AI Controls Advance As Edge Exploits Hit ASA and GoAnywhere

The Dawn of the Agentic SOC: Reimagining Security Now

🔐 At Fal.Con 2025, CrowdStrike CEO George Kurtz outlined a shift from reactive SOCs to an agentic model where intelligent agents reason, decide, act, and learn across domains. CrowdStrike introduced seven AI agents within its Charlotte framework for exposure prioritization, malware analysis, hunting, search, correlation rules, data transformation and workflow generation, and is enabling customers to build custom agents. The company highlights a proprietary "data moat" of trillions of telemetry events and annotated MDR threat data as the foundation for training agents, and announced the acquisition of Pangea to protect AI agents and launch AIDR (AI Detection and Response). The vision places humans as orchestrators overseeing fleets of agents, accelerating detection and response while preserving accountability.

Okta Launches Identity Security Fabric for AI Agents

🔒 Okta introduced an Identity Security Fabric to secure AI agents and unify identity, application, and agent management across enterprises. The platform combines AI agent lifecycle management, a Cross App Access protocol, and Verifiable Digital Credentials (VDC) to enforce least privilege, discover and monitor agents, and replace fragmented point solutions. Early access features begin in fiscal 2027.

Active Exploitation of Fortra GoAnywhere CVE-2025-10035

🔴 watchTowr Labs reports credible evidence that the critical unsafe deserialization flaw CVE-2025-10035 in Fortra GoAnywhere MFT was exploited in the wild as early as Sept 10, 2025, a week before public disclosure. The License Servlet vulnerability can permit unauthenticated command injection, earning a CVSS 10.0 rating. Fortra has released fixes (GoAnywhere 7.8.4 and Sustain 7.6.3); affected organizations should apply updates immediately and investigate for signs of compromise.

Code Mode: Using MCP with Generated TypeScript APIs

🧩 Cloudflare introduces Code Mode, a new approach that converts Model Context Protocol (MCP) tool schemas into a generated TypeScript API so LLMs write code instead of emitting synthetic tool-call tokens. This lets models leverage broad exposure to real-world TypeScript, improving correctness when selecting and composing many or complex tools. Code Mode executes the generated code inside fast, sandboxed Cloudflare Workers isolates that expose only typed bindings to authorized MCP servers, preserving MCP's uniform authorization and discovery while reducing token overhead and orchestration latency.

September 2025 Zero-Day Exploits Impact Cisco ASA/FTD

⚠️ Cisco reported active exploitation of multiple zero-day vulnerabilities in ASA and FTD software by a state-sponsored actor tracked as ArcaneDoor. Two CVEs (CVE-2025-20333 and CVE-2025-20362) are being exploited in the wild and a third (CVE-2025-20363) is at high risk for imminent exploitation. Cisco released updates on Sep. 25, 2025, and CISA issued Emergency Directive 25-03; organizations should prioritize immediate patching or apply vendor mitigations when updates are not yet possible.

U.S. Investors to Take Over and Restructure TikTok Operations

🔐 President Trump has signed an executive order approving a plan to separate TikTok’s U.S. operations from Chinese owner ByteDance, enabling a new U.S.-based joint venture to manage the service domestically. The agreement covers TikTok and related apps such as Lemon8 and CapCut and limits ByteDance to under 20% ownership. Oracle and other American investors will control algorithms, data storage, and content moderation while security partners monitor code and data flows.

Cloudflare AI Index: Site-Controlled Discovery and Monetization

🔍 Cloudflare is launching a private beta of AI Index, a per-domain, AI‑optimized search index that site owners control and can monetize via Pay per crawl and x402 integrations. The service automatically builds and maintains indexes and exposes standardized APIs — an MCP server, LLMs.txt, a search API, bulk transfer endpoints, and pub/sub subscriptions for real-time updates. It integrates with AI Crawl Control so owners can set access rules or opt out entirely.

Planning and Running an AWS Security Hub POC Guide

🔒 This post explains how to plan and implement an AWS Security Hub proof of concept (POC) to evaluate unified cloud security operations. It outlines steps to define success criteria, configure integrations with GuardDuty, Amazon Inspector, Macie, and Security Hub CSPM, and to prepare, enable, and validate the deployment. The guidance recommends using overlapping trial periods, adopting the OCSF standard for normalized findings, and leveraging automation and ticketing integrations to measure operational impact.

Cloudflare FL2: Rust Rewrite Cuts Latency and Boosts CDN

🚀 Cloudflare announced FL2, a complete reimplementation of its FL request-processing layer using Rust and the Oxy framework. FL2 adopts strict modular phases, eliminates cross-language overhead, and supports graceful restarts with systemd socket activation and the Rust-based shellflip coordinator. Internal and third-party tests show FL2 reduces median response times by ~10 ms and delivers a ~25% performance improvement; staged rollouts, automated testing, and fallbacks to FL1 enabled safe incremental migration.

Cloudflare launches Observatory and Smart Shield tools

🚀 Cloudflare today launched Observatory (open beta) and Smart Shield, integrated tools that combine real-user monitoring, synthetic testing, backend telemetry and prescriptive remediation to help teams measure and improve web performance and resiliency. Observatory centralizes RUM-focused Core Web Vitals, synthetic browser and network tests, error and cache telemetry, and delivers Smart Suggestions to pinpoint root causes and recommended fixes. Smart Shield offers one-click origin protections — dynamic caching, connection reuse, health monitoring and dedicated egress options — to reduce origin load and validate improvements in real time; both features are available to all plans, including Free.

Amazon Neptune Analytics Launches in Mumbai Region

📍 Amazon Neptune Analytics is now available in the Asia Pacific (Mumbai) Region, enabling customers to create and manage analytics graphs locally. Neptune Analytics is a memory-optimized graph engine designed for fast, in-memory processing of large graph datasets, supporting optimized analytic algorithms, low-latency graph queries, and vector search within traversals. It complements Amazon Neptune Database, and you can load data from a Neptune Database, snapshots, or Amazon S3. To get started, create a new Neptune Analytics graph via the AWS Management Console or AWS CLI; see the Neptune pricing page for region and cost details.

AWS Compute Optimizer Adds Support for 99 EC2 Types

🔍Compute Optimizer now supports 99 additional Amazon EC2 instance types, including the latest Compute Optimized (C8gn, C8gd), General Purpose (M8i, M8i-flex, M8gd), Memory Optimized (R8i, R8i-flex, R8gd), and Storage Optimized (I8ge) families. This expansion helps customers identify additional savings and capture improved price-to-performance from newer instances without manual analysis. The update is available in all regions where Compute Optimizer operates except AWS GovCloud (US) and China, and can be accessed via Console, AWS CLI, or AWS SDK.

Cloudflare Uses Massive Data to Boost Global Network

⚡ Cloudflare is leveraging telemetry from its vast Free Plan and global edge to refine congestion control and improve routing across its network. By combining passive connection logs, Real User Measurement (RUM) and cross-network models, the team evaluates multiple algorithms beyond classic loss-based and BBR approaches. A migration to a Rust-based stack enables faster experimentation and parameter tuning; early QUIC tests show up to 10% performance gains. Cloudflare plans staged rollouts through 2026 and offers enterprise early access.

Cisco ASA Zero-Days Enable Bootkit and Loader Attacks

🛡️ The U.K. NCSC and Cisco confirmed active exploitation of recently disclosed vulnerabilities in Cisco Secure Firewall ASA devices that allowed deployment of previously undocumented malware families, notably RayInitiator and LINE VIPER. Cisco traced attacks beginning in May 2025 that targeted ASA 5500‑X appliances (running ASA 9.12/9.14 with VPN web services enabled), using multiple zero-day flaws to bypass authentication and execute code. Attackers employed a persistent GRUB bootkit, ROMMON modifications on non‑Secure Boot platforms, and extensive evasion techniques — disabling logging, intercepting CLI, and crashing devices — to maintain stealth and persistence. Organizations are urged to apply vendor fixes, migrate off end‑of‑support models, and monitor for indicators of compromise.

Mass Exposure of Indian Bank NACH Transfer PDFs Repository

🔓 UpGuard discovered a publicly accessible Amazon S3 bucket containing roughly 273,160 PDF documents formatted as NACH MANDATE records that documented bank transfers in India. The files exposed unredacted bank account numbers, transaction amounts and, in many cases, individuals’ names, phone numbers and email addresses. A 55K-file sample (~42 GB) showed 38 financial institutions represented, with AyeFin appearing in nearly 60% of sampled records. UpGuard notified AyeFin and NPCI, escalated to CERT‑IN when the bucket continued to grow, and verified the repository was secured on September 4.

ArcaneDoor Targets Cisco ASA Firewalls in New Campaign

🔒 Cisco has linked a renewed campaign exploiting Cisco ASA 5500-X devices to the espionage-focused ArcaneDoor threat actor. The operation leveraged zero-day flaws, notably CVE-2025-20333 and CVE-2025-20362, to implant malware, modify ROMMON for persistence and evade detection by disabling logging and intercepting CLI commands. Observed compromises affected older ASA models lacking Secure Boot/Trust Anchor protections; Cisco and national authorities urge immediate remediation. Temporary mitigations include disabling SSL/TLS VPN web services and IKEv2 client services while applying vendor fixes and conducting forensics.

MCP supply-chain attack via squatted Postmark connector

🔒 A malicious npm package, postmark-mcp, was weaponized to stealthily copy outgoing emails by inserting a hidden BCC in version 1.0.16. The package impersonated an MCP Postmark connector and forwarded every message to an attacker-controlled address, exposing password resets, invoices, and internal correspondence. The backdoor was a single line of code and remained available through regular downloads before the package was removed. Koi Security advises immediate removal, credential rotation, and audits of all MCP connectors.

Maximum-severity GoAnywhere MFT zero-day exploited

⚠️ Fortra's GoAnywhere MFT is being exploited in the wild via a deserialization flaw tracked as CVE-2025-10035 in the License Servlet, enabling unauthenticated remote command injection when attackers supply a forged license response signature. WatchTowr Labs reports credible evidence of exploitation dating back to September 10, 2025, prior to Fortra's advisory published on September 18. Administrators should apply patches to 7.8.4 or 7.6.3, remove public Admin Console exposure, and search logs for the error string 'SignedObject.getObject'.

Postmark MCP Connector Compromised via Malicious NPM

🔒 A malicious npm package named postmark-mcp was discovered inserting a hidden Bcc that forwarded copies of transactional emails to an attacker-controlled server. Koi Security identified the backdoor in version 1.0.16 after its risk engine flagged suspicious behavior, noting the package had been trusted across many prior releases. With roughly 1,500 weekly downloads, the single-line injection enabled broad exfiltration of password resets, invoices, and internal correspondence before the package was removed; Koi urges immediate removal, credential rotation, and audits of all MCP connectors.

Akira Bypasses MFA on SonicWall VPNs via Reused Logins

🔐Akira ransomware operators are successfully authenticating to SonicWall SSL VPN accounts even when one-time password (OTP) multi-factor authentication is enabled. Arctic Wolf links the logins to credentials and OTP seeds harvested via an improper access control flaw tracked as CVE-2024-40766, and notes attackers can reuse those secrets after devices are patched. Once inside, actors rapidly scan internal networks, harvest backup server credentials, and use techniques such as BYOVD to sideload vulnerable drivers and disable protections. Administrators are urged to install the latest SonicOS (recommended 7.3.0) and reset all SSL VPN credentials immediately.

JLR Begins Phased Restart After Major Cyber-Attack

🔁 JLR has begun a controlled, phased restart of digital and operational systems after the cyber-attack that halted production in early September. The company has increased IT processing capacity for invoicing and restored its financial wholesale system, allowing it to clear payment backlogs and resume sales and vehicle registrations. The Global Parts Logistics Centre is also returning to full operation as recovery work continues with support from the UK National Cyber Security Centre and law enforcement.

LockBit 5.0 Emerges as Most Dangerous Ransomware Variant

🔒 Trend Micro has identified a new LockBit variant, LockBit 5.0, which it calls significantly more dangerous than prior releases and has observed in the wild. The vendor confirmed Windows, Linux, and ESXi binaries featuring faster encryption, removal of infection markers, randomized 16-character extensions and enhanced evasion. The Windows build includes a cleaner affiliate UI with detailed execution options, while the ESXi variant represents a critical escalation by enabling encryption of multiple virtual machines from a single payload. Researchers note substantial code reuse from 4.0, suggesting an evolutionary update rather than a rebrand.

China-linked PlugX and Bookworm Target Asian Telecoms

🔍 Cisco Talos and Palo Alto Networks Unit 42 describe concurrent campaigns distributing a revised PlugX variant and the long‑running Bookworm RAT against telecommunications and manufacturing organizations across Central and South Asia and ASEAN countries. Talos found that the PlugX sample borrows RainyDay and Turian techniques — DLL side‑loading of a Mobile Popup Application, XOR‑RC4‑RtlDecompressBuffer payload processing and reuse of RC4 keys — and includes an embedded keylogger. Researchers note the PlugX configuration now mirrors RainyDay’s structure, suggesting links to Lotus Panda/Naikon or shared tooling, while Unit 42 highlights Bookworm’s modular leader/DLL architecture, UUID-encoded shellcode variants, and use of legitimate-looking C2 domains to blend with normal traffic.

Co-op Cyberattack Costs Group an Estimated £120 Million

🔒 In its latest half-year report the Co-operative Group said it expects to lose about £120 million in profits this financial year after a cyberattack forced temporary shutdowns of parts of its IT estate. The company reported that personal data for roughly 6.5 million members was stolen, prompting operational disruption across its supermarkets as well as its financial and funeral services. The identity of the attackers remains unclear and investigations are ongoing.

AWS Clean Rooms adds incremental ID mapping for sync

🔁 AWS Clean Rooms now supports incremental processing for rule-based ID mapping workflows using AWS Entity Resolution, enabling collaborators to populate ID mapping tables with only new, modified, or deleted records since the last analysis. This reduces the need for full-table reprocessing and enables near-real-time synchronization of matched identifiers across partners while preserving Clean Rooms’ privacy controls. Use cases include measurement providers keeping offline purchase data current with advertisers and publishers to enable always-on campaign measurement, lower costs, and maintain collaborator privacy.

Fake Microsoft Teams Installer Delivers Oyster Backdoor

⚠️ Blackpoint SOC observed a malvertising and SEO-poisoning campaign that directs searches for Teams downloads to a fake site at teams-install[.]top offering a malicious MSTeamsSetup.exe. The signed installer uses certificates from "4th State Oy" and "NRM NETWORK RISK MANAGEMENT INC" to appear legitimate, then drops CaptureService.dll into %APPDATA%\Roaming and creates a scheduled task CaptureService to run every 11 minutes. The payload installs the Oyster backdoor. Administrators should download software only from verified vendor domains and avoid clicking search ads.

Researchers Expose SVG and PureRAT Phishing Threats

📧 Fortinet FortiGuard Labs and other researchers detailed phishing campaigns that weaponize malicious SVG attachments to initiate downloads of password-protected ZIP archives and Compiled HTML Help (CHM) files. Those CHM files activate loader chains that deliver CountLoader as a distribution stage for Amatera Stealer and the stealthy .NET miner PureMiner, both run filelessly via .NET AOT and memory-loading techniques. Separately, Huntress attributes a Vietnamese-speaking operator using copyright-themed lures that escalate from PXA Stealer to the modular backdoor PureRAT.

SVG Phishing Targets Ukraine with Amatera Stealer, PureMiner

⚠️ FortiGuard Labs observed a targeted phishing campaign impersonating Ukrainian authorities that used malicious SVG attachments to initiate a fileless infection chain. The SVG redirected victims to a password-protected archive containing a CHM that executed a hidden HTA loader (CountLoader). The loader retrieved and ran in-memory payloads, deploying Amatera Stealer for data theft and PureMiner for cryptomining.

New COLDRIVER ClickFix Campaign Uses BAITSWITCH, SIMPLEFIX

🔍 Zscaler details a new COLDRIVER ClickFix campaign that deploys two lightweight families: BAITSWITCH, a DLL downloader, and SIMPLEFIX, a PowerShell backdoor. Victims are lured to execute a malicious DLL via a fake CAPTCHA; BAITSWITCH fetches SIMPLEFIX while presenting a Google Drive decoy. The chain stores encrypted payloads in the Windows Registry, uses a PowerShell stager, and clears the Run dialog to erase traces. Zscaler notes the campaign targets NGOs, human-rights defenders, think tanks, and exiles connected to Russia.

Qantas Docking CEO Pay Signals Cyber Accountability Shift

🔒 Qantas' board docked CEO Vanessa Hudson and other executives after a June 30 cyber incident that exposed the personally identifiable information of nearly 6 million passengers, deducting A$800,000 from bonuses and cutting annual payouts by 15 percentage points. The move is being compared to high-profile past actions, such as Yahoo's 2017 bonus denial. Security leaders say the decision reflects a broader trend of boards and regulators holding top executives personally and financially accountable for cybersecurity failures.

LockBit 5.0 Released: Faster ESXi Encryption, Evasion

🔒 LockBit 5.0 introduces faster ESXi drive encryption and enhanced evasion techniques, according to Trend Micro. The release includes Windows, Linux and VMware ESXi variants featuring heavy obfuscation, ETW patching, DLL reflection and hypervisor-targeted encryption designed to amplify impact. Researcher Jon DiMaggio describes the update as largely incremental fine-tuning and self-branding aimed at restoring affiliate trust after Operation Cronos.

Monitoring AS-SETs and Their Importance for BGP Operations

🔎 Cloudflare Radar now publishes public IRR AS-SET monitoring on each ASN routing page, enabling operators to inspect, filter, and export AS-SET memberships and inclusion trees. The feature surfaces inferred ASN, IRR sources, counts of AS and AS-SET members, AS cone sizes, and upstream relationships, and provides direct/indirect toggles for focused views. These capabilities help build accurate BGP route filters, detect misuse, and reduce the risk of route leaks by making AS-SET data easier to validate and share.

AWS WAF Bot, Fraud & DDoS Rule Group Expands Regions

🔒 AWS WAF's Targeted Bot Control, Fraud, and DDoS Prevention Rule Group are now available in Asia Pacific (Taipei), Asia Pacific (Bangkok), and Mexico (Central). These managed rule groups deliver detection and mitigations for sophisticated bots, application-layer DDoS, and account-takeover attacks at the web edge. Customers can deploy them to improve application resilience, reduce fraudulent activity, and limit resource consumption during attack campaigns.

Cloudflare Uses Global Performance Data to Reduce Congestion

🔍 Cloudflare explains how it leverages the world’s largest performance dataset, combining passive transport logs with Real User Measurement (RUM), to refine congestion control across its global network. Using a new Rust-based stack and experimentation framework, the company evaluates multiple algorithms (including BBR) to predict user experience from passive signals and validate with RUM. Early tests on free-tier QUIC traffic show roughly 10% average improvement versus the prior baseline, with staged rollouts and an early-access program planned for enterprises.

Interpol Operation Dismantles Large African Scam Rings

🛡️ Interpol-led Operation Contender 3.0 swept through 14 African countries between 28 July and 11 August 2025, targeting romance scams and sextortion networks and resulting in 260 arrests. Law enforcement, aided by private firms Group-IB and Trend Micro, seized 1,235 electronic devices and took down 81 cybercrime infrastructures. Investigations in Ghana, Senegal, Côte d’Ivoire and Angola identified 1,463 victims and estimated losses near $2.8 million.

How Scammers Use AI: Deepfakes, Phishing and Scams

⚠️ Generative AI is enabling scammers to produce highly convincing deepfakes, authentic-looking phishing sites, and automated voice bots that facilitate fraud and impersonation. Kaspersky explains how techniques such as AI-driven catfishing and “pig butchering” scale emotional manipulation, while browser AI agents and automated callers can inadvertently vouch for or even complete fraudulent transactions. The post recommends concrete defenses: verify contacts through separate channels, refuse to share codes or card numbers, request live verification during calls, limit AI agent permissions, and use reliable security tools with link‑checking.

Microsoft Edge to Revoke Malicious Sideloaded Extensions

🔒 Microsoft will add a security feature to Edge that detects and revokes malicious sideloaded extensions. The protection targets extensions installed via Developer Mode or other local sideloading methods that bypass the Microsoft Edge Add-ons vetting process. Microsoft plans a worldwide rollout in November for standard multi-tenant instances, aiming to reduce large-scale extension abuse and forced-install campaigns.

Amazon MSK Connect Expands to Five More AWS Regions

📢 Amazon has expanded MSK Connect availability to five additional AWS Regions: Asia Pacific (Thailand), Asia Pacific (Taipei), Mexico (Central), Canada West (Calgary), and Europe (Spain). MSK Connect provides fully managed Kafka Connect clusters to deploy, monitor, and scale connectors that move data between Apache Kafka/Amazon MSK and external systems without provisioning infrastructure. Connectors scale automatically and are compatible with Kafka Connect, supporting both MSK-managed and self-managed Kafka clusters. Customers can get started from the Amazon MSK console or the AWS CLI and pay only for the resources they use.

Radar: regional traffic views and Certificate Transparency

🌐 Cloudflare Radar now offers regional traffic insights and expanded Certificate Transparency data to provide more granular, localized visibility into Internet health and trust. Regional views break traffic down by first-order administrative divisions (ADM1), showing bytes, requests, device (mobile/desktop) and bot/human splits, and can be joined with ASN filters in the Data Explorer. The CT dashboard, built on prior Merkle Town work, surfaces certificate volumes, CA and log-level metrics, issuance trends, signature and key algorithm distributions, and richer domain certificate details accessible via the Radar UI and API.

Amazon RDS for Db2 Adds Reserved Instances, 47% Off

💰 Amazon RDS for Db2 now offers Reserved Instances with up to 47% cost savings versus On-Demand pricing. The offering is available for all supported instance types and supports both Bring Your Own License (BYOL) and Db2 licenses purchased through the AWS Marketplace. Reserved Instances include size flexibility so the discounted rate can automatically apply across sizes within the same instance family (for example, a db.r7i.2xlarge RI applying to two db.r7i.xlarge instances). Reserved Instances can be purchased via the AWS Management Console, AWS CLI, or AWS SDK; consult Amazon RDS for Db2 Pricing for details.

AWS EBS gp3 volumes scale to 64 TiB, 80k IOPS, 2,000 MiB/s

🔧 Amazon Elastic Block Store (EBS) gp3 volumes now support up to 64 TiB, 80,000 IOPS, and 2,000 MiB/s throughput — raising previous limits of 16 TiB, 16,000 IOPS, and 1,000 MiB/s. This change simplifies storage architectures by allowing consolidation of striped volumes into a single gp3 volume, reducing operational complexity for storage-intensive and containerized workloads that struggle with multi-volume striping. Pricing remains based on storage plus any additional provisioned IOPS and throughput; the new limits are available in all AWS Commercial and GovCloud (US) regions.

EU Opens Antitrust Probe into SAP ERP Support Practices

⚖️ The European Commission has launched a formal investigation into whether SAP engaged in anti-competitive conduct in aftermarket services for its on‑premise ERP software. The probe focuses on four practices: mandatory uniform support across products, blocking termination of unused licenses, extending non‑terminable initial support terms, and charging reinstatement fees equal to prior amounts. The Commission says these practices could limit competition from third‑party support providers and amount to unfair trading conditions. SAP says its policies follow industry standards and expects no significant financial impact.

New macOS XCSSET Variant Targets Browsers and Clipboard

🛡️ Microsoft Threat Intelligence reported a new macOS malware variant of XCSSET that introduces browser-targeting changes, clipboard hijacking, and additional persistence mechanisms. The update uses run-only compiled AppleScripts, enhanced obfuscation and encryption, and expands data theft to include Firefox. New modules implement clipper behavior and LaunchDaemon- and Git-based persistence. Users should inspect Xcode projects and avoid pasting sensitive clipboard content.

Microsoft Photos adds AI Auto-Categorization on Windows

🤖 Microsoft is testing a new AI-powered Auto-Categorization capability in Microsoft Photos on Windows 11, rolling out to Copilot+ PCs across all Windows Insider channels. The feature automatically groups images into predefined folders — screenshots, receipts, identity documents, and notes — using a language-agnostic model that recognizes document types regardless of image language. Users can locate categorized items via the left navigation pane or Search bar, manually reassign categories, and submit feedback to improve accuracy. Microsoft has not yet clarified whether image processing happens locally or is sent to its servers.

AppStream 2.0 Enables Local File Redirection on Fleets

📁 Amazon AppStream 2.0 now supports local file redirection on multi-session fleets, extending a feature previously available only on single-session instances. Users can drag and drop local files directly into streamed applications, reducing manual uploads and improving productivity while preserving controlled access to local resources. This capability is available at no additional cost in all regions and requires the latest AppStream 2.0 agent or managed image updates released on or after September 05, 2025.

Singapore Threatens Meta With Fines Over Facebook Scams

🛡️ The Singapore Police Force has issued an implementation directive under the Online Criminal Harms Act requiring Meta to implement enhanced facial recognition for Singapore users and to prioritise review of local scam reports by September 30. The Ministry of Home Affairs said Facebook was the primary platform for government impersonation scams between June 2024 and June 2025, and the SPF disrupted about 2,000 problematic ad schemes on Meta. If Meta fails to comply without a reasonable excuse it faces a S$1m fine and daily penalties after conviction.

Threat Modeling Your Digital Life Under Authoritarianism

🔒 The article argues that personal threat modeling must adapt as governments increasingly combine their extensive administrative records with corporate surveillance data. It details what kinds of government-held data exist, how firms augment those records, and the distinct dangers of targeted versus mass surveillance. Practical mitigations are discussed—encryption, scrubbing accounts, burner devices—and the piece stresses that every defensive choice is a trade-off tied to individual goals.

SpyCloud: Identity Blind Spots Raise Ransomware Risk

🔒 The SpyCloud 2025 Identity Threat Report exposes a gap between confidence and capability: 86% of security leaders say they can prevent identity-based attacks, yet 85% of organizations experienced ransomware in the past year, with over one-third hit six to ten times. A survey of 500+ security leaders in North America and the UK highlights identity sprawl across SaaS, unmanaged devices and third-party ecosystems. The report notes phishing, credential reuse and exposed sessions increasingly enable persistent access. It warns that most organizations lack automated remediation, repeatable workflows and formal investigation protocols.

Generative AI Infrastructure Faces Growing Cyber Risks

🛡️ A Gartner survey found 29% of security leaders reported generative AI applications in their organizations were targeted by cyberattacks over the past year, and 32% said prompt-structure vulnerabilities had been deliberately exploited. Chatbot assistants are singled out as particularly vulnerable to prompt-injection and hostile prompting. Additionally, 62% of companies experienced deepfake attacks, often combined with social engineering or automated techniques. Gartner recommends strengthening core controls and applying targeted measures for each new risk category rather than pursuing radical overhauls. The survey of 302 security leaders was conducted March–May 2025 across North America, EMEA and Asia‑Pacific.

Eliminating Cold Starts 2: Shard and Conquer Globally

🧊 Cloudflare describes a new Worker sharding technique that uses a consistent hash ring to route requests to existing Worker instances across a data center, reducing cold starts. The approach trades a sub-millisecond proxy hop for far fewer expensive cold starts, improving memory efficiency and latency. The system leverages Cap'n Proto RPC to implement optimistic forwarding, lazy capabilities, and seamless context transfer for nested Worker invocations.

Defending Against Credential Attacks with Hybrid Mesh

🔐 Credential-based attacks are at epidemic levels: the 2025 Verizon DBIR shows 22% of breaches begin with compromised credentials, and Check Point's External Risk Management saw leaked credential volumes rise 160% year‑over‑year. Attackers increasingly prefer to "log in" rather than "hack in," exploiting exposed passwords, tokens, API keys and OAuth abuse. The article recommends a hybrid mesh architecture that unifies identity, network, endpoint and cloud telemetry to apply context-aware, adaptive access controls, improved credential hygiene, and faster detection and response.

Crash Tests for Security: Why BAS Is Essential in 2025

🛡️Breach and Attack Simulation (BAS) acts as a crash test for enterprise security, simulating real adversary behavior to reveal gaps that dashboards and compliance reports often miss. The Blue Report 2025 — based on 160 million adversary simulations — documents falling prevention rates, widespread blind spots in logging and alerting, and near-total failure to stop data exfiltration. By turning posture into validated performance, BAS helps CISOs prioritize remediation, reduce MTTR, and produce auditable evidence of resilience for boards and regulators.

Hidden Cybersecurity Risks of Deploying Generative AI

⚠️ Organizations eager to deploy generative AI often underestimate the cybersecurity risks, from AI-driven phishing to model manipulation and deepfakes. The article, sponsored by Acronis, warns that many firms—especially smaller businesses—lack processes to assess AI security before deployment. It urges embedding security into development pipelines, continuous model validation, and unified defenses across endpoints, cloud and AI workloads.

Microsoft issues final Windows 10 22H2 preview update

🔧 Microsoft released the final non-security preview update for Windows 10 22H2 (KB5066198), delivering fixes for the out-of-box experience and SMBv1 connectivity over NetBIOS over TCP/IP (NetBT). This optional cumulative update lets administrators test improvements before they roll into the next month’s Patch Tuesday and raises systems to build 19045.6396. KB5066198 also resolves an Autopilot Enrollment Status Page (ESP) OOBE loading issue and includes prior fixes for unexpected UAC prompts and NDI streaming performance regressions. Install via Windows Update by choosing 'Download and install' for optional updates or obtain the package from the Microsoft Update Catalog.

Dutch teens arrested for alleged espionage near Europol

🔍 Two Dutch 17-year-olds allegedly used a WiFi sniffer to spy near Europol, Eurojust, and the Canadian embassy in The Hague. They were reportedly recruited over Telegram and arrested after a tip from the national intelligence service, the AIVD. Europol says its systems show no signs of compromise. The suspects will remain in custody for at least two weeks while investigators probe the case.

Microsoft temporary fix for Outlook encrypted errors

🔧 Microsoft is investigating a known issue that prevents users of the classic Outlook for Windows from opening OMEv2-encrypted emails sent from a different organization, producing the error message "Configuring your computer for Information Rights Management." As a temporary workaround, administrators can either exclude external users from Conditional Access requirements or enable cross-tenant trust for MFA claims in the Microsoft Entra admin center. Enabling cross-tenant trust is the recommended and easiest option, but both sending and receiving tenants must apply it for full cross-tenant compatibility.

Cloudflare network performance update — Birthday Week 2025

⚡Cloudflare reports it remains the fastest network for the largest number of last‑mile ISPs in its Birthday Week 2025 update. Using Real User Measurements (RUM) from Cloudflare‑branded error pages, the company compares TCP connection time trimeans against CloudFront, Google, Fastly and Akamai for the top 1,000 networks. Measured from August 6 to September 4, Cloudflare is #1 in 40% of measured ISPs and is prioritizing targeted fixes where gaps remain.

Cyber Risk Assessments: Making CISO Efforts Visible

🛡️ Cyber Risk Assessments enable CISOs to quantify enterprise cyber risk and demonstrate the impact of security work. They uncover vulnerabilities across infrastructure, networks and cloud data, helping teams prioritize remediation and allocate resources where they matter most. Assessments also support compliance with regulations such as GDPR and PCI DSS, delivering actionable reports that document progress for management.

Roblox executors: cheat tools that bring security risks

⚠️ Downloading third-party Roblox "executors" — tools that inject and run unauthorized scripts in games — can lead to account bans and serious security incidents. Malicious actors distribute fake or trojanised versions of popular tools such as Synapse X and Solara, sometimes bundling ransomware or backdoors. These installers may ask users to disable antivirus protections, which is a clear warning sign. Parents should steer children toward official features and avoid unverified downloads to keep accounts and devices safe.