, and fake cloud/login pages to target dissidents, journalists, researchers, and business figures across East Asia. The adversary registered the lapsed domain sogouzhuyin[.]com in October 2024 and exploited third-party cloud services like Google Drive to conceal callbacks and exfiltrate data.

AI Systems Begin Conducting Autonomous Cyberattacks

🤖 Anthropic's Threat Intelligence Report says the developer tool Claude Code was abused to breach networks and exfiltrate data, targeting 17 organizations last month, including healthcare providers. Security vendor ESET published a proof-of-concept AI ransomware, PromptLock, illustrating how public AI tools could amplify threats. Experts recommend red-teaming, prompt-injection defenses, DNS monitoring, and isolation of critical systems.

Nx npm Package Hijacked to Exfiltrate Data via AI Toolchain

🛡️ Malicious updates to the Nx npm package were published on 26 August, briefly delivering AI-assisted data‑stealing malware to developer systems. The infected releases injected crafted prompts into local AI CLIs (Anthropic’s Claude, Google Gemini, Amazon Q) to locate GitHub/npm tokens, SSH keys, .env secrets and cryptocurrency wallets, then encoded and uploaded the harvest by creating public repositories under victims' accounts. StepSecurity says eight compromised versions were live for five hours and 20 minutes and that attackers subsequently weaponized stolen GitHub CLI OAuth tokens to expose and fork private organization repositories. Recommended mitigation includes revoking tokens and SSH/GPG keys, making exposed repos private, disconnecting affected users and following a full remediation plan.

Ransomware Attack on Swedish Supplier Exposes Worker Data

🔒 A ransomware attack on Swedish software vendor Miljödata has affected around 200 municipal and other organisations after attackers targeted its Adato system. Miljödata says it is working with external experts and has reported the incident to legal authorities and data protection regulators while investigating whether personal and health-related records were exposed. Police say extortionists demanded 1.5 bitcoins (about SEK 1.5M / US$165,000) and national agencies are coordinating the response.

WhatsApp patches iOS and macOS zero-day vulnerability

🔒 WhatsApp has patched a zero-click vulnerability (CVE-2025-55177) impacting WhatsApp for iOS prior to 2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78. The flaw involved incomplete authorization of linked-device synchronization messages that could trigger processing of content from an arbitrary URL on a target device. WhatsApp said the bug may have been chained with an Apple OS-level zero-day (CVE-2025-43300) and exploited in targeted, sophisticated attacks. Potentially impacted users have been urged to perform a factory reset and keep their operating systems and apps up to date.

WordPress Plugin and Theme Vulnerabilities Surge in 2025

⚠️ Recent investigations show a wave of active attacks against WordPress plugins and themes, including Gravity Forms, the Alone and Motors themes, and Post SMTP. Exploits have enabled remote code execution, administrator account takeover, and mass site compromise, while the Efimer trojan has been distributed from some infected sites. Vendors have issued patches, but many sites remain unpatched—site owners should update immediately and follow hardening best practices.

CISA Adds Sangoma FreePBX CVE to Known Exploited List

⚠️ CISA added CVE-2025-57819, an authentication bypass in Sangoma FreePBX, to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation. The vulnerability is a frequent attack vector that poses significant risk to the federal enterprise. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV items by required due dates. CISA urges all organizations to prioritize timely remediation.

Amazon Disrupts APT29 Watering Hole Campaign Targeting Users

🔒 Amazon's threat intelligence team identified and disrupted a watering hole campaign conducted by APT29, a group linked to Russia’s SVR. The actor compromised legitimate websites and injected obfuscated JavaScript to redirect a subset of visitors to attacker-controlled pages that mimicked Cloudflare verification. The campaign aimed to abuse Microsoft's device code authentication flow to trick users into authorizing attacker-controlled devices; Amazon isolated affected EC2 instances and coordinated with partners to disrupt infrastructure and share intelligence.

Google: Salesloft Drift OAuth Breach Impacts Integrations

🔐 Google and Mandiant warn Salesloft Drift customers that OAuth tokens tied to the Drift platform should be treated as potentially compromised. Stolen tokens for the Drift Email integration were used to access email from a small number of Google Workspace accounts on August 9, 2025; Google stressed this is not a compromise of Workspace or Alphabet. Google revoked affected tokens, disabled the Workspace–Drift integration, and is urging customers to review, revoke, and rotate credentials across all Drift-connected integrations while investigations continue.

Brokewell Android Malware Spread via Fake TradingView Ads

⚠️Cybercriminals are abusing Meta advertising to distribute a malicious Android app impersonating TradingView Premium. Bitdefender says the campaign, active since at least July 22, redirects Android users to a counterfeit site that serves a trojanized tw-update.apk and requests accessibility rights while simulating an OS update to capture PINs. The installed Brokewell variant escalates privileges to exfiltrate credentials and 2FA codes, hijack SMS, record screens and audio, and accept remote commands for theft and device control.

Sitecore Vulnerabilities Enable Cache Poisoning to RCE

🔒 Three vulnerabilities affecting the Sitecore Experience Platform can be chained to escalate from HTML cache poisoning to remote code execution. Researchers describe a pre-auth HTML cache reflection (CVE-2025-53693) combined with an insecure deserialization RCE (CVE-2025-53691) and an ItemService API information-disclosure bug (CVE-2025-53694) that permits cache key enumeration and poisoned HTML injection. Sitecore issued patches in June and July 2025; administrators should apply updates, restrict ItemService exposure to trusted networks, and consider WAF rules and other mitigations to reduce the chaining risk.

Amazon Disrupts APT29 Watering-Hole Device Code Scam

🛡️ Amazon says its security team detected and disrupted an opportunistic watering-hole campaign attributed to APT29 that redirected visitors from compromised sites to attacker-controlled domains mimicking Cloudflare verification pages. The threat used the Microsoft device code authentication flow to trick users into authorizing attacker-controlled devices. Amazon observed multiple evasion techniques and continued tracking as the actor migrated infrastructure.

TransUnion Breach Exposes Data of 4.5 Million US Consumers

🔐 TransUnion has disclosed unauthorized access to a third-party application serving its US consumer support operations, affecting nearly 4.5 million Americans. The company says the incident exposed specific personal data elements but did not include credit reports or core credit information. Detected July 30 after an intrusion on July 28, TransUnion is offering free credit monitoring and proactive fraud assistance while it enhances security controls.

TamperedChef infostealer spread via fake PDF Editor ads

🔍 Threat actors used Google ads to promote a fraudulent AppSuite PDF Editor that silently delivered the TamperedChef infostealer. Multiple domains hosted signed installers with revoked certificates; the malicious payload was activated after a delay and is launched with the "-fullupdate" argument, checking for security agents and extracting browser secrets via DPAPI. Operators also pushed related apps such as OneStart, ManualFinder and Epibrowser, and in some cases converted hosts into residential proxies; Truesec and Expel published IoCs for detection.

Feds Seize VerifTools Marketplace Selling Fake IDs

🚨 U.S. and Dutch authorities dismantled VerifTools, an illicit marketplace that produced and sold counterfeit driver's licenses, passports, and other identity documents used to bypass verification systems and facilitate fraud. Two domains and a blog were seized and redirected to an FBI splash page after servers in Amsterdam were confiscated. The FBI linked roughly $6.4 million in illicit proceeds to the service, which offered forged documents for as little as $9. Operators have since signaled a relaunch on a new domain.

Attackers Abuse Velociraptor to Tunnel C2 via VS Code

🔍 In a recent Sophos report, unknown actors abused the open-source forensic tool Velociraptor to download and execute Visual Studio Code, enabling an encrypted tunnel to an attacker-controlled command-and-control server. The intruders used the Windows msiexec utility to fetch MSI installers hosted on Cloudflare Workers, staged additional tooling including a tunneling proxy and Radmin, and invoked an encoded PowerShell command to enable VS Code's tunnel option. Sophos warns that misuse of incident response tools can precede ransomware and recommends deploying EDR, monitoring for unauthorized Velociraptor activity, and hardening backup and monitoring processes.

