AI Rollouts Lead as KEV Exploitation and SaaS Extortion Rise

OpenAI expands $4 ChatGPT Go availability in Southeast Asia

🌏 OpenAI is expanding its lower-cost ChatGPT plan, ChatGPT Go ($4), into additional Southeast Asian markets after tests in India and Indonesia. The company is updating local pricing and now lists amounts in EUR, USD, GBP and INR while testing availability in Malaysia, the Philippines, Thailand and Vietnam. The Go tier offers access to GPT-5 with limited capabilities, expanded messaging and uploads, faster image generation, longer memory and basic deep research, but excludes higher-end models and advanced reasoning reserved for the $20 GPT Plus tier. OpenAI says Go provides higher usage limits than the Free plan but remains feature-limited compared with Plus.

Amazon OpenSearch Service Adds Batch AI Inference Support

🧠 You can now run asynchronous batch AI inference inside Amazon OpenSearch Ingestion pipelines to enrich and ingest very large datasets for Amazon OpenSearch Service domains. The same AI connectors previously used for real-time calls to Amazon Bedrock, Amazon SageMaker, and third parties now support high-throughput, offline jobs. Batch inference is intended for offline enrichment scenarios—generating up to billions of vector embeddings—with improved performance and cost efficiency versus streaming inference. The feature is available in regions that support OpenSearch Ingestion on domains running 2.17+.

OpenAI Launches Codex Alpha for Early Model Access

🚀 OpenAI has introduced a new opt-in program, Codex Alpha, offering developers early access to updated Codex models and features ahead of DevDay 2025. The rollout currently exposes several gpt-5 variants (gpt-5-codex low/medium/high, gpt-5 minimal, and gpt-5 low/medium/high) tailored for coding and varied reasoning depths. The author could opt in but did not yet gain access to newer models; broader availability is expected at the October 6 event. Codex operates in Terminal, IDE, and web environments to assist with full application development rather than only snippets.

Amazon Connect launches generative AI for email support

📧 Amazon Connect now provides generative AI-powered email conversation overviews, suggested actions, and draft responses to help agents resolve customer emails faster and more consistently. Administrators enable the capability by adding the Amazon Q in Connect block to contact flows before an email is assigned to an agent. Outputs can be customized with knowledge bases and tailored prompts to align responses with company tone and policies. The feature is available in all regions where Amazon Q in Connect is offered.

OpenAI Updates GPT-5 Instant to Offer Emotional Support

🤗 OpenAI has updated GPT-5 Instant to better detect and respond to signs of emotional distress, routing users to supportive language and, when appropriate, real-world crisis resources. The change responds to feedback that some GPT-5 variants felt too clinical when users sought emotional support. OpenAI says it developed the model with help from mental health experts and will route GPT-5 Auto or non-reasoning model conversations to GPT-5 Instant for faster, more empathetic responses. The update begins rolling out to ChatGPT users today.

Dataproc ML library: Connect Spark to Gemini and Vertex

🔗 Google has released an open-source Python library, Dataproc ML, to streamline running ML and generative-AI inference from Apache Spark on Dataproc. The library uses a SparkML-style builder pattern so users can configure a model handler (for example, GenAiModelHandler) and call .transform() to apply Gemini or other Vertex AI models directly to DataFrames. It also supports loading PyTorch and TensorFlow model artifacts from GCS for large-scale batch inference and includes performance optimizations such as vectorized data transfer, connection reuse, and automatic retry/backoff.

Gmail enterprise users can now send E2EE to anyone

🔒 Gmail enterprise users can now send end-to-end encrypted emails to recipients on any email platform by enabling the Additional encryption option when composing a message. Non-Gmail recipients receive a secure link to view and reply via a guest Google Workspace account, while Workspace-to-Workspace messages decrypt automatically for subscribers. The feature uses client-side encryption (CSE) so organizations can hold keys outside Google's servers to support data sovereignty and regulatory controls. Google began beta testing in April 2025 and will roll the feature out to Enterprise Plus customers with the Assured Controls add-on.

AWS Clean Rooms Adds Cross-Region Data Collaboration

🌐 AWS Clean Rooms now supports cross-region collaboration, letting organizations analyze partner data stored in different AWS and Snowflake Regions without copying or sharing underlying datasets. Collaboration creators can specify allowed result regions to help meet data residency and sovereignty requirements. This reduces integration work—no new pipelines or replication—and enables faster, secure joint analyses across advertising, investment, and R&D use cases.

Extortion Gang Reveals Alleged Salesforce Victims List

🔓 The Scattered Lapsus$ Hunters gang opened a public data-leak site claiming it stole Salesforce data from dozens of global companies, including Salesforce, Toyota, FedEx, Disney/Hulu, Marriott and Google. The group set an Oct. 10 deadline for ransom payments and threatened to publish or even use stolen documents in legal actions if demands are not met. Salesforce says its investigation found no indication the platform itself was compromised and attributes the incidents to past or unsubstantiated claims. Researchers link many breaches to vishing that installs malicious connected apps and to compromised OAuth tokens in Salesloft Drift, underscoring a broader SaaS supply-chain risk.

Discord discloses data breach after support-ticket hack

🔒 Discord disclosed that attackers accessed a third-party customer support system on September 20 and stole a limited set of user support tickets and associated data. Exposed information included names, usernames, email addresses, IP addresses, messages and attachments, photos of government-issued IDs for a small number of users, and partial billing details such as payment type and the last four card digits. Discord says it isolated the vendor, revoked access, launched an internal and forensics investigation, and engaged law enforcement. The threat actor demanded a ransom and a group claiming responsibility said the breach involved a Zendesk instance.

Ransomware Halts Asahi Production, Japan Faces Shortage

🍺 A ransomware attack has forced Asahi Group Holdings to suspend production at nearly all of its 30 domestic breweries after ordering, delivery and call‑centre systems were disabled. The disruption has prompted the postponement of 12 new product launches and suspension of multiple beverage lines, with retailers warning that popular Asahi Super Dry could run out in days. Asahi reports no evidence so far of personal data leakage while investigations and recovery continue.

ShinyHunters Leak Salesforce Data; Many Companies Exposed

🔓 An extortion group claiming affiliation with ShinyHunters, Scattered Spider, and Lapsus$ has launched a public data leak site listing 39 companies allegedly compromised via Salesforce breaches. The site publishes sample records and urges victims to pay before an October 10 deadline, while also demanding that Salesforce pay to prevent disclosure of roughly 1 billion records. The attackers say they used OAuth-based voice-phishing and stolen tokens to access customer data. Victims named include FedEx, Disney/Hulu, Google, Cisco, and many other major brands.

WestJet Data Breach Affects 1.2 Million Customers Update

🛫 WestJet has confirmed a data breach affecting 1.2 million customers following a June 13, 2025 intrusion, and notified authorities on September 29. The airline says a "sophisticated, criminal third party" accessed names, contact details, reservation documents and other relationship data; WestJet Rewards members may have had IDs and points balances exposed, though account passwords were not accessed. WestJet states that credit card numbers, expiry dates and CVVs were not compromised, systems are secure, affected customers are being contacted, and identity protection is being offered where appropriate.

CISA Adds Meteobridge Command Injection CVE-2025-4008

⚠️ CISA has added a high-severity command injection flaw, CVE-2025-4008, affecting Smartbedded Meteobridge to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. The vulnerability allows unauthenticated remote attackers to execute arbitrary commands as root via a vulnerable /cgi-bin/template.cgi endpoint that improperly uses eval calls. ONEKEY reported the issue and Meteobridge issued a fix in version 6.2 on May 13, 2025.

Hackers Target Unpatched Oracle E-Business Suite Flaws

⚠️ Oracle has warned customers that attackers may be exploiting unpatched instances of Oracle E-Business Suite, following alerts from the Google Threat Intelligence Group and reports of extortion emails sent to company executives. The vendor’s investigation points to vulnerabilities addressed in the July 2025 Critical Patch Update, and it urges organizations to apply those fixes immediately. The July update fixed nine EBS flaws, including three critical issues and several that can be exploited remotely without authentication, raising urgent remediation priorities for affected deployments. Security teams should verify patch status, hunt for indicators of compromise, and validate account integrity.

Signal Adds SPQR Triple Ratchet to Harden Against Quantum

🔐 Signal announced the rollout of SPQR (Sparse Post‑Quantum Ratchet), a new cryptographic component that augments its existing double ratchet to form a Triple Ratchet. SPQR integrates post‑quantum Key‑Encapsulation Mechanisms (ML‑KEM, including CRYSTALS‑Kyber) with efficient chunking and erasure coding to limit bandwidth. The design was co-developed with PQShield, AIST, and NYU, formally verified, and will be gradually enabled; users only need to keep clients updated.

Asahi Confirms Ransomware Attack Disrupting Japan Operations

🔒 Asahi Group Holdings has confirmed a ransomware attack caused IT disruptions that forced shutdowns at its Japanese factories and prompted a switch to manual order and shipment processing. The company says investigations found evidence suggesting potential unauthorized data transfer from compromised devices. Asahi has established an Emergency Response Headquarters and is working with external cybersecurity experts; no cybercriminal group has publicly claimed responsibility.

Oracle Links Clop Extortion to July EBS Vulnerabilities

🔒 Oracle said some customers received extortion emails tied to its E-Business Suite and linked the campaign to vulnerabilities patched in the July 2025 Critical Patch Update. While Oracle did not attribute the activity to a specific ransomware group, its investigation found potential use of previously identified EBS flaws, including three that were remotely exploitable. Security firms reported executives began receiving ransom demands on or before September 29, 2025. Oracle urged customers to apply the latest patches and contact support if they need assistance.

Cl0p-linked Extortion Targets Oracle E-Business Suite

🔒 Researchers at Halcyon, Google, and Mandiant report an extortion campaign attributed to actors likely affiliated with the Cl0p gang, targeting Oracle E‑Business Suite (EBS) via exposed local login pages. Attackers allegedly abused the AppsLocalLogin.jsp password‑reset workflow to obtain local credentials that bypass SSO and often lack MFA, then sent executive extortion demands with proof samples. Demands range into seven and eight figures, reportedly up to $50 million; defenders are advised to restrict public EBS access, enforce MFA, and review logs immediately.

AWS Directory Service Adds IPv6 Support for Managed AD

🌐 AWS Directory Service now supports IPv6 connectivity for both Managed Microsoft AD and AD Connector, allowing deployments in IPv4-only, IPv6-only, or dual-stack configurations. This capability is available in all Directory Service regions and accessible via the Console, CLI, and API. Customers can upgrade existing IPv4-only directories to dual-stack by enabling IPv6 in VPC subnets and adding IPv6 support through the Directory Service Management Console. The update helps organizations meet regulatory requirements, including U.S. federal IPv6 transition mandates, while reducing operational complexity associated with maintaining dual protocol stacks.

ParkMobile settlement: $1 credits for 2021 breach victims

🔒 ParkMobile has settled a class action tied to its 2021 data breach, offering affected users a $1 in-app credit as part of a $32.8 million resolution. Threat actors leaked a 4.5 GB CSV exposing nearly 22 million customers' names, contact details, bcrypt-hashed passwords, mailing addresses, license plates and vehicle information. Claimants must manually apply promo code P@rkMobile-$1 (most codes expire Oct 8, 2026; California codes do not), and the company warns of continuing SMS phishing campaigns targeting users.

CometJacking: One-Click Attack Turns AI Browser Rogue

🔐 CometJacking is a prompt-injection technique that can turn Perplexity's Comet AI browser into a data exfiltration tool with a single click. Researchers at LayerX showed how a crafted URL using the 'collection' parameter forces the agent to consult its memory, extract data from connected services such as Gmail and Calendar, obfuscate it with Base64, and forward it to an attacker-controlled endpoint. The exploit leverages the browser's existing authorized connectors and bypasses simple content protections.

Identifiable Discord User Data Exposed in Third-Party Breach

🔒 Hackers accessed a third-party customer service system used by Discord on September 20, stealing partial payment details and personally identifying information for a limited number of users who contacted support or Trust and Safety. The attackers appear financially motivated and demanded a ransom. Discord revoked the provider's access, engaged a computer forensics firm, launched an internal investigation, and notified law enforcement. Exposed data included real names, usernames, emails, IP addresses, support messages and attachments, photos of government IDs for a small subset, and partial billing details such as payment type and the last four card digits.

New Chinese Group Hijacks IIS Servers for SEO Fraud

🔍 Cisco Talos warns a Chinese‑speaking threat group tracked as UAT-8099 is actively compromising misconfigured Microsoft IIS servers to run SEO fraud and harvest high-value data. The actors favor high-reputation domains in universities, technology firms, and telecom providers across India, Thailand, Vietnam, Canada and Brazil to reduce detection. They exploit unrestricted file uploads to install web shells, escalate a guest account to admin, enable RDP and deploy the BadIIS SEO malware, then persist with hidden accounts and VPN/backdoor tools. Talos has published indicators and mitigation guidance, including blocking script execution in upload folders, disabling RDP and enabling MFA.

Detour Dog Using DNS to Distribute Strela Stealer Campaigns

🛡️ Infoblox links a threat actor dubbed Detour Dog to campaigns distributing the Strela Stealer, using compromised WordPress sites to host first-stage backdoors such as StarFish. The actor leverages DNS TXT records and modified name servers to deliver Base64-encoded commands and delivery URLs, selectively triggering redirects or remote execution to minimize detection. Infoblox and Shadowserver sinkholed multiple C2 domains in July–August 2025.

Phoenix Rowhammer: DDR5 Bypass Exploits and Practical Risks

🧪 In September 2025, researchers at ETH Zurich published Phoenix, a Rowhammer variant that targets DDR5 memory by exploiting weaknesses in Target Row Refresh (TRR) logic. The team validated the technique across 15 tested SK Hynix modules and demonstrated practical capabilities including arbitrary read/write primitives, theft of an RSA‑2048 private key, and a Linux sudo bypass in constrained scenarios. Phoenix works by inducing timed access "windows" after 128 and after 2608 refresh intervals that momentarily degrade TRR responses, allowing precise bit flips. The authors recommend mitigations such as reduced refresh intervals, deployment of ECC memory, and adoption of Fine Granularity Refresh to harden platforms.

Chinese Cybercriminals Hijack IIS Servers for SEO Fraud

🔍 A Chinese-speaking cybercrime group tracked as UAT-8099 is hijacking trusted Microsoft IIS servers worldwide to run SEO scams that redirect users to unauthorized adverts and illegal gambling sites. According to Cisco Talos, attackers exploit server vulnerabilities, upload web shells, and conduct reconnaissance before enabling the guest account, escalating privileges and activating RDP. For persistence they deploy SoftEther VPN, EasyTier and the FRP reverse proxy and install the BadIIS malware variants designed to evade detection.

Zero-day XSS in Zimbra abused via malicious .ICS files

📅 Researchers found a zero-day XSS in Zimbra Collaboration Suite exploited through malicious .ICS (iCalendar) attachments that delivered obfuscated JavaScript. The vulnerability, tracked as CVE-2025-27915, affects ZCS 9.0, 10.0 and 10.1 and was patched by Zimbra on January 27 with releases ZCS 9.0.0 P44, 10.0.13 and 10.1.5. StrikeReady determined attacks began in early January and involved a spoofed Libyan Navy email targeting a Brazilian military organization. The injected script is capable of stealing credentials, emails, contacts and shared folders, manipulating filters to forward mail, and using the Zimbra SOAP API to exfiltrate data.

AWS Glue Adds Write Support for Four Application Connectors

🔁 AWS Glue now supports write operations for SAP OData, Adobe Marketo Engage, Salesforce Marketing Cloud, and HubSpot connectors, allowing ETL jobs to create and update records directly in those applications. Announced Oct 3, 2025, the enhancement lets teams sync leads and CRM records, update subscribers and campaign data, and manage contacts, companies, and deals without custom scripts or intermediate systems. This capability simplifies end-to-end ETL pipelines and reduces integration complexity and latency. The feature is available in all Regions where AWS Glue is offered; consult the AWS Glue documentation for supported entities.

Cavalry Werewolf Targets Russian Public Sector with RATs

🚨 BI.ZONE warns of a campaign dubbed Cavalry Werewolf that has targeted Russian state agencies and critical industrial sectors using FoalShell and StallionRAT. Attackers used spear-phishing with spoofed Kyrgyz government emails and RAR attachments to deploy lightweight reverse shells and a RAT that exfiltrates data via a Telegram bot. Observed tooling and Telegram commands indicate organized post-compromise operations and use of socks proxies for lateral movement. BI.ZONE links the activity to groups including Tomiris and YoroTrooper, suggesting possible Kazakhstan ties.

CometJacking attack tricks Comet browser into leaking data

🛡️ LayerX researchers disclosed a prompt-injection technique called CometJacking that abuses Perplexity’s Comet AI browser by embedding malicious instructions in a URL's collection parameter. The payload directs the agent to consult connected services (such as Gmail and Google Calendar), encode the retrieved content in base64, and send it to an attacker-controlled endpoint. The exploit requires no credentials or additional user interaction beyond clicking a crafted link. Perplexity reviewed LayerX's late-August reports and classified the findings as "Not Applicable."

Amazon Kinesis Video Streams Adds IPv6 Dual-Stack Support

📡 AWS now supports IPv6 addressing for Amazon Kinesis Video Streams, providing dual-stack endpoints that accept both IPv4 and IPv6 clients for video streaming at scale. Existing IPv4 implementations continue to work unchanged, while organizations can adopt IPv6 to address private IPv4 exhaustion, eliminate reliance on NAT translation, and simplify long-term network transitions. IPv6 support is available in all commercial Regions where KVS runs except ap-southeast-1 and GovCloud.

Rhadamanthys Stealer Adds Fingerprinting, PNG Steganography

🛡️ Check Point researchers report that the Rhadamanthys information stealer (v0.9.2) has been updated to collect extensive device and browser fingerprints and to deliver payloads via steganography embedded in WAV, JPEG and PNG files. The operator—initially known as kingcrete2022 and now marketing as RHAD security/Mythical Origin Labs—offers the malware as a tiered MaaS product with subscription plans and enterprise options. The sample includes sandbox-evasion checks, an embedded Lua runner for plugins, obfuscated configurations, and a PNG-based payload decryption step that requires a shared secret.

Rhadamanthys 0.9.2 Stealer Introduces New Evasion Techniques

🔒 Check Point Research details the release of Rhadamanthys 0.9.2, a new build of a widely used information stealer that introduces multiple evasion and delivery changes. The update replaces previous loaders with a PNG-based payload delivery, updates encryption, refines sandbox checks, adds configurable process injection, and expands targeting to include Ledger Live crypto wallets. Operators have rebranded as RHAD Security / Mythical Origin Labs and launched a professional site, while CPR supplies updated signatures and tools to help defenders adapt.

WhatsApp-Based Self-Spreading Malware Hits Brazil Nationwide

⚠️ Trend Micro has uncovered a self-propagating malware campaign named SORVEPOTEL that primarily targets Brazilian Windows users via WhatsApp. The attack is delivered through convincing phishing messages with malicious ZIP attachments that contain LNK shortcuts which trigger PowerShell to download a batch payload. The payload establishes persistence by copying itself to the Windows Startup folder and contacts a command-and-control server, and if WhatsApp Web is active the malware automatically forwards the infected ZIP to contacts and groups, causing rapid spread and frequent account bans. Researchers report no evidence of data exfiltration or file encryption so far.

Manufacturing Under Fire: Strengthening Cyber Defenses

🔒 Manufacturers face growing, targeted cyber threats driven by legacy OT, complex supply chains, and high-value IP. Attackers increasingly use credential theft, social engineering and sophisticated malware to achieve prolonged access, data theft and ransomware extortion that can halt production and ripple across partners. Building resilience with MFA, prompt patching and continuous detection such as MDR — offering 24/7 threat monitoring, expert hunting and rapid containment — reduces downtime and strengthens supply chain security while aligning with Zero Trust principles.

AWS End User Messaging adds SMS onboarding alerts now

🔔 AWS End User Messaging now sends SMS onboarding progress notifications to Slack, Email, or any Amazon EventBridge destination. Instead of manually checking phone number or sender ID registration status in the console, customers can receive immediate alerts when registrations are created, submitted, denied, or require updates. Support is available in all Regions where End User Messaging is offered. This capability helps developers accelerate onboarding workflows, reduce manual tracking, and improve operational visibility for messaging infrastructure.

EC2 Image Builder: Pipeline Auto-Disable and Custom Logs

⚙️ EC2 Image Builder pipelines can now be automatically disabled after a configurable number of consecutive failures, and you can assign custom log groups with retention and encryption settings to meet organizational policies. This prevents unnecessary resource creation and repeated failed builds, reducing costs and operational noise. These capabilities are available at no extra charge across all AWS commercial regions and are usable via Console, CLI, API, CloudFormation, or CDK.

AWS launches self-service invoice correction feature

📄 AWS has made a self-service invoice correction feature generally available, enabling customers to update core invoice attributes and receive corrected PDFs instantly. Accessible from the AWS Billing and Cost Management console, the guided workflow supports edits to purchase order numbers, legal business names, and billing and physical addresses on select invoices. The capability is intended to reduce support cycles, lower administrative friction, and speed reconciliation. The feature is available in all AWS Regions except GovCloud (US) and China (Beijing and Ningxia).

AI and Cybersecurity: Fortinet and NTT DATA Webinar

🔒 In a joint webinar, Fortinet and NTT DATA outlined practical approaches to deploying and securing AI across enterprise environments. Fortinet described its three AI pillars—FortiAI‑Protect, FortiAI‑Assist, and FortiAI‑SecureAI—focused on detection, operational assistance, and protecting AI assets. NTT DATA emphasized governance, runtime protections, and an "agentic factory" to scale pilots into production. The presenters stressed the need for visibility into shadow AI and controls such as DLP and zero‑trust access to prevent data leakage.

Surge in Scans Targeting Palo Alto Network Login Portals

🔍 GreyNoise has observed a roughly 500% rise in IP addresses scanning Palo Alto Networks login portals, primarily emulating GlobalProtect and PAN-OS profiles. Activity peaked on October 3 with more than 1,285 unique IPs—typical daily scans are usually under 200—while most sources were geolocated to the United States with smaller clusters in the UK, Netherlands, Canada, and Russia. GreyNoise classified 91% of the IPs as suspicious and 7% as malicious, noting clusters with distinct TLS fingerprints and warning this reconnaissance could precede exploitation attempts; administrators should verify device exposure and monitoring.

Renault and Dacia UK Notify Customers of Data Breach

🔒 Renault and Dacia UK have informed customers that personal information was exposed following a cyberattack on an unnamed third‑party provider. The compromised data includes full name, gender, phone number, email and postal address, as well as Vehicle Identification Numbers (VINs) and vehicle registration numbers; banking data was not affected. Renault says the supplier isolated the incident and removed the threat, and the Information Commissioner’s Office (ICO) has been notified. Recipients are urged to remain vigilant against unsolicited calls and emails and to avoid sharing passwords.

Passwork 7: Unified On-Premises Password and Secrets

🔐 Passwork 7 is an on‑premises unified platform that consolidates password and secrets management with a redesigned interface and reworked core workflows to improve usability and security. The update introduces hierarchical vaults, custom vault types, role‑based access, and comprehensive logging, plus API, Python connector, CLI and Docker support for DevOps automation. Built on a zero‑knowledge AES‑256 model with MongoDB storage and ISO 27001 certification, it targets organizations needing centralized, compliant credential control.

ChatGPT Leak Reveals Direct Messaging and Profiles

🤖 OpenAI is testing social features in ChatGPT, with leaked code showing support for direct messages, usernames, and profile images. References discovered in an Android beta (version 1.2025.273) and linked traces to Sora 2 indicate the company may be rolling social tools beyond its video feed app. The code, codenamed Calpico and Calpico Rooms, also mentions join/leave notifications and push alerts for messages.

Spike in Scanning Targets Palo Alto Login Portals Globally

🔍 GreyNoise observed a nearly 500% surge in IP addresses scanning Palo Alto Networks login portals on October 3, 2025, jumping from about 200 to roughly 1,300 unique IPs. The firm classified 93% of those IPs as suspicious and 7% as malicious, with most activity geolocated to the U.S. and smaller clusters in the U.K., the Netherlands, Canada and Russia. GreyNoise noted the traffic was targeted and structured and shared a dominant TLS fingerprint with recent Cisco ASA scans.

Leaked iPad Pro M5 Benchmark Shows Significant Gains

🔍An alleged Apple M5 benchmark for an iPad Pro has surfaced on Geekbench, reporting a single-core score of 4,133 and a multi-core score of 15,437 for a variant clocked at about 4.42 GHz. The listing shows 12 GB of RAM, likely paired with 256 GB or 512 GB of storage. Early comparisons place the M5 narrowly ahead in single-thread tests versus Qualcomm's Snapdragon X Elite 2 but behind in multi-core throughput, underscoring Apple's strong per-core design.

Opera Neon AI Browser: $19.90 Monthly for Agentic Web

🤖 Opera has unveiled Neon, a premium AI-first browser that delegates browsing tasks to integrated agents, from opening tabs and conducting research to comparing prices and assessing security. Early access is available for Windows and macOS at an introductory price of $59.90 for nine months; Opera says the service will cost $19.90 per month after the offer. Opera positions Neon alongside other agentic browsers such as Perplexity Comet and Microsoft Edge's Copilot mode.

Fake CISO Job Offer Used in Long-Game 'Pig-Butchering' Scam

🔒 A seasoned US CISO was targeted in a months-long pig-butchering scam that used a fabricated recruitment process posing as Gemini Crypto, including LinkedIn outreach, SMS, WhatsApp messages and a likely deepfaked video interview. The attackers groomed the target from May–September 2025, offered a fictitious CISO role, and asked him to buy $1,000 in crypto on Coinbase as "training." The candidate declined, documented the exchange, and warned peers; analysts say these long-game social engineering campaigns and malware-laced "test" assignments are increasingly common and financially damaging.

Leaked iPad Pro M5 Benchmark Nears Laptop CPU Performance

🔍 A leaked Geekbench entry allegedly from an unreleased iPad shows an Apple M5 chip delivering a 4,133 single‑core score and 15,437 multi‑core score, with the processor reported at 4.42 GHz and paired with 12GB of RAM and likely 256/512GB storage. In early comparisons, Apple's per‑core performance edges out Qualcomm's Snapdragon X Elite 2 in single‑thread tests, while the Snapdragon's higher core count gives it a clear multi‑core lead. The results highlight Apple's continued CPU design strength but should be treated as an unverified leak until independently confirmed.

CISO GenAI Board Presentation Template and Guidance

🛡️Keep Aware has published a free Template for CISO GenAI Presentations designed to help security leaders brief boards or AI committees. The template centers on four agenda items—GenAI Adoption, Risk Landscape, Risk Exposure and Incidents, and Governance and Controls—and recommends visuals and dashboard-style metrics to translate technical issues into business risk. It also emphasizes browser-level monitoring to prevent data leakage and enforce policies.