AWS Upgrades, Critical SunPower ICS Flaw, and Salesforce OAuth Theft

AWS Transform for VMware Adds IP Range Flexibility

🔁 AWS Transform for VMware now supports VPC CIDR range modifications to prevent IP conflicts during migrations. The service automatically updates all associated resources — including subnets, security groups, routing tables, and target instances — when you change VPC CIDRs. You can preserve source IPs, apply adjusted addresses aligned to new VPC CIDRs, or choose DHCP-based assignment. Agentic AI automation speeds discovery, planning, and migration workflows and the feature is available in additional regions including US East (Ohio), Europe (Stockholm), and Europe (Ireland).

Amazon Bedrock Now Available in Asia Pacific Jakarta

🚀 Amazon announced the general availability of Amazon Bedrock in the Asia Pacific Jakarta region, enabling customers to build and scale generative AI applications closer to end users. The fully managed service exposes a selection of high-performing foundation models via a single API and includes capabilities such as Guardrails and Model customization. These features are designed to help organizations incorporate security, privacy, and responsible AI into production workflows while accelerating development and deployment.

SunPower PVS6 Hard-Coded Credentials Vulnerability

🔒 CISA warns of a high-severity vulnerability in SunPower PVS6 inverters (CVE-2025-9696) caused by hard-coded credentials in the Bluetooth Low Energy (BLE) interface. An attacker within Bluetooth range can exploit published protocol details and fixed encryption parameters to gain full device access, and CISA reports a CVSS v4 base score of 9.4. Successful exploitation could allow firmware replacement, disabling power production, modifying grid or firewall settings, creating SSH tunnels, and manipulating attached devices. SunPower did not respond to coordination; CISA advises minimizing network exposure, isolating control systems, using secure remote access methods such as up-to-date VPNs, and applying targeted intrusion detection and ICS best practices.

HexStrike-AI Enables Rapid Zero-Day Exploitation at Scale

⚠️ HexStrike-AI is a newly released framework that acts as an orchestration “brain,” directing more than 150 specialized AI agents to autonomously scan, exploit, and persist inside targets. Within hours of release, dark‑web chatter showed threat actors attempting to weaponize it against recent zero‑day CVEs, dropping webshells enabling unauthenticated remote code execution. Although the targeted vulnerabilities are complex and typically require advanced skills, operators claim HexStrike-AI can reduce exploitation time from days to under 10 minutes, potentially lowering the barrier for less skilled attackers.

Cloudflare Hit by Data Breach in Salesloft Drift Attack

🔒 Cloudflare disclosed attackers accessed a Salesforce instance used for internal customer case management in a broader Salesloft Drift supply‑chain breach, exposing 104 Cloudflare API tokens and the text contents of support case objects. Cloudflare was notified on August 23, rotated all exfiltrated platform-issued tokens, and began notifying impacted customers on September 2. The company said only text fields were stolen — subject lines, case bodies and contact details — but warned customers that any credentials shared via support tickets should be considered compromised and rotated immediately.

Cloudflare Response to Salesloft Drift Salesforce Breach

🔒 Cloudflare confirmed that it and some customers were impacted by the Salesloft/Drift breach which exposed Salesforce support case text. The company found 104 Cloudflare API tokens in the exfiltrated data, rotated them, and observed no suspicious activity tied to those tokens. No Cloudflare infrastructure was compromised; affected customers were notified and advised to rotate any credentials shared in support tickets and to harden third-party integrations.

Palo Alto Networks Salesforce Breach Exposes Customer Data

🔒 Palo Alto Networks confirmed a Salesforce data breach after attackers abused OAuth tokens stolen in the Salesloft Drift supply-chain incident to access its CRM. The intruders exfiltrated business contact, account records and support Case data, which in some instances contained sensitive IT details and passwords. Palo Alto says products and services were not affected, tokens were revoked, and credentials rotated.

Hackers Breach Fintech Firm in Attempted $130M Pix Heist

🔐 Evertec disclosed that hackers breached its Brazilian subsidiary Sinqia S.A.'s environment on the Central Bank real-time payment system Pix on August 29, 2025, and attempted unauthorized transactions totaling up to $130 million. Sinqia halted Pix transaction processing and retained external cybersecurity forensics experts to investigate and contain the incident. The Central Bank revoked Sinqia’s Pix access while recovery efforts continue and part of the funds has been recovered; Evertec reports no evidence of exposed personal data and attributes the intrusion to stolen credentials from an IT vendor account.

Cloudflare Blocks Record 11.5 Tbps UDP Flood DDoS Attack

🛡️ Cloudflare says it blocked the largest recorded volumetric DDoS attack, peaking at 11.5 Tbps. The UDP flood, which Cloudflare attributes mainly to traffic originating from Google Cloud, lasted roughly 35 seconds and was part of a broader surge of hyper‑volumetric events. The mitigation highlights Cloudflare's automated scaling and defensive capabilities against short, extremely high‑bandwidth assaults.

Drift–Salesforce OAuth Attack: Rethink SaaS Security

🔒 A sophisticated adversary exploited legitimate OAuth tokens issued to Salesloft's Drift chatbot integration with Salesforce, using the connection to silently exfiltrate customer data between August 8–18, 2025, according to Google Threat Intelligence Group. The campaign, attributed to UNC6395, leveraged trust in third-party integrations and service-to-service tokens to maintain covert access. Organizations should reassess OAuth governance, entitlement controls, and logging for SaaS integrations to reduce exposure.

Palo Alto Networks Salesforce Breach Exposes Support Data

🔒 Palo Alto Networks confirmed a Salesforce CRM breach after attackers used compromised OAuth tokens from the Salesloft Drift incident to access its instance. The intrusion was limited to Salesforce and exposed business contacts, account records and portions of support cases; technical attachments were not accessed. The company quickly disabled the app, revoked tokens and said Unit 42 found no impact to products or services.

Salesloft–Drift OAuth Abuse Targets Salesforce Data

⚠️ Unit 42 observed a campaign that abused the Salesloft Drift integration using compromised OAuth credentials to access and exfiltrate data from customer Salesforce instances. The actor performed large-scale extraction of objects including Account, Contact, Case and Opportunity records and scanned harvested data for credentials. Salesloft revoked tokens and notified affected customers; organizations should immediately review logs, rotate exposed credentials and hunt for the provided IoCs.

Silver Fox Abuses Signed WatchDog Driver to Disable AV

🚨 Check Point attributes a BYOVD campaign to the Silver Fox actor that leverages a Microsoft-signed WatchDog kernel driver (amsdk.sys v1.0.600) to neutralize endpoint defenses. The operation uses a dual-driver approach—an older Zemana-based driver on Windows 7 and the WatchDog driver on Windows 10/11—to terminate processes and escalate privileges. An all-in-one loader bundles anti-analysis checks, embedded drivers, AV-killer logic, and a ValleyRAT downloader to establish persistent remote access.

ICE Reinstates Contract with Paragon Spyware Vendor

🔁 ICE has reinstated a $2m contract with Israeli-founded vendor Paragon Solutions, now owned by US private equity, enabling delivery of hardware and perpetual license software to the agency. The agreement, originally signed on 27 September 2024 and suspended after a White House review on 8 October 2024, was cleared to resume work on 30 August. Paragon has been linked to the Graphite spyware used against European journalists and implicated in Italian government investigations, raising procurement and national security concerns.

Jaguar Land Rover Cyber Incident Disrupts Sales & Production

🔒 JLR has disclosed a cyber incident that has severely disrupted global sales and production. The company said it proactively shut down systems and is working to restart applications in a controlled manner. At this stage there is no evidence customer data has been stolen, but retail and manufacturing activities remain affected. Tata Motors disclosed related "global IT issues" to investors.

Zscaler Says Salesforce Data Exposed via Drift OAuth

🔒 Zscaler has disclosed that OAuth tokens tied to the third-party Salesloft Drift application were stolen, allowing an attacker to access its Salesforce instance. The company said exposed data included business contact details, job titles, phone numbers, regional information, product licensing and some plain-text support case content, but not attachments or images. Zscaler revoked the app's access, rotated API tokens, implemented additional safeguards and urged customers to remain vigilant for phishing and social-engineering attempts.

How Bribery at a Vendor Led to Coinbase Extortion Incident

🔒 In early May 2025 Coinbase disclosed that attackers had extorted the company after bribing employees at an outsourced support provider in India to acquire customer and internal data. The theft affected roughly 1% of monthly active users — about 70,000 people — and exposed information useful for social engineering, though no private keys or wallet credentials were taken. Coinbase refused a $20 million ransom, posted a matching bounty, pledged customer reimbursement, flagged suspect blockchain addresses, dismissed implicated vendor staff, and ended the vendor relationship.

Secure AI at Machine Speed: Full-Stack Enterprise Defense

🔒 CrowdStrike explains how widespread AI adoption expands the enterprise attack surface, exposing models, data pipelines, APIs, and autonomous agents to new adversary techniques. The post argues that legacy controls and fragmented tooling are insufficient and advocates for real-time, full‑stack protections. The Falcon platform is presented as a unified solution offering telemetry, lifecycle protection, GenAI-aware data loss prevention, and agent governance to detect, prevent, and remediate AI-related threats.

Lazarus Group Expands Cross-Platform RATs Against DeFi

🔍 Researchers link a social engineering campaign to the North Korea–linked Lazarus Group that distributed three cross-platform RATs — PondRAT, ThemeForestRAT, and RemotePE — against a decentralized finance (DeFi) organization. Fox-IT observed the actors impersonating an employee on Telegram and using fake Calendly/Picktime pages to arrange meetings and gain a foothold via a loader named PerfhLoader. The intrusion delivered multiple tools (screenshotter, keylogger, credential stealers, Mimikatz, proxy programs) and saw an operational progression from the primitive PondRAT to the in-memory ThemeForestRAT, culminating in the more advanced RemotePE for high-value access.

Malicious npm Package Masquerades as Nodemailer Library

⚠️ A malicious npm package named nodejs-smtp impersonating the popular nodemailer library was discovered to both send mail and inject malware into Electron-based desktop cryptocurrency wallets. When imported, it unpacked and tampered with Atomic Wallet on Windows, replacing vendor files and repackaging the app to silently redirect transactions to attacker-controlled addresses. Socket's researchers prompted npm to remove the package and suspend the account.

Pennsylvania AG Office Confirms Ransomware Caused Outage

🔒 The Office of the Pennsylvania Attorney General confirmed a ransomware attack is behind a two-week service outage that has taken its public website offline and disrupted email and phone systems. Attorney General David W. Sunday Jr. said the office refused to pay the extortionists and that an active investigation with other agencies is ongoing. Partial recovery of email and phones has allowed staff to work via alternate channels while courts issue filing extensions. No group has claimed responsibility and the office has not yet confirmed any data exfiltration.

CISA Adds Two Vulnerabilities to KEV Catalog (Sept 2025)

⚠️ CISA added two vulnerabilities to the Known Exploited Vulnerabilities (KEV) Catalog: CVE-2020-24363 affecting the TP-Link TL-WA855RE (missing authentication for a critical function) and CVE-2025-55177 affecting Meta Platforms' WhatsApp (incorrect authorization). These entries reflect evidence of active exploitation and significant risk to federal networks. Under BOD 22-01, FCEB agencies must remediate listed KEVs by the specified due dates. CISA urges all organizations to prioritize timely remediation.

Palo Alto Networks Response to Salesloft/Drift Breach

🔐 Palo Alto Networks confirmed last week that a breach of Salesloft’s Drift third‑party application allowed unauthorized access to customer Salesforce data, affecting hundreds of organizations including Palo Alto Networks. We immediately disconnected the vendor integration from our Salesforce environment and directed Unit 42 to lead a comprehensive investigation. The investigation found the incident was isolated to our CRM platform; no Palo Alto Networks products or services were impacted, and exposed data primarily included business contact information, internal sales account records and basic case data. We are proactively contacting a limited set of customers who may have had more sensitive data exposed and have made support available through our customer support channels.

Ukrainian AS FDN3 Linked to Massive Brute-Force Attacks

🔒 Intrinsec reports that Ukraine-based autonomous system FDN3 (AS211736) conducted widespread brute-force and password-spraying campaigns targeting SSL VPN and RDP endpoints between June and July 2025, with activity peaking July 6–8. The firm links FDN3 to two other Ukrainian ASes (AS61432, AS210950) and a Seychelles operator (AS210848) that frequently exchange IPv4 prefixes to evade blocklisting. Intrinsec highlights ties to bulletproof hosting providers and a Russian-associated Alex Host LLC, stressing that offshore peering arrangements complicate attribution and takedown efforts.

Jaguar Land Rover Cyberattack Severely Disrupts Production

🔒 Jaguar Land Rover (JLR) said a cyberattack forced the company to proactively shut down multiple systems to mitigate impact. The incident, reported over the weekend, has severely disrupted retail and production operations, including systems at the Solihull plant. JLR stated there is no evidence that customer data was stolen and is working to restart global applications in a controlled manner.

Ransomware Gang Targets AWO Karlsruhe-Land, Demands €200K

🔒 The AWO Karlsruhe-Land reported a cyberattack on 27 August that briefly caused a full outage of its central IT; affected systems were isolated and external IT specialists were engaged. An extortion letter demanding €200,000 allegedly came from the Lynx ransomware group, linked by local reporting to the Russian milieu. Central services were largely restored within a day, investigations with data protection authorities and the Landeskriminalamt continue, and the organisation says the compromised server held employees' employment contracts, prompting stepped-up security measures and staff briefings.

MystRodX Backdoor Uses DNS and ICMP for Stealthy Control

🛡️ QiAnXin XLab warns of a stealthy backdoor named MystRodX (aka ChronosRAT) that leverages layered encryption and flexible network options to hinder detection. The C++ implant supports file management, port forwarding, reverse shells and socket control, and can run actively or as a passive "wake-up" backdoor triggered by crafted DNS queries or ICMP payloads. A multi-stage dropper with anti-debug and VM checks decrypts components and an AES-encrypted configuration that contains C2 endpoints, ports and the backdoor mode.

Malicious npm Package Mimics Nodemailer, Targets Wallets

🛡️ Researchers found a malicious npm package named nodejs-smtp that impersonated the nodemailer mailer to avoid detection and entice installs. On import the module uses Electron tooling to unpack an app.asar, replace a vendor bundle with a payload, repackage the application, and erase traces to inject a clipper into Windows desktop wallets. The backdoor redirects BTC, ETH, USDT, XRP and SOL transactions to attacker-controlled addresses while retaining legitimate mailer functionality as a cover.

Azure AD Client Credentials Exposed in Public appsettings

🔒 Resecurity’s HUNTER Team discovered that ClientId and ClientSecret values were inadvertently left in a publicly accessible appsettings.json file, exposing Azure AD credentials. These secrets permit direct authentication against Microsoft’s OAuth 2.0 endpoints and could allow attackers to impersonate trusted applications and access Microsoft 365 data. The exposed credentials could be harvested by automated bots or targeted adversaries. Organizations are advised to remove hardcoded secrets, rotate compromised credentials immediately, restrict public access to configuration files and adopt centralized secrets management such as Azure Key Vault.

Amazon RDS for Oracle SE2 Now in Thailand and Mexico

🔔 Amazon RDS for Oracle now offers Oracle Database Standard Edition 2 (SE2) License Included R7i and M7i instances in Asia Pacific (Thailand) and Mexico (Central) regions. These License Included instances let customers run Oracle databases without separate license purchases or support fees; instances can be launched via the AWS Management Console, AWS CLI, or SDKs. Review AWS blog guidance and RDS for Oracle pricing for regional availability and cost details.

AWS Control Tower Adds IPv6 Support Across Regions

🌐 AWS Control Tower and the Control Catalog APIs now accept IPv6 addresses through dual‑stack public endpoints, enabling connections over IPv6, IPv4, or both. The existing IPv4-only endpoints remain available for backwards compatibility. Support is available in all Regions where Control Tower and Control Catalog are offered, helping reduce overlapping address space in Amazon VPCs as IPv6 adoption grows. Customers should consult AWS guidance and the IPv6 on AWS whitepaper for configuration and best practices.

AWS Split Cost Allocation Adds GPU and Accelerator Cost Tracking

🔍 Split Cost Allocation Data now supports accelerator-based workloads running in Amazon Elastic Kubernetes Service (EKS), allowing customers to track costs for Trainium, Inferentia, NVIDIA and AMD GPUs alongside CPU and memory. Cost details are included in the AWS Cost and Usage Report (including CUR 2.0) and can be visualized using the Containers Cost Allocation dashboard in Amazon QuickSight or queried with Amazon Athena. New customers can enable the feature in the Billing and Cost Management console; it is automatically enabled for existing Split Cost Allocation Data customers.

NCSC and AISI Back Public Disclosure for AI Safeguards

🔍 The NCSC and the AI Security Institute have broadly welcomed public, bug-bounty style disclosure programs to help identify and remediate AI safeguard bypass threats. They said initiatives from vendors such as OpenAI and Anthropic could mirror traditional vulnerability disclosure to encourage responsible reporting and cross-industry collaboration. The agencies cautioned that programs require clear scope, strong foundational security, prior internal reviews and sufficient triage resources, and that disclosure alone will not guarantee model safety.

AWS Transform Adds Detached Storage Assessment and TCO

🔍 AWS has expanded AWS Transform assessment to analyze on‑premises detached storage infrastructures, including SAN, NAS, file servers, object stores and virtual environments. The new capability maps existing storage to AWS targets such as Amazon S3, Amazon EBS and Amazon FSx, and delivers a comparative Total Cost of Ownership (TCO) analysis. It also provides performance and cost optimization recommendations for compute and storage workloads, noting storage can represent up to 45% of migration opportunities. The assessment is available in US East (N. Virginia) and Europe (Frankfurt).

AWS Direct Connect Adds 100G and MACsec Expansion in Lagos

🔒 AWS expanded 10 Gbps and 100 Gbps Direct Connect dedicated links with MACsec encryption at the Rack Centre LGS1 data center near Lagos, Nigeria. From this location, customers can now establish private, direct network access to all public AWS Regions (except China), AWS GovCloud Regions, and AWS Local Zones. Direct Connect provides a private, physical network connection that delivers a more consistent experience than the public internet. AWS directs customers to its Direct Connect product pages, locations list, and getting-started guidance for purchasing and deployment.

CISA Releases Four ICS Advisories on September 2, 2025

🛡️ CISA released four Industrial Control Systems (ICS) advisories on September 2, 2025, detailing vulnerabilities and recommended mitigations for Delta Electronics EIP Builder, Fuji Electric FRENIC-Loader 4, SunPower PVS6, and an update to Hitachi Energy Relion 670/650 and SAM600-IO Series. Each advisory includes technical analysis, affected versions, and practical guidance to reduce exploitation risk. Administrators and asset owners are urged to review the notices, prioritize affected systems, and apply vendor-recommended mitigations promptly.

Amazon Neptune Integrates with Zep for Long-Term Memory

🧠 Amazon Web Services announced integration of Amazon Neptune with Zep, an open-source memory server for LLM applications, enabling persistent long-term memory and contextual history. Developers can use Neptune Database or Neptune Analytics as the graph store and Amazon OpenSearch as the text-search layer within Zep’s memory system. The integration enables graph-powered retrieval, multi-hop reasoning, and hybrid search across graph, vector, and keyword modalities, simplifying the creation of personalized, context-aware LLM agents.

Manage Access to AWS Regions and Local Zones from Console

🔒 Today, AWS announced the ability to manage access to AWS Regions and AWS Local Zones from a single location in the AWS Management Console. The new AWS Global View Regions and Zones page lets customers view infrastructure location details, opt-in status, and parent Region relationships across multiple Regions. This centralizes monitoring and access control and is available in all AWS commercial Regions.

Amazon Connect: Manual Assignment for Tasks, Email, Chat

📥 Agents can now manually prioritize and assign the next important task, email, or chat in their queue within Amazon Connect, enabling frontline staff to claim related customer work discovered during calls and resolve issues immediately. Supervisors and managers enable manual assignment by updating agent configuration in routing and security profiles. Agents then use the new worklist application in their agent workspace to claim items. This capability is available in all commercial regions.

AWS Direct Connect opens in Auckland via Spark MDR

🚀 AWS has opened a new Direct Connect location at the Spark Digital Mayoral Drive Exchange (MDR) near Auckland, New Zealand. The site offers dedicated 10 Gbps and 100 Gbps connections with MACsec encryption available and enables private, physical network links from customer datacenters, offices, or colocation facilities. Customers can establish private access to all public AWS Regions (except China), AWS GovCloud Regions, and AWS Local Zones from this point, delivering a more consistent network experience than the public internet.

AWS releases open-source, scenario-focused CLI scripts

🔧 AWS has published an open-source collection of scenario-focused AWS CLI scripts and tutorials that demonstrate end-to-end shell workflows across more than 60 AWS services. Each example is tested and includes patterns for error handling, resource tracking, and automated cleanup to reduce mistakes and resource leakage. The project also provides guidance to generate and contribute new scripts using generative AI tools like the Amazon Q Developer CLI, enabling an iterative test-and-improve workflow that can produce working scripts rapidly for well-documented use cases.

Fuji Electric FRENIC-Loader 4 Deserialization Vulnerability

⚠️ Fuji Electric's FRENIC-Loader 4 (versions prior to 1.4.0.1) contains a deserialization of untrusted data vulnerability (CVE-2025-9365) that can allow arbitrary code execution when a crafted file is imported. CISA assigns a CVSS v4 base score of 8.4 and reports the issue has low attack complexity but is not remotely exploitable. Researcher kimiya, working with Trend Micro ZDI, reported the flaw. Fuji Electric advises updating to v1.4.0.1 and CISA recommends network segmentation, minimizing exposure, using up-to-date VPNs, and performing impact analysis.

Agentic AI: Emerging Security Challenges for CISOs

🔒 Agentic AI is poised to transform workflows like software development, customer support, RPA, and employee assistance, but its autonomy raises new cybersecurity risks for CISOs. A 2024 Cisco Talos report and industry experts warn these systems can act without human oversight, chain benign actions into harmful sequences, or learn to evade detection. Lack of visibility fosters shadow AI, and third-party integrations and multi-agent setups widen supply-chain and data-exfiltration exposures. Organizations should adopt observability, governance, and secure-by-design practices before scaling agentic deployments.

Delta EIP Builder XXE Vulnerability (CVE-2025-57704)

🔒 Delta Electronics' EIP Builder (versions 1.11 and earlier) contains an XML External Entity (XXE, CWE-611) vulnerability tracked as CVE-2025-57704 with a CVSS v4 base score of 6.7 and low attack complexity. The flaw can allow processing of malicious external entities and potential disclosure of sensitive information; exploitation requires local access and user interaction. Delta has released v1.12 to address the issue, and CISA recommends applying the update and following ICS defensive practices.

Amazon Bedrock Simplifies Cache Management for Claude

⚡Amazon Bedrock updated prompt caching for Anthropic’s Claude models—Claude 3.5 Haiku, Claude 3.7, and Claude 4—to simplify cache management. Developers now set a single cache breakpoint at the end of a request and the system automatically reads the longest previously cached prefix, removing manual segment selection and reducing integration complexity. By excluding cache read tokens from TPM quotas, this change can free up token capacity and lower costs for multi-turn workflows. The capability is available today in all regions offering these Claude models; enable caching in your Bedrock model invocations and refer to the Bedrock Developer Guide for details.

88% of CISOs Struggle to Implement Zero Trust Programs

🔒 An Accenture report finds 88% of security leaders face significant challenges implementing zero trust. Respondents point to varying definitions, broad deployment scope across on-prem, cloud, IoT and legacy systems, poor visibility into data flows and device/user state, and resistance from business units. Experts recommend phased, use-case-driven rollouts and strong executive sponsorship, while noting meaningful programs can take years and may never be fully complete.

Amazon CloudWatch Synthetics Adds Firefox Browser Tests

🔍 Amazon CloudWatch Synthetics now supports Firefox in addition to Chrome, enabling cross-browser canary tests. You can run the same canary script across Chrome and Firefox for Playwright-based and Puppeteer-based canaries. CloudWatch Synthetics collects browser-specific performance metrics, success rates, and visual monitoring while maintaining an aggregate health view to help teams detect and resolve browser compatibility issues. Multi-browser support is available in all commercial AWS Regions.

AWS Resource Explorer Arrives in Asia Pacific (Taipei)

🔎 AWS Resource Explorer is now available in the Asia Pacific (Taipei) AWS Region. With AWS Resource Explorer you can search and discover resources across AWS Regions and accounts using the console, the AWS CLI, the AWS SDKs, or the Management Console's unified search bar. Enable the feature via the AWS Resource Explorer console and follow the product documentation to configure indexing and permissions. This expansion improves operational visibility, asset inventorying, and governance for resources hosted in Taipei.

AWS Deadline Cloud automates job output downloads at scale

🔁 The AWS Deadline Cloud client now includes a command to automatically download outputs for completed jobs from a specified queue. The command detects output files that Deadline Cloud has stored in Amazon S3 and restores them to the local paths defined during job creation. It can be scheduled with cron or Task Scheduler to run periodically, enabling unattended retrieval for final review and delivery.

Shadow AI Discovery: Visibility, Governance, and Risk

🔍 Employees are driving AI adoption from the ground up, often using unsanctioned tools and personal accounts that bypass corporate controls. Harmonic Security found that 45.4% of sensitive AI interactions come from personal email, underscoring a growing Shadow AI Economy. Rather than broad blocking, security and governance teams should prioritize continuous discovery and an AI asset inventory to apply role- and data-sensitive controls that protect sensitive workflows while enabling productivity.

The AI Fix Ep. 66: AI Mishaps, Breakthroughs and Safety

🧠 In episode 66 of The AI Fix, hosts Graham Cluley and Mark Stockley walk listeners through a rapid-fire roundup of recent AI developments, from a ChatGPT prompt that produced an inaccurate anatomy diagram to a controversial Stanford sushi hackathon. They cover a Google Gemini bug that generated self-deprecating responses, criticisms that gave DeepSeek poor marks on existential-risk mitigation, and a debunked pregnancy-robot story. The episode also celebrates a genuine scientific advance: a team of AI agents that designed novel COVID-19 nanobodies, and considers how unusual collaborations and growing safety work could change the broader AI risk landscape.

SASE Summit 2025 — Convergence without Compromise, Global

🔒 Fortinet’s 4th Annual SASE Summit (NAMER: Sept 16, 2025; EMEA/LATAM/APAC: Sept 18, 2025) centers on the theme Convergence without Compromise, arguing that robust security and top performance can be delivered together through a unified, AI-driven platform. The event features Gartner VP Analyst Jonathan Forest and Fortinet leaders Nirav Shah and Jordan Thompson, along with customer case studies from Tepper Sports & Entertainment and Funke Mediengruppe. Attendees will receive practical guidance on adopting a consolidated SASE approach that embeds zero trust, AI-enabled controls, and end-to-end visibility to reduce complexity, cut costs, and better protect hybrid workforces and cloud environments.

Understanding Cookie Types and How to Protect Them

🔒 This article explains how web cookies work, their classifications, and why session IDs are particularly valuable to attackers. It outlines common attack methods — including session sniffing over HTTP, cross‑site scripting (XSS), cross‑site request forgery (CSRF), and predictable session IDs — and describes specialized tracking like supercookies and evercookies. Practical advice for users and developers covers HTTPS, browser updates, cookie management, two‑factor authentication, cautious use of public Wi‑Fi, and preferring essential cookies only.

Google Refutes Claims of Mass Gmail Password Alert

🔔 Google has disputed reports that it issued a blanket warning asking 2.5 billion Gmail users to reset passwords following a recent breach that allegedly affected some Workspace accounts. In a Monday blog post the company called those headlines false and emphasized that Gmail's protections block over 99.9% of phishing and malware. Google advised users to enable two-step verification and adopt passkeys, and it criticized the spread of unverified claims by media and security vendors.

CISA Names Nicholas Andersen Executive Cybersecurity Director

🔔 CISA announced the appointment of Nicholas Andersen as Executive Assistant Director for Cybersecurity, naming him to lead efforts to address major cyber threats and bolster critical infrastructure resilience. Andersen brings extensive public- and private-sector experience, including senior roles at Invictus and Lumen Technologies Public Sector, and prior service at the Department of Energy. He began at CISA on September 2, 2025; Chris Butera will assume the role of Acting Deputy Executive Assistant Director.

Certified Cloud Security Professional (CCSP) Overview

☁️ The Certified Cloud Security Professional (CCSP) is a cloud-focused security certification from ISC2 for experienced professionals responsible for designing, managing, and securing cloud data, applications, and infrastructure. The exam was updated effective August 1, 2024 to 125 questions over three hours and maps to six CBK domains. Candidates must meet work-experience and endorsement requirements and maintain the credential via annual fees and continuing education.

Meet the Next Generation of Unit 42 Threat Intelligence

🔍 Unit 42 highlights two threat intelligence interns, Sakthi Vinayak and Gabrielle Calderon, who completed a 12-week program contributing to practical research and automation projects. Sakthi concentrated on mechanizing data ingestion, implementing a fidelity scoring framework, and building dashboards to surface trends and gaps in the knowledge repository. Gabrielle focused on malware ticket analysis and developing an automation tool to identify malware families and extract indicators of compromise. Both interns credited Unit 42’s collaborative mentorship and cross-team exposure for accelerating their technical growth and real-world impact.

CISSP Certification: Requirements, Exam, Training, Cost

🛡️ The CISSP is an advanced cybersecurity certification from ISC2 that validates a professional's ability to design, implement, and manage enterprise security programs. Candidates typically need five years of relevant work experience or may apply as an Associate of ISC2 while gaining experience, and must pass a rigorous exam covering eight domains. Exam registration costs US$749 and certified holders pay an annual maintenance fee; official and third-party training options are widely available, and CISSP holders often see improved job prospects and higher salaries.

Agent Development Kit Hackathon: Winners and Highlights

🚀 The Agent Development Kit (ADK) Hackathon concluded with more than 10,400 participants from 62 countries, 477 submitted projects, and 1,500+ agents built. The competition emphasized multi-agent orchestration for automation, data analysis, customer service, and content generation, awarding SalesShortcut the Grand Prize. Regional winners included Energy Agent AI, Edu.AI, GreenOps, and Nexora-AI, and organizers pointed participants to ADK documentation and developer forums while announcing an upcoming GKE hackathon with over $50,000 in prizes.

1965 Cryptanalysis Training Workbook Released by NSA

🧾 The NSA has declassified a September 1965 training workbook, Cryptanalytic Diagnosis with the Aid of a Computer, compiling 147 printouts from the diagnostic program Stethoscope. Run on the special-purpose Bogart computer, the listings show statistical outputs—frequency tables, index of coincidence, periodicity tests, and n-gram analyses—used to train analysts to infer language and cipher type without seeing plaintext. The document also notes the related tool Rob Roy and reflects an era when computers automated manual analytic work.