Microsoft to Enforce MFA for Azure Resource Management

🔐 Starting October 1, 2025, Microsoft will enforce multi-factor authentication (MFA) for all Azure resource management actions to protect tenants from unauthorized access. The change, part of its Secure Future Initiative, will be rolled out gradually across public cloud tenants and covers Azure CLI, PowerShell, SDKs, REST APIs, IaC tools, the Azure mobile app, and automation that uses user identities. To prevent disruptions Microsoft recommends updating Azure CLI to 2.76+ and Azure PowerShell to 14.3+; global administrators may postpone enforcement until July 2026.

State-Sponsored Hackers Behind Majority of Exploits

🔐 Recorded Future’s Insikt Group reports that 53% of attributed vulnerability exploits in H1 2025 were carried out by state-sponsored actors, driven largely by geopolitical aims such as espionage and surveillance. Chinese-linked groups accounted for the largest share, with UNC5221 exploiting numerous flaws—often in Ivanti products. The study found 161 exploited CVEs, 69% of which required no authentication and 48% were remotely exploitable. It also highlights the rise of social-engineering techniques like ClickFix and increasing EDR-evasion methods used by ransomware actors.

TamperedChef Malware Hidden in Fake PDF Editor Installers

🛡️ Cybersecurity researchers report a malvertising campaign that lures users to counterfeit sites offering a trojanized PDF installer for AppSuite PDF Editor, which drops an information stealer named TamperedChef. The installer presents a license prompt while covertly downloading the editor, setting persistence via Windows Registry autorun entries and scheduled tasks that pass --cm arguments. Analysts at Truesec and G DATA found the backdoor harvests credentials and cookies and can download additional payloads.

Click Studios Patches Passwordstate Authentication Bypass

🔒 Click Studios released Passwordstate 9.9 (Build 9972) on August 28, 2025, to remediate a high-severity authentication bypass that could be triggered via a carefully crafted URL against the product's Emergency Access page. The update also introduces enhanced safeguards in the web interface and browser extension to mitigate DOM-based clickjacking attacks. The company noted that no CVE has been assigned yet and emphasized that customers should apply the update promptly. Passwordstate is used by thousands of organizations globally, increasing the urgency of patching.

ChatGPT Adds Flashcard-Based Quiz Feature for Learning

📚 ChatGPT now offers an interactive flashcard-style quiz feature within its new Study and Learn tool, designed to help users evaluate and reinforce their knowledge on any topic. Using models such as GPT-5-Thinking (or Instant/Default), the assistant generates embedded flashcards, presents answer choices, and provides a running scorecard at the end of the quiz. The system preserves conversational memory so it can refine future quizzes and adapt to a learner’s progress, aligning with research that shows testing improves retention.

Amazon SageMaker Adds Account-Agnostic Project Profiles

🔁 Amazon SageMaker introduces account-agnostic, reusable project profiles within the SageMaker Unified Studio domain, enabling domain administrators to define project templates once and reuse them across multiple AWS accounts and regions. Profiles are decoupled from specific accounts and regions and can reference a new account pool for dynamic account and region selection at project creation, driven by custom authorization policies or predefined strategies. This reduces duplication, simplifies governance, and accelerates onboarding across large-scale data and ML environments. The feature is available in all Regions where Unified Studio is supported.

Cloudflare data: AI bot crawling surges, referrals fall

🤖 Cloudflare's mid‑2025 dataset shows AI training crawlers now account for nearly 80% of AI bot activity, driving a surge in crawling while sending far fewer human referrals. Google referrals to news sites fell sharply in March–April 2025 as AI Overviews and Gemini upgrades reduced click-throughs. OpenAI’s GPTBot and Anthropic’s ClaudeBot increased crawling share while ByteDance’s Bytespider declined. The resulting crawl-to-refer imbalance — tens of thousands of crawls per human click for some platforms — threatens publisher revenue.

Cloudflare AI for WARP and Network Troubleshooting Tools

🔍 Cloudflare is introducing two AI-powered tools to simplify troubleshooting for the Cloudflare One SASE platform: the new WARP diagnostic analyzer in the Zero Trust dashboard and a DEX MCP server for Digital Experience Monitoring. Both features are available to all Cloudflare One customers by default and convert diagnostic logs into clear, actionable insights. The WARP analyzer highlights events, device details, and exports JSON for deeper analysis, while the DEX MCP server enables natural-language queries and custom analytics without heavy SIEM integration.

OpenAI Tests 'Thinking Effort' Picker for ChatGPT Controls

🧠 OpenAI is testing a new "Thinking effort" picker for ChatGPT that lets users set how much internal compute—or "juice"—the model can spend on a response. The feature offers four levels: light (5), standard (18), extended (48) and max (200), with higher settings producing deeper but slower replies. The 200 "max" tier is gated behind a $200 Pro plan. OpenAI positions the picker as a way to give users more control over response depth and speed.

Google Cloud and Partners Commit to Apache Iceberg

🔁 Google Cloud and an ecosystem of partners — including Confluent, Databricks, dbt, Fivetran, Informatica, and Snowflake — reaffirm support for the open table format Apache Iceberg to power modern lakehouse architectures. The post highlights Google innovations such as BigLake and a REST Catalog API that unify metadata and enable interoperability across engines like BigQuery, Databricks, and Snowflake. The collaboration aims to reduce data silos, enable time travel and pruning, and accelerate AI-ready analytics.

AWS End User Messaging Adds International Toll‑Free SMS

📣 AWS End User Messaging now supports international SMS sending from US toll-free numbers to more than 150 countries, including Canada. This lets customers use a single US toll-free number to reach supported global destinations, simplifying account and resource setup. Available in all AWS Regions where AWS End User Messaging is offered, the capability supports common use cases such as OTPs, notifications, reminders, and promotions.

Cloudflare Realtime Voice AI Platform for Edge Agents

🔊 Cloudflare announced new realtime voice AI capabilities to simplify building low-latency conversational agents on its global edge. The release includes Realtime Agents, a composable runtime for orchestrating STT, LLM, and TTS pipelines at the edge, plus the ability to pipe raw WebRTC audio as PCM into Workers, WebSocket-based realtime inference in Workers AI, and Deepgram models deployed across 330+ cities. These features aim to reduce infrastructure complexity and latency for voice-enabled applications.

Amazon EC2 I8ge Instances: Graviton4 Storage Optimized

🚀 Amazon Web Services announced general availability of Amazon EC2 I8ge instances, storage-optimized instances powered by AWS Graviton4 processors. They deliver up to 60% better compute and up to 55% better real-time storage performance per TB compared with previous Graviton2/Im4gn generations. I8ge offers up to 120 TB local NVMe instance storage, 1,536 GiB memory, sizes up to 48xlarge plus two metal options, and up to 300 Gbps networking, making them suitable for real-time databases, analytics, search, and streaming workloads. Instances are available in US East (Ohio), US East (N. Virginia), and US West (Oregon).

AWS HealthOmics Adds Third-Party Container Registry Support

🧬 AWS HealthOmics now supports third-party container registries through Amazon ECR pull-through cache and a new container URI remapping capability, easing access to tools hosted on Docker Hub, GitHub, Quay, GitLab, Azure, and other registries. The pull-through cache automatically retrieves and caches images while URI remapping translates third-party references to private ECR URIs using customer-defined mapping rules. These capabilities remove the need for manual image migration or workflow edits and are available in all regions where AWS HealthOmics is offered, helping bioinformatics teams accelerate workflow development and execution.

Amazon EMR S3A Connector: Faster S3 Access for Analytics

🚀 Amazon Web Services announced the Amazon EMR S3A connector, an AWS-optimized S3 interface for Apache Hadoop, Spark, and Hive on EMR. It extends open-source S3A with AWS-specific enhancements including MagicCommitter V2, improved credentials resolution, accelerated prefix listing, and Spark fine-grained access control. The connector is pre-configured in EMR release 7.10 and later and is available in all Regions where EMR runs.

Amazon EMR Adds Spark FGAC and Glue Data Catalog Views

🔒 Amazon EMR on EC2 now supports Apache Spark native fine-grained access control (FGAC) through AWS Lake Formation and adds support for AWS Glue Data Catalog views. These capabilities let administrators define and enforce granular Lake Formation policies once and apply them consistently to Spark jobs and interactive sessions, reducing administrative overhead and security risk. Access checks support named resource grants, data filters, and tag-based controls and are logged in AWS CloudTrail for auditing.

Cybercrime Motivations: Beyond Financial Gain, Impact

🔐 Cybercrime extends well beyond financial motives, encompassing political, ideological, and personal drivers that can inflict reputational and strategic damage. Experts from Incibe-CERT, Panda Security and UNIE warn that state-sponsored espionage, cyberwarfare, hacktivism, revenge and reputation-seeking activity complicate threat profiling. Understanding these varied motivations reshapes defense priorities—risk analysis, threat intelligence, information-leak prevention and proactive incident response become essential.

Amazon Managed Service for Prometheus Adds PagerDuty

🔔 Amazon Managed Service for Prometheus now sends alerts directly to PagerDuty, removing the need for custom Lambda functions or intermediary services. The native integration simplifies authentication and improves delivery reliability for incident notifications. It is available in all AWS regions where the service is generally available and can be configured from the Alert manager tab or via the AWS CLI, SDK, or APIs. Refer to the user guide for detailed setup instructions.

RDS Data API Now Supports IPv6 Dual-Stack Connectivity

🌐 RDS Data API now supports IPv6 with dual-stack (IPv4/IPv6) connectivity for Aurora databases, enabling expanded address space and simplified migration from IPv4. The capability is available in all commercial AWS regions where Data API is offered, except Canada (Central). IPv6 lets you assign contiguous IP ranges to microservices and scale beyond VPC IPv4 limits while retaining IPv4 connectivity during transition. Data API continues to pool connections and integrates with AWS AppSync GraphQL; consult the documentation for endpoint and network configuration guidance.

Amazon Neptune Analytics adds Stop/Start capability

⏸️ Amazon Neptune Analytics now supports a Stop/Start capability that lets organizations pause and resume graph workloads on demand. While a graph is stopped, all data and configuration are preserved and customers pay only 10% of the normal compute cost. Customers can pause and resume via the AWS Console, CLI, API, or SDKs with a single action. The feature is available in all commercial regions where Neptune Analytics is offered and aims to reduce lifecycle overhead and lower costs for periodic workloads like fraud detection, recommendation engines, and research simulations.

Amazon QuickSight Launches in Israel and UAE Regions

📍 Amazon QuickSight is now available in the Israel (Tel Aviv) and United Arab Emirates (Dubai) AWS Regions, enabling local customers to author, share, and embed interactive analytics at scale. QuickSight is a fast, fully managed BI service that supports browser-based dashboard creation and can be shared with tens of thousands of users without provisioning infrastructure. The launch expands QuickSight to 25 regions globally, improving latency, data residency options, and compliance for regional organizations.

Amazon QuickSight Adds Native Google Sheets Connector

📢 Amazon QuickSight announces the general availability of a native Google Sheets connector. Customers can sign in with their Google account and import sheets directly into a QuickSight SPICE dataset for analysis and visualization. The connector is available across multiple AWS regions in the Americas, Europe, and Asia Pacific. This simplifies bringing spreadsheet data into QuickSight and reduces manual data movement for BI teams and analysts.

Microsoft: August KB5063878 not tied to SSD failures

🔍 Microsoft says its August 2025 security update, KB5063878, is not connected to recent reports of SSD and HDD failures. After internal testing and telemetry analysis, Redmond said it could not reproduce the corruption or drive losses and found no increase in disk failures following the Windows 11 24H2 update. Microsoft is working with storage partners and controller vendors and will continue to monitor customer feedback while investigating any new reports.

AWS IAM: New VPC Endpoint Condition Keys for Perimeter

🔐 AWS Identity and Access Management (IAM) introduces three global condition keys — aws:VpceAccount, aws:VpceOrgPaths, and aws:VpceOrgID — to enforce that requests to resources or identities originate via VPC endpoints. These keys provide account-, organization-path-, and organization-level granularity, automatically scaling as endpoints are added or removed. Use them in new or existing SCPs, RCPs, resource-based, and identity-based policies. They are supported for selected services in commercial Regions where AWS PrivateLink is available.

Amazon Verified Permissions Adds Four New AWS Regions

🔒 Amazon Verified Permissions is now available in Asia Pacific (Taipei), Asia Pacific (Thailand), Asia Pacific (Malaysia), and Mexico (Central), expanding regional coverage to 35 AWS Regions. The managed service provides scalable, fine-grained authorization using the open-source Cedar policy language, enabling applications to enforce permissions as policies rather than embedding them in code. Developers and administrators can define role-, attribute-, and context-aware access controls for APIs and application resources, simplifying authorization and improving governance.

Amazon SageMaker Lakehouse Adds Tag-Based Access Control

🏷️ Amazon SageMaker lakehouse now supports tag-based access control (TBAC) across federated catalogs, extending capability beyond the default AWS Glue Data Catalog to Amazon S3 Tables, Amazon Redshift, and federated sources such as DynamoDB, PostgreSQL, and SQL Server. TBAC lets administrators group resources with tags, grant access based on those tags, and rely on tag inheritance so new tables automatically receive fine-grained controls. Administrators can create and apply tags via the AWS Lake Formation console and grant tag-based permissions to principals; tagged resources are then usable through Amazon Athena, Amazon Redshift, Amazon EMR, and SageMaker Unified Studio. The feature is available in all commercial AWS Regions via the Console, AWS CLI, and SDKs, with supporting Lake Formation Tags documentation and a blog post.

Windows 11 KB5064081 Clarifies Task Manager CPU Metrics

🔧 Microsoft published the optional KB5064081 preview cumulative update for Windows 11 24H2, moving affected systems to build 26100.5074 and rolling out thirty-six new features and fixes. The update standardizes CPU reporting in Task Manager so the Processes tab now uses the same calculation as Performance and Users: (Δ Process CPU Time) ÷ (Δ Elapsed Time × Logical Processors), making metrics consistent and aligning them with third‑party monitors. Users who want the legacy view can enable an optional CPU Utility column in the Details tab. The release also bundles UI, File Explorer, Taskbar, Windows Hello, backup, and numerous bug fixes, while Microsoft lists two known issues (CertEnroll errors and NDI streaming lag).

Network Visibility for Generative AI Data Protection

🔍 Generative AI platforms such as ChatGPT, Gemini, Copilot, and Claude create new data‑exfiltration risks that can evade traditional endpoint and channel DLP products. Network‑based detection, exemplified by Fidelis NDR, restores visibility via URL‑based alerts, metadata auditing, and file‑upload inspection across monitored network paths. Organizations can tune real‑time alerts, retain searchable session metadata, and capture full packet context for forensics while acknowledging limits around unmanaged channels and asset‑level attribution.

CSO Guide to Top Security Conferences for 2025 and Dates

📅 CSO's editors compile a curated calendar of leading and niche cybersecurity conferences worldwide, spanning September 2025 through April 2026. The list identifies event names, dates and locations, and notes in-person, virtual and hybrid formats as well as events run by CSO’s parent company, Foundry. Use this guide to prioritize training, vendor demos and networking opportunities tailored to your region and role.

Microsoft Fixes Bug Causing Certificate Enrollment Errors

🔧 Microsoft has addressed a known issue that produced false CertificateServicesClient (CertEnroll) error events after the July 2025 non-security preview (KB5062660) and subsequent Windows 11 24H2 updates. The events referenced the Microsoft Pluton Cryptographic Provider not being loaded but were benign and caused by a partially integrated feature still under development. The fix is rolling out automatically and requires no user action.

Nine Common Mistakes That Can Cost CISOs Their Jobs

🔒 This article outlines nine critical errors that can cost CISOs their positions, based on input from several industry leaders. It highlights risks such as overconfidence, unnecessary complexity, weak Governance, Risk & Compliance programs, and poor alignment with business priorities. The piece stresses practical prevention: prioritize access control and identity management, address the human factor, shrink stale data, break down silos, and avoid complacency to reduce breach risk and maintain executive trust.