Post-Quantum Keys, Redis RCE Patches, and Extortion Campaigns

North Korean Hackers Stole Over $2 Billion in Crypto 2025

🔒 North Korean-linked hackers stole an estimated $2 billion in cryptocurrency in 2025, the largest annual total on record and lifting confirmed thefts to over $6 billion. Blockchain firm Elliptic attributes much of the total to the February Bybit breach (~$1.46 billion) and linked 30 crypto-heists to North Korean actors using blockchain analysis and intelligence. Analysts note a shift to social engineering targeting individuals and exchange staff and increasingly complex laundering—mixers, cross-chain transfers, obscure chains and custom tokens—though blockchain transparency still aids tracing.

Google Cloud KMS Adds Quantum-Safe Key Encapsulation

🔐 Google Cloud Key Management Service (Cloud KMS) now offers preview support for post-quantum Key Encapsulation Mechanisms (KEMs), enabling customers to begin migrating to quantum-resistant key exchange. Cloud KMS supports ML-KEM-768, ML-KEM-1024, and the hybrid X-Wing (X25519+ML-KEM-768) option. The preview aims to mitigate "Harvest Now, Decrypt Later" risks and provide HPKE-compatible integrations via Tink and BoringCrypto. Developers are advised to adopt hybrid deployments and plan for larger key and ciphertext sizes that affect bandwidth and storage.

Google DeepMind's CodeMender Automatically Patches Code

🛠️ Google’s DeepMind unveiled CodeMender, an AI agent that automatically detects, patches, and rewrites vulnerable code to remediate existing flaws and prevent future classes of vulnerabilities. Backed by Gemini Deep Think models and an LLM-based critique tool, it validates changes to reduce regressions and self-correct as needed. DeepMind says it has upstreamed 72 fixes to open-source projects so far and will engage maintainers for feedback to improve adoption and trust.

Critical 10.0 RCE Flaw in Redis Exposes 60,000 Instances

⚠ The popular Redis in-memory data store received an urgent patch for a critical use-after-free vulnerability tracked as CVE-2025-49844 (RediShell), which can escape the Lua script sandbox and achieve remote code execution on the host. Exploitation requires authentication, but many deployments disable it; researchers estimate roughly 60,000 internet-exposed instances lack authentication. Redis released fixes on Oct. 3 across multiple branches and administrators are urged to patch exposed servers immediately and enable hardening controls.

Critical Redis Flaw 'RediShell' Exposes 60,000 Servers

🚨 Redis has a critical, decade‑old vulnerability identified as CVE-2025-49844 (RediShell) in its embedded Lua scripting engine that can let authenticated users escape the sandbox and execute arbitrary code on the host. Researchers at Wiz report roughly 330,000 Redis instances are exposed online, with about 60,000 lacking authentication. Redis and Wiz disclosed the issue on October 3 and published patches; administrators should apply updates, restrict access, and disable Lua scripting if not required.

Google launches AI bug bounty program; rewards up to $30K

🛡️ Google has launched a new AI Vulnerability Reward Program to incentivize security researchers to find and report flaws in its AI systems. The program targets high-impact vulnerabilities across flagship offerings including Google Search, Gemini Apps, and Google Workspace core apps, and also covers AI Studio, Jules, and other AI integrations. Rewards scale with severity and novelty—up to $30,000 for exceptional reports and up to $20,000 for standard flagship security flaws. Additional bounties include $15,000 for sensitive data exfiltration and smaller awards for phishing enablement, model theft, and access control issues.

DeepMind's CodeMender: AI Agent to Fix Code Vulnerabilities

🔧 Google DeepMind has unveiled CodeMender, an autonomous agent built on Gemini Deep Think models that detects, debugs and patches complex software vulnerabilities. In the last six months it produced and submitted 72 security patches to open-source projects, including codebases up to 4.5 million lines. CodeMender pairs large-model reasoning with advanced program-analysis tooling — static and dynamic analysis, differential testing, fuzzing and SMT solvers — and a multi-agent critique process to validate fixes and avoid regressions. DeepMind says all patches are currently human-reviewed and it plans to expand maintainer outreach, release the tool to developers, and publish technical findings.

Amazon DocumentDB Expands to New Asia Pacific and Mexico

🚀 Amazon DocumentDB (with MongoDB compatibility) is now available in AWS Asia Pacific (Osaka), Asia Pacific (Thailand), Asia Pacific (Malaysia) and Mexico (Central). The fully managed, native JSON document database supports mission‑critical MongoDB workloads and can scale to millions of requests per second with up to 15 low‑latency read replicas and automatic storage up to 128 TiB. With Serverless, capacity scales automatically in fine increments and AWS cites up to 90% cost savings versus peak provisioning. Amazon DocumentDB also integrates with AWS DMS, CloudWatch, CloudTrail, Lambda and AWS Backup, and clusters can be created via the Console, CLI or SDK.

Unity runtime vulnerability forces game updates worldwide

⚠ A critical vulnerability in the Unity Runtime, introduced in engine version 2017.01, can allow attackers to pass crafted startup parameters that cause games to load arbitrary native libraries on Windows, macOS, Linux and Android. Exploitation may execute malicious code or expose device data, and the risk depends on game and OS settings. Vendors Valve and Microsoft advise blocking or removing affected titles while Unity urges developers to update, recompile and republish builds; Unity also provides an application patcher for unmaintained games.

ShinyHunters Launch Extortion Site Targeting Corporates

🔓 A cybercrime collective known as ShinyHunters has launched a public extortion blog threatening to publish data stolen from dozens of major companies if ransoms are not paid. The group claims to have harvested Salesforce customer records via a May voice-phishing campaign, and also says it exfiltrated terabytes of files from a Red Hat GitLab server and Discord user data tied to a third-party provider. Security firms and affected vendors including Salesforce, Red Hat and Discord are investigating, while Google and other investigators link the activity to several related UNC clusters and warn of additional token thefts tied to Salesloft. Victim shaming, published exploit scripts for an Oracle E-Business Suite zero-day, and malware-laced threats have amplified the incident’s severity.

Oracle EBS Zero-Day Exploited by Clop Since August

🔒 CrowdStrike reports the Clop ransomware gang has been exploiting an Oracle E-Business Suite zero-day, CVE-2025-61882, since early August to steal sensitive documents. The flaw resides in the BI Publisher Integration of Concurrent Processing and allows unauthenticated remote code execution via a single HTTP request. Oracle issued a patch and warned customers to apply updates immediately as extortion emails tied to stolen EBS data are being circulated.

NCSC Urges Patch for Critical Oracle E-Business Bug

🔔 The UK's National Cyber Security Centre has urged Oracle E-Business Suite customers to apply an emergency update for CVE-2025-61882, a critical unauthenticated remote code execution vulnerability in the BI Publisher Integration component affecting EBS 12.2.3–12.2.14. Security firm Mandiant reports the Clop ransomware group exploited the bug as a zero-day in August, and the exploit has since been leaked, raising the risk of wider attacks. The NCSC and Rapid7 recommend immediate compromise assessments using Oracle's IoCs, contacting Oracle PSIRT and the NCSC if compromise is suspected, installing the latest EBS update (with the October 2023 CPU applied first), and reducing internet exposure of EBS instances.

Microsoft Links Storm-1175 to GoAnywhere Flaw, Medusa

🔒 Microsoft attributed active exploitation of a critical Fortra GoAnywhere vulnerability (CVE-2025-10035, CVSS 10.0) to the cybercriminal group Storm-1175, which has been observed deploying Medusa ransomware. The flaw is a deserialization bug that can permit unauthenticated command injection when a forged license response signature is accepted. Fortra released fixes in GoAnywhere 7.8.4 and Sustain Release 7.6.3; organizations should apply updates immediately and hunt for indicators such as dropped RMM tools, .jsp web shells, Cloudflare tunnels and Rclone usage.

Oracle EBS Targeted by Cl0p Exploiting CVE-2025-61882

🚨 CrowdStrike attributes the exploitation of Oracle E-Business Suite to Graceful Spider, also known as Cl0p, with the first observed compromise on August 9, 2025. The attacks exploit a critical pre-authentication remote code execution flaw, CVE-2025-61882 (CVSS 9.8), enabling authentication bypass and the upload of malicious XSLT templates via Oracle XML Publisher. Successful exploitation leads to outbound connections from the Java web server and remote web shell deployment for data exfiltration and persistence; CISA has added the flaw to its Known Exploited Vulnerabilities catalog and urged agencies to patch immediately.

Citizen Lab: AI-Enabled Influence Operation Targets Iran

🔎Citizen Lab reports a coordinated AI-enabled influence operation, dubbed PRISONBREAK, that used more than 50 inauthentic X profiles to push narratives aimed at inciting revolt within Iran. Created in 2023, the network became active mainly from January 2025 and produced bursts of activity synchronized with IDF operations in June 2025. Citizen Lab notes limited organic engagement, though some posts reached tens of thousands of views, and assesses the most consistent attribution is to an Israeli government agency or a closely supervised subcontractor.

Citizen Lab: AI Influence Operation Against Iran Exposed

🛡️ Citizen Lab has identified a coordinated network of more than 50 inauthentic accounts on X, labeled PRISONBREAK, conducting an AI-enabled influence operation aimed at provoking Iranian audiences to revolt against the Islamic Republic. The network was created in 2023, with most observable activity beginning in January 2025 and intensifying around June 2025, partially synchronized with Israeli military actions. Organic engagement was limited overall, though some posts achieved tens of thousands of views after seeding to large public communities and likely paid promotion. After reviewing alternatives, Citizen Lab assesses the most consistent hypothesis is direct involvement by an unidentified Israeli government agency or a closely supervised subcontractor.

Microsoft: Critical GoAnywhere Flaw Used in Ransomware

⚠️ Microsoft warns that a critical deserialization vulnerability, CVE-2025-10035, in Fortra's GoAnywhere MFT License Servlet Admin Console is being actively exploited in ransomware campaigns. The flaw (CVSS 10.0) enables attackers to bypass signature verification and deserialize attacker-controlled objects, potentially resulting in command injection and remote code execution on internet-exposed instances. Customers are urged to apply Fortra's patch, harden perimeter controls and run endpoint defenses in block mode to detect and stop post-breach activity.

Redis 13-Year Use-After-Free Flaw Rated CVSS 10.0 Severity

⚠️ Redis disclosed a maximum-severity vulnerability, CVE-2025-49844 (RediShell), a use-after-free bug in its Lua scripting implementation that has been assigned a CVSS score of 10.0. An authenticated user can submit crafted Lua scripts to manipulate the garbage collector, trigger a use-after-free, and potentially achieve remote code execution on the host. The issue affects all Redis versions with Lua and was fixed in 6.2.20, 7.2.11, 7.4.6, 8.0.4, and 8.2.2 (released Oct 3, 2025). Administrators should immediately restrict EVAL/EVALSHA via ACLs, avoid exposing Redis instances to the internet, enforce strong authentication, and apply the patches without delay.

Avnet Confirms Breach; Stolen EMEA Sales Data Unreadable

🔒 Avnet confirmed unauthorized access to externally hosted cloud storage that supported an internal sales tool used in the EMEA region. The company says most stolen files are not easily readable without access to Avnet's proprietary sales tool, which it says was not impacted, while attackers claim they exfiltrated 1.3TB of compressed (7–12TB raw) data. Avnet detected the activity on September 26, rotated secrets across Azure/Databricks, notified authorities, and will contact affected customers and suppliers; the number of potentially impacted individuals remains unknown.

Qilin Ransomware Disrupts Mecklenburg County Schools

🔒 A Russian-linked ransomware group, Qilin, has claimed responsibility for a September 2, 2025 attack that disrupted Mecklenburg County Public Schools and said it exfiltrated 305 GB of data, including financial records, grant documents, budgets and children’s medical files. The attack forced teachers offline for about a week while internet systems were restored. Superintendent Scott Worner said the district does not currently intend to pay the ransom and is still assessing the scope, urging other districts to review cyber-insurance and preparedness.

Qilin Claims Responsibility for Asahi Cyber Attack

🔒 The Qilin ransomware group has claimed responsibility for a cyber-attack on Japan's Asahi Group, asserting it exfiltrated about 27 GB of files containing employee personal data and sensitive business documents. Consumer site Comparitech listed the data on Qilin's leak site on October 7, and Asahi has confirmed an earlier ransomware incident involving an 'unauthorized transfer of data'. The breach disrupted order, shipment and call-centre operations as the brewer implemented manual processes while investigating.

CISA Adds Synacor Zimbra XSS to Known Exploited Catalog

⚠️ CISA added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-27915, a cross-site scripting (XSS) flaw in Synacor Zimbra Collaboration Suite (ZCS). CISA notes that XSS remains a common attack vector that can enable credential theft, session hijacking, and distribution of malicious content. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV items by prescribed due dates. CISA urges all organizations to prioritize timely remediation and reduce exposure.

Amazon EC2 Im4gn Instances Now in Asia Pacific (Mumbai)

🚀 Amazon Web Services has launched EC2 Im4gn instances in the Asia Pacific (Mumbai) region. Built on the AWS Nitro System and powered by AWS Graviton2 processors, Im4gn provides up to 30 TB of 2nd Generation Nitro SSD instance storage and up to 100 Gbps networking. These instances are optimized for I/O-intensive workloads—relational and NoSQL databases, search engines, and data analytics—and support Elastic Fabric Adapter (EFA) for high inter-node communication. Users can provision Im4gn via the AWS Management Console, AWS CLI, or AWS SDKs.

Google won’t fix new ASCII smuggling attack in Gemini

⚠️ Google has declined to patch a new ASCII smuggling vulnerability in Gemini, a technique that embeds invisible Unicode Tags characters to hide instructions from users while still being processed by LLMs. Researcher Viktor Markopoulos of FireTail demonstrated hidden payloads delivered via Calendar invites, emails, and web content that can alter model behavior, spoof identities, or extract sensitive data. Google said the issue is primarily social engineering rather than a security bug.

XWorm 6.0 Returns with 35+ Plugins and Enhanced Theft

🛡️ Trellix researchers detail the return of XWorm 6.0, a modular Windows malware now supporting more than 35 in‑memory DLL plugins and expanded data-theft and persistence capabilities. The actor associated with earlier releases, known as XCoder, is of uncertain status, but v6.0—advertised on forums in June 2025—appears to address a prior RCE flaw while enabling credential theft, keylogging, screen capture, and optional ransomware. Campaigns use phishing, malicious JavaScript, LNK-based PowerShell chains, and process injection to evade detection and execute plugins directly in memory.

Discord Confirms Customer Data Breach via Third-Party

🔒 Discord has disclosed a data breach after a third-party customer support provider was compromised, allowing a ransomware actor to access limited customer information. Potentially exposed data includes names, Discord usernames, contact details, last four digits of payment cards, IP addresses, messages with support agents and a small number of government ID images submitted for age appeals. Discord says no passwords, full card numbers or CVVs were accessed and is contacting affected users and authorities.

Startup Technical Guide: Building Production AI Agents

🤖 Google Cloud published the Startup technical guide: AI agents, a practical, operations-driven roadmap to design, build, and operate agentic systems for startups. The guide outlines three paths — build with the open-source Agent Development Kit (ADK), design no-code agents in Agentspace, or adopt managed and partner agents via Vertex AI and the Agent Garden marketplace. It details four development steps (identity, prime directive, tools, lifecycle), highlights operational rigor (AgentOps), and promotes interoperability through standards such as MCP and A2A, all aimed at safe production deployment.

BatShadow Deploys Go-Based Vampire Bot Against Job Seekers

🔎 A Vietnam-linked group tracked as BatShadow is running a social-engineering campaign that lures job seekers and digital marketing professionals with faux job descriptions to deliver a previously undocumented Go-based malware, Vampire Bot. Attackers distribute ZIP archives containing decoy PDFs alongside malicious LNK or executable files that launch an embedded PowerShell script to fetch lure documents and remote-access tooling such as XtraViewer. The lure coerces victims into opening links in Microsoft Edge, triggering an automatic ZIP download that contains a deceptive executable padded to appear as a PDF; once executed, the Go binary profiles the host, exfiltrates data, captures screenshots, and maintains contact with a command-and-control server.

From Ransom to Revenue Loss and Recