Cloud Resilience, ICS Flaws, and VM Escape Risks

Resilient Networking with Google Cloud Network Connectivity

🛡️ Google Cloud's Network Connectivity Center provides a centralized, hub-and-spoke model to simplify and scale enterprise connectivity across VPCs, on-premises data centers, and other clouds. Architected with distinct management, control, and data planes, it employs a fail-static design so existing traffic continues during control-plane issues. The service supports up to 250 VPC spokes per hub and reduces operational overhead by automating full-mesh connectivity.

Amazon ECS adds Amazon Q Developer task definition AI

🤖 Amazon ECS now offers generative AI assistance from Amazon Q Developer to streamline task definition creation and updates in the AWS Management Console. Developers can use an inline chat to generate, explain, or refactor task definition JSON, inject suggestions at any point, and accept or reject proposed edits. Inline suggestions are enhanced to let Amazon Q Developer autocomplete whole blocks of sample code in addition to property-based hints. The capability is available where Amazon Q Developer is offered and can be enabled or disabled via the console code editor settings or controlled with IAM permissions.

Falcon Complete Hub Unifies MDR Visibility and Action

🛡️ Falcon Complete Hub delivers a unified interface inside the Falcon platform that consolidates Falcon Complete Next‑Gen MDR activities, escalations and expert guidance into a single operational view. It prioritizes critical actions, provides step‑by‑step remediation links and centralizes subscription status, announcements and knowledge resources to reduce decision latency. Backed by a 37‑minute mean time to respond and a four‑minute mean time to detect, the Hub converts MDR visibility into clear operational tasks and faster response.

Google Pixel 10 Adds C2PA Support for Media Provenance

📸 Google has added support for the C2PA Content Credentials standard to the Pixel Camera and Google Photos apps on the new Pixel 10, enabling tamper-evident provenance metadata for images, video, and audio. The Pixel Camera app achieved Assurance Level 2 in the C2PA Conformance Program, the highest mobile rating currently defined. Google says a combination of the Tensor G5, Titan M2 and Android hardware-backed features provides on-device signing keys, anonymous attestation, unique per-image certificates, and an offline time-stamping authority so provenance is verifiable, privacy-preserving, and usable even when the device is offline.

Daikin Security Gateway: Weak Password Recovery Flaw

🔓 CISA published an advisory describing an authorization bypass in Daikin Security Gateway devices that abuses a weak password recovery mechanism. The vulnerability, tracked as CVE-2025-10127, is remotely exploitable with low complexity and carries a CVSS v4 score of 8.8; public proof‑of‑concept code exists. Daikin has indicated it will not issue a vendor-wide patch and will handle customer inquiries directly; CISA recommends isolating affected devices, placing them behind firewalls, and using secure, up-to-date VPNs or other hardened remote access controls.

Chinese APT Uses Fileless 'EggStreme' Against Military Firm

🔒 Bitdefender tracked a Chinese APT intrusion that used a novel, fileless framework dubbed EggStreme to compromise a Philippines-based military contractor. The multi-stage toolkit injects code directly into memory, leverages DLL sideloading and abuses legitimate Windows services for persistence, and delivers a gRPC-enabled backdoor, EggStremeAgent, with extensive reconnaissance and exfiltration capabilities. Bitdefender advises limiting use of high-risk binaries and deploying advanced detection and response to detect living-off-the-land operations and anomalous behavior.

Siemens SIVaaS Network Share: Authentication Flaw (Critical)

⚠️A critical vulnerability (CVE-2025-40804) affects Siemens SIMATIC Virtualization as a Service (SIVaaS), exposing a network share without authentication and allowing remote actors to access or modify sensitive data. Calculated scores are CVSS v4 9.3 and CVSS v3.1 9.1 with low attack complexity. Siemens advises contacting Technical Support; CISA recommends isolating control systems, minimizing internet exposure, and using layered defenses.

Siemens UMC: Remote Code Execution and Denial-of-Service

🔐 Siemens has disclosed multiple vulnerabilities in the integrated User Management Component (UMC) that could allow unauthenticated remote attackers to execute arbitrary code or cause denial-of-service. A stack-based buffer overflow (CVE-2025-40795) and several out-of-bounds read issues (CVE-2025-40796–40798) are reported, with CVSS v4 scores up to 9.3. Siemens recommends updating UMC to V2.15.1.3 or later and, where feasible, blocking TCP ports 4002 and 4004; Siemens notes no fixes are planned for SIMATIC PCS neo V4.1 and V5.0.

VMScape: Spectre-like VM-to-host data leak on CPUs

🔓 Researchers at ETH Zurich disclosed VMScape, a Spectre-like speculative-execution attack that lets a malicious VM extract secrets from an unmodified QEMU hypervisor running on many modern AMD and some Intel CPUs. The exploit abuses shared branch-prediction structures and a FLUSH+RELOAD side channel to induce speculative disclosure. It works without host compromise and bypasses default mitigations; vendors and Linux developers released advisories and kernel patches to mitigate the issue.

Wyden Urges FTC Probe of Microsoft After Ascension Hack

🛡️ US Senator Ron Wyden has asked the Federal Trade Commission to investigate Microsoft following the 2024 ransomware attack on healthcare operator Ascension, which exposed data for 5.6 million patients after a contractor clicked a malicious Bing search result. Wyden says default Microsoft settings and support for the outdated RC4 standard enabled a Kerberoasting technique that granted administrative access. He notes Microsoft was warned in July 2024 and posted a blog in October announcing a planned update, but nearly a year later no update has been issued nor direct customer outreach made. The letter frames Microsoft’s control over default configurations as a systemic national security risk.

Senator Wyden Urges FTC Probe of Microsoft Ransomware Lapses

🔍 Senator Ron Wyden has asked the Federal Trade Commission to investigate Microsoft for what he describes as "gross cybersecurity negligence" that he says facilitated ransomware attacks on U.S. critical infrastructure, including healthcare. Wyden's four-page letter to FTC Chair Andrew Ferguson cites the 2024 Ascension breach attributed to Black Basta and details an attack chain that began when a contractor clicked a malicious link after using Microsoft's Bing search. The senator highlights exploitation of insecure default Kerberos settings and legacy RC4 support enabling Kerberoasting, and criticizes Microsoft for not enforcing stronger defaults and minimum password requirements while noting the company's published mitigations and planned deprecations.

CISA Adds One Vulnerability to KEV Catalog (2025-09-11)

🔔 CISA added CVE-2025-5086 — a Dassault Systèmes DELMIA Apriso deserialization of untrusted data vulnerability — to its Known Exploited Vulnerabilities (KEV) Catalog on September 11, 2025, based on evidence of active exploitation. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV-listed issues by required due dates. CISA urges all organizations to prioritize timely remediation as part of vulnerability management and will continue updating the catalog with vulnerabilities that meet its criteria.

Siemens IEM-OS DoS Vulnerability (CVE-2025-48976) Advisory

⚠️ Siemens Industrial Edge Management OS (IEM-OS) contains an allocation-of-resources vulnerability in Apache Commons FileUpload that can be triggered remotely to cause a denial-of-service condition. The issue is tracked as CVE-2025-48976 with a CVSS v4 base score of 8.7 and a CVSS v3.1 vector indicating an availability-only impact. Siemens reports all IEM-OS versions affected and recommends migrating to IEM-V, limiting access to trusted systems, and following Siemens' operational security guidance. CISA reiterates minimizing network exposure, using network segmentation and firewalls, and employing secure remote access methods.

Akira Exploits SonicWall SSL VPN Flaw and LDAP Settings

🔒 Rapid7 and SonicWall report a surge in intrusions tied to the Akira ransomware group exploiting a year-old SSL VPN vulnerability, CVE-2024-40766 (CVSS 9.3), and LDAP misconfigurations that retained local passwords during migrations. Attackers are brute-forcing credentials, abusing SonicWall's Virtual Office defaults to enable mMFA/TOTP, and using loaders like Bumblebee to deploy AdaptixC2 and persistent tools. SonicWall urges rotating local accounts, enabling Botnet Filtering and Account Lockout, enforcing MFA, restricting Virtual Office access, and reviewing LDAP default groups.

Ukrainian Suspect Added to Europe's Most Wanted List

🔎 Volodymyr Tymoshchuk, a 28-year-old Ukrainian, has been placed on Europe’s most wanted list over alleged involvement in widespread LockerGoga, MegaCortex and Nefilim ransomware campaigns targeting hundreds of firms between 2018 and 2020. Europol and international partners tied him to high-profile incidents including the 2019 Norsk Hydro attack, which caused major operational disruption. The US has unsealed charges and an $11m reward is being offered for information leading to his arrest or conviction.

Apple warns customers targeted by recent spyware attacks

🔔 Apple warned customers that their accounts were targeted in a series of mercenary spyware attacks, according to France's CERT‑FR. Notifications were issued on March 5, April 29, June 25 and September 3 and appear at the top of account.apple.com and via the email or phone linked to users' Apple IDs. The alerts indicate highly sophisticated campaigns often using zero‑day and zero‑click techniques, meaning at least one device tied to the account may be compromised. Apple recommends enabling Lockdown Mode and seeking rapid-response assistance through Access Now.

Akira Ransomware Reuses Critical SonicWall SSLVPN Bug

🔒 The Akira ransomware gang is actively exploiting CVE-2024-40766 to target unpatched SonicWall SSL VPN endpoints and gain unauthorized network access. SonicWall released a patch in August 2024 and warned that exposed credentials could allow attackers to configure MFA or TOTP and bypass protections. Administrators should apply the vendor update, rotate local SSLVPN passwords, enforce MFA, mitigate Default Group risks, and restrict Virtual Office Portal access.

Fileless Malware Uses Legitimate Tools to Deploy AsyncRAT

🔍 Researchers uncovered a sophisticated fileless campaign that executes malicious code entirely in memory to deliver AsyncRAT. The attack began via a compromised ScreenConnect client and a VBScript that used WScript and PowerShell to download two payload blobs saved to C:\Users\Public\, which were never written as executables but loaded into memory via reflection. A .NET launcher (Obfuscator.dll) was used to orchestrate persistence, disable security logging and load the RAT, which exfiltrates credentials, browser artifacts and keystrokes.

Malicious Browser Extensions Target Meta Advertisers

🔒 Researchers disclosed two coordinated campaigns that distribute fake browser extensions via malvertising and counterfeit sites to steal credentials, session tokens, and hijack Meta business accounts. Bitdefender documented ads pushing a fake "Meta Verified" add‑on named SocialMetrics Pro that harvests Facebook session cookies and exfiltrates them to a Telegram bot while also querying ipinfo[.]io for IP data. Cybereason described a separate campaign using counterfeit sites promoting a bogus Madgicx Plus platform and multiple rogue Chrome extensions that request broad site access, capture Google identity data, then pivot to Facebook to facilitate account takeover.

Senator Wyden Urges FTC Probe of Microsoft's Security

🚨 U.S. Senator Ron Wyden requested that the FTC investigate Microsoft for what he describes as “gross cybersecurity negligence” after product weaknesses tied to Kerberos and legacy RC4 usage contributed to ransomware incidents, including the May 2024 Ascension Health breach that exposed data for 5.6 million patients. Wyden says his office alerted Microsoft in July 2024 and urged setting stronger ciphers like AES as defaults; he criticized an October Microsoft blog as too technical to warn corporate decision-makers. Microsoft replied that RC4 accounts for under 0.1% of traffic, that full removal risks breaking legacy systems, and that deprecation is on its roadmap.

Microsoft adds malicious link warnings to Teams chats

🔔 Microsoft Teams will display warnings on private messages that contain URLs flagged as spam, phishing, or malware for customers using Microsoft Defender for Office 365 and enterprise Teams. The feature enters public preview for desktop, Android, web, and iOS in September 2025 and is slated for general availability in November 2025. Admins can enable the preview via the Teams Admin Center messaging settings; warnings will be enabled by default at GA and can be managed through the Teams Admin Center or PowerShell.

Prompt Injection via Macros Emerges as New AI Threat

🛡️ Enterprises now face attackers embedding malicious prompts in document macros and hidden metadata to manipulate generative AI systems that parse files. Researchers and vendors have identified exploits — including EchoLeak and CurXecute — and a June 2025 Skynet proof-of-concept that target AI-powered parsers and malware scanners. Experts urge layered defenses such as deep file inspection, content disarm and reconstruction (CDR), sandboxing, input sanitization, and strict model guardrails to prevent AI-driven misclassification or data exposure.

Microsoft Probes Exchange Online Outage in North America

⚠️ Microsoft is investigating an ongoing Exchange Online outage across North America that is preventing users from accessing mailboxes via any Exchange Online connection method. Customers have reported issues for more than six hours on DownDetector, with sign-in and server connection failures affecting Teams, Outlook, and Hotmail. Microsoft says it is reviewing telemetry and applying changes to optimize affected mailbox infrastructure while the root cause is still under investigation.

Stark Industries Rebrands to Evade EU Sanctions, Persists

🔁 In May 2025 the EU sanctioned Moldova-based PQ Hosting and its owners, the Neculiti brothers, for alleged links to Kremlin hybrid warfare. Recorded Future and KrebsOnSecurity reporting show Stark Industries quickly rebranded to the[.]hosting under Dutch WorkTitans BV on 24 June 2025 while key address space and assets moved to PQ Hosting Plus S.R.L. Netherlands-based MIRhosting appears to host and manage the new entities, suggesting the sanctions achieved little lasting disruption.

AsyncRAT Delivery via ConnectWise ScreenConnect Abuse

⚠️ Cybersecurity researchers disclosed a campaign that abuses ConnectWise ScreenConnect remote sessions to deliver a fileless loader which ultimately executes the AsyncRAT remote-access trojan. Attackers use hands-on-keyboard activity to run a layered VBScript and PowerShell chain that loads obfuscated .NET assemblies and spawns AsyncClient.exe. Persistence is maintained via a scheduled task disguised as "Skype Updater," and stolen credentials, keystrokes, and wallet artifacts are exfiltrated to a DuckDNS command-and-control host.

Senator Wyden Urges FTC Probe into Microsoft's Security

🚨 Senator Ron Wyden has asked the FTC to investigate Microsoft for what he calls "gross cybersecurity negligence," arguing insecure defaults enabled widespread ransomware attacks. He cites the February 2024 Ascension Health breach that exposed 5.6 million patient records and describes how a single click enabled lateral movement via Kerberoasting and lingering RC4 support. Wyden criticizes Microsoft for building a >$20 billion security business of add-on protections while leaving core products vulnerable and says promised fixes and plain-language guidance were inadequate. The letter warns this pattern poses national-security and industry-wide risks.

Three French Regional Healthcare Agencies Hit by Attack

🔒 Three French regional healthcare agencies (ARS) have reported similar cyber-attacks that exposed patients’ personal data held on regional systems. Preliminary investigations, announced on September 8, indicate attackers gained access by impersonating healthcare professionals and used those accounts to reach GRADeS-managed services such as Normand'e-Santé. Reported exposed PII includes full names, ages, phone numbers and email addresses, while the agencies say no clinical health records appear to have been compromised. Compromised accounts were disabled, additional protections deployed, potentially affected patients will be notified and incidents have been reported to CNIL.

Panama Finance Ministry Reports Possible Ransomware Breach

🔒 The Panama Ministry of Economy and Finance (MEF) says a workstation may have been infected with malicious software; established security protocols were activated immediately and the incident has been contained. The ministry asserted that central systems and platforms remain unaffected, and that personal and institutional data are protected while preventive measures were reinforced. However, the INC Ransom group added MEF to its leak site on September 5, claiming to have stolen more than 1.5 TB of emails, financial records and budgeting files; MEF had not responded to requests for comment by publication.

Cryptominer targets exposed Docker APIs, installs backdoors

🔒 Akamai researchers reported a June–August 2025 variant that no longer drops a cryptominer but instead leverages exposed Docker APIs to gain persistent host access. The campaign launches lightweight containers that mount the host filesystem and fetch Base64-encoded scripts over Tor to install tools such as curl and tor. Once inside, the malware appends SSH keys, creates cron jobs, and attempts to modify firewall rules to deny others access to port 2375. Akamai also observed dormant logic to probe Telnet and Chrome remote debugging (9222), suggesting future botnet expansion.

Siemens SIMOTION Tools Privilege Escalation Advisory

🛡️ Siemens reports a local privilege escalation vulnerability affecting SIMOTION Tools installers that use an affected NSIS setup component. The flaw (CWE-754) in Nullsoft Scriptable Install System (NSIS) before 3.11 can allow an unprivileged user to gain SYSTEM privileges during installation by exploiting a race condition. The issue is tracked as CVE-2025-43715 with a CVSS v3.1 base score of 8.1. No vendor fix is available yet; Siemens and CISA offer mitigations and hardening guidance.

Google Cloud Professional SecOps Engineer Certification

🔐 Google Cloud has launched the Professional Security Operations Engineer (PSOE) certification to validate hands‑on skills for detecting, investigating, and responding to cloud threats. The exam focuses on practical use of Google Security Operations, Security Command Center, and threat intelligence across domains such as detection engineering, incident response, and threat hunting. Google recommends candidates have ~three years in security with at least one year of Google Cloud security tooling experience, and provides online training, hands‑on labs, and an official exam guide to prepare.

AWS CloudWatch OAM Adds VPC Endpoints for Private Traffic

🔒 AWS now offers VPC endpoints for Amazon CloudWatch Observability Access Manager (OAM), enabling private, in-region connectivity between your VPCs and CloudWatch OAM without traversing the public internet. The endpoints support both IPv4 and IPv6 and leverage AWS PrivateLink controls such as security groups and VPC endpoint policies. Available in all commercial regions, AWS GovCloud (US), and China Regions, this lets teams manage cross-account observability links and sinks from VPCs that have no internet access.

Amazon Athena adds SSO support for JDBC and ODBC drivers

🔐 Amazon Athena now supports single sign-on for its JDBC and ODBC drivers using AWS IAM Identity Center’s trusted identity propagation. With updated drivers (JDBC 3.6.0 and ODBC 2.0.5.0), analysts can connect from third‑party BI tools and SQL clients using corporate credentials while Lake Formation permissions are enforced and actions are logged. This removes the need for embedded credentials, simplifies identity‑based data governance, and streamlines access management across tools.

CISA Publishes Strategic Roadmap for the CVE Program

🔒 CISA has published a strategic focus document, “CVE Quality for a Cyber Secure Future,” signaling federal support for the Common Vulnerabilities and Exposures (CVE) program and a shift from a growth-focused expansion to a defined Quality Era. The agency reaffirmed that the program should remain public and vendor‑neutral while evaluating potential mechanisms for diversified funding and taking a more active leadership role. The roadmap prioritizes automation, strengthened CNA services and CNAs of Last Resort, expanded API support, improved CVE.org capabilities, minimum data-quality standards and federated enrichment approaches such as Vulnrichment.

CISA Issues Eleven Industrial Control Systems Advisories

🔔 CISA released eleven Industrial Control Systems (ICS) advisories on September 11, 2025, offering timely technical details about vulnerabilities, exploits, and mitigations. The advisories span multiple vendors and product families, including Siemens (SIMOTION Tools, SIMATIC SIVaaS, SINAMICS, SINEC OS, Industrial Edge, UMC, Apogee PXC/Talon TC), Schneider Electric (EcoStruxure, Modicon M340 variants), and Daikin (Security Gateway). Administrators and asset owners are urged to review the advisories, apply vendor patches or recommended mitigations, and strengthen segmentation and monitoring to reduce operational risk.

Siemens SINAMICS Drives Privilege Management Vulnerability

🔒 Siemens SINAMICS drive firmware contains an Improper Privilege Management vulnerability (CVE-2025-40594) that can allow local network users to escalate privileges and perform a factory reset without required rights. A CVSS v3.1 base score of 6.3 and a CVSS v4 base score of 6.9 were calculated. Siemens provides updates for S210 and G220 (V6.4 HF2); S200 V6.4 currently has no fix. CISA and Siemens recommend minimizing network exposure, isolating control networks, and using secure remote access methods.

Schneider Electric Modicon M340: Files Accessible Issue

🔒 Schneider Electric disclosed a Files or Directories Accessible to External Parties vulnerability affecting Modicon M340 devices and the BMXNOE0100/BMXNOE0110 Ethernet modules that could allow remote actors to remove files, block firmware updates, and disrupt the device webserver. The issue is tracked as CVE-2024-5056 with a CVSS v4 base score of 6.9. Schneider released firmware fixes for BMXNOE0100 (SV3.60) and BMXNOE0110 (SV6.80) and recommends immediate mitigations including network segmentation, disabling FTP when not required, and configuring Access Control Lists per the device manual. CISA also advises isolating control networks, minimizing internet exposure, and using VPNs for remote access.

Siemens Apogee PXC/Talon TC Sensitive Data Exposure

🔒 Siemens reported a vulnerability in Apogee PXC and Talon TC devices that allows unauthorized actors to download device database files via BACnet. Affected devices permit unauthenticated access to encrypted .db files that can contain passwords; the issue is tracked as CVE-2025-40757 with a CVSS v4 base score of 6.3. Siemens and CISA recommend changing default passwords, hardening network access, and isolating control networks. Exploitation is remotely feasible with low complexity; no public exploitation has been reported to CISA.

LNER Supply-Chain Breach Exposes Customer Contact Data

🔒 LNER has disclosed that an unauthorized third party accessed customer contact details and historical journey information via a compromised third-party supplier. No bank, payment card or password information was affected, the operator said, but warned that the data could be used in follow-on attacks. Security professionals advised customers to be cautious of unsolicited communications and recommended organisations strengthen third‑party data controls and identity protections.

Managed Service for Prometheus: Collector Logs GA Now

🔍The Amazon Managed Service for Prometheus collector — an agentless, fully managed Prometheus metrics collector — now vends logs to Amazon CloudWatch Logs, improving visibility into target discovery, authentication, scraping, and ingestion. These logs surface details such as timeouts, remote-write failures, and other errors to aid troubleshooting. The feature is generally available in all regions where the service is offered; review CloudWatch logs pricing and the collector monitoring user guide to get started.

AWS Adds LocalStack Integration to VS Code Toolkit Extension

🧰 AWS has added a LocalStack integration for Visual Studio Code that enables developers to test and debug serverless applications locally from the IDE. The integration connects VS Code to a LocalStack-emulated environment without manual port configuration or code changes, exposing emulated services such as AWS Lambda, Amazon SQS, Amazon API Gateway, and DynamoDB. Available through the AWS Toolkit for VS Code (v3.74.0+), a guided walkthrough installs the LocalStack CLI, creates a LocalStack profile, and lets developers switch profiles and deploy to the LocalStack environment at no additional AWS cost.

States Target Businesses Over Global Privacy Control Signals

🔔 The California Privacy Protection Agency and the attorneys general of California, Colorado and Connecticut announced a coordinated enforcement sweep targeting businesses that fail to detect or honor Global Privacy Control (GPC) opt-out signals. Regulators will contact firms believed not to be processing consumers’ opt-out requests and urge immediate remediation. Legal advisers recommend technical steps — from reliable GPC signal recognition to consent management platform integration, routine testing and monitoring, and clear privacy notice updates — to reduce enforcement risk.

AI-Powered Browsers: Security and Privacy Risks in 2026

🔒 An AI-integrated browser embeds large multimodal models into standard web browsers, allowing agents to view pages and perform actions—opening links, filling forms, downloading files—directly on a user’s device. This enables faster, context-aware automation and access to subscription or blocked content, but raises substantial privacy and security risks, including data exfiltration, prompt-injection and malware delivery. Users should demand features like per-site AI controls, choice of local models, explicit confirmation for sensitive actions, and OS-level file restrictions, though no browser currently implements all these protections.

Global Cyber Threats August 2025: Agriculture Hit Hard

🚨In August 2025 organizations worldwide faced an average of nearly 2,000 cyber attacks per week, a small 1% decline from July but a notable 10% increase year‑over‑year. The agricultural sector was hit particularly hard, recording a 101% rise in incidents compared with August 2024. While overall attack volume shows tentative stabilization, the shifting distribution of threats across industries, regions and attack vectors underscores the urgent need for targeted defenses, stronger risk management and improved incident readiness.

Beaches and Breaches: Shifts in Supply Chain and Identity

🌊 Returning from vacation, the author notes headlines shifted away from AI and ransomware toward breaches tied to compromised OAuth tokens and integrations like Salesloft/Drift. The piece emphasizes two converging trends: supply chain risk that now includes datapaths where information is processed, and identity attacks that increasingly target interconnected applications. It highlights Cisco Talos’ CTI-CMM as a practical maturity framework to assess gaps, prioritize investments, and build a roadmap for continuous improvement.

How Cybercriminals Bypass Logins Using Stolen Credentials

🔐 Cybercriminals increasingly target corporate credentials, authentication tokens and session cookies to bypass MFA and impersonate legitimate users. Stolen credentials accounted for a large share of recent breaches and estimates indicate billions of credentials were exposed in 2024. Organizations can reduce risk with Zero Trust, robust MFA, realistic training and continuous behavioral monitoring to detect suspicious sessions.

Amazon EventBridge API Destinations Reach Melbourne Thailand

🔔 Amazon EventBridge now provides its API destinations capability in the AWS Asia Pacific (Melbourne) and AWS Asia Pacific (Thailand) Regions. API destinations allow event buses to invoke HTTPS endpoints as rule targets and support flexible authentication methods such as API key and OAuth, while storing credentials securely in AWS Secrets Manager. This expansion reduces call latency for local workloads and simplifies secure, managed integrations. To get started, consult the EventBridge documentation for configuration guidance.

Schneider Electric EcoStruxure Vulnerabilities and Fixes

⚠️ CISA published an advisory on two vulnerabilities in Schneider Electric EcoStruxure products that could enable a denial-of-service condition and the exposure of sensitive credentials. The issues are tracked as CVE-2025-8449 (uncontrolled resource consumption) and CVE-2025-8448 (sensitive information exposure). Affected Enterprise Server and Workstation versions should be updated to the fixed releases (for example 7.0.2.348, 6.0.4.10001 (CP8), 5.0.3.17009 (CP16)). If patches cannot be applied immediately, implement strong access controls, network segmentation, MFA where available, and continuous monitoring.

Managed SOCs: Practical Path to Stronger IT Security

🔒 Companies face rapidly evolving threats and tightening regulation, and many — especially SMEs — lack the staff and budget to build an effective in‑house Security Operations Center. A Managed SOC delivers continuous 24/7 monitoring, rapid deployment and specialized analysts without the multi‑million euro investment or hiring of 10–20 experts. Choose providers with proven detection and response experience, recognized certifications such as ISO 27001, strong data protection practices and a focus on integrating existing tools. Internal readiness — defined escalation paths, fast decision-making and employee awareness — remains essential for any managed service to be effective.

Open-Source OT Security: Cost-Effective Industrial Defense

🔒 Open-source tools can provide a cost-effective, flexible foundation for operational technology (OT) security in industrial environments. By combining passive asset discovery, protocol-aware inspection, IDS/IPS, centralized logging and vulnerability management, organizations can approximate many capabilities of expensive commercial offerings. Recommended components include Malcolm (with Zeek), Security Onion, ELK, Wazuh and OpenVAS, augmented by asset sources like NetBox. Successful deployment requires experienced OT/IT teams or external consultants to configure, tune and maintain the stack, and is not a plug-and-play substitute for vendor support.

Human-centered cybersecurity rises in CISO priorities

🔐 The role of the CISO is shifting from technical expert to manager of people and systems, making a human-centered approach essential to reduce the most significant cyber risks. Rather than repeating awareness campaigns, CISOs should design practical, scenario-based training, align security with corporate values, and foster a supportive security culture. Technology and policy must enable good behavior, while deliberate, minimal friction creates effective learning moments. A mature Human Risk Management program uses assessment, segmentation, targeted interventions and continuous feedback to deliver measurable risk reductions.

Siemens RUGGEDCOM RST2428P: Security Advisory and Mitigations

🛡️ CISA republished information from Siemens ProductCERT regarding two vulnerabilities affecting the RUGGEDCOM RST2428P (6GK6242-6PA00). The issues — uncontrolled resource consumption (CVE-2025-40802) and exposure of sensitive information (CVE-2025-40803) — are exploitable from an adjacent network and have low CVSS scores (v3.1=3.1; v4=2.3). Siemens recommends firewalling UDP discovery ports and following industrial security guidance; CISA advises minimizing network exposure and isolating control networks.

Three-Part Framework to Measure AI Value and Impact

🚀 This Cloud blog post from Google Cloud Consulting presents a practical three-part framework to quantify the business value of AI initiatives. It asks teams to define success across four value-driver categories, transparently specify Total Cost of Ownership (TCO), and state an explicit ROI. A worked example — an e-commerce customer-service chatbot — shows quantified monthly benefits versus estimated managed-service costs, demonstrating rapid payback and sustained positive cash flow.

Browser Extension Management: Enterprise Buyer's Guide

🔒 Browser extensions present a significant, often unmonitored enterprise risk: they can run privileged code, inject scripts into web apps, access cookies and local storage, and persist via background processes. Keep Aware offers a Buyer’s Guide to Browser Extension Management that outlines these technical attack surfaces and illustrates how to reduce exposure. The guide compares common controls — GPO/MDM, EDR, enterprise browsers — with purpose-built browser security extensions to show trade-offs between visibility, enforcement, and user experience.

Translating Cyber Risk for Boards: CISOs' Essentials

🔐 Security leaders often struggle to show boards how cyber risk affects revenue, governance and growth. The sponsored course Risk Reporting to the Board for Modern CISOs was created to teach practical skills for framing risk in business terms: concise dashboards, high-impact presentations, and building financial and strategic business cases. It also introduces Continuous Threat Exposure Management as a forward-looking reporting model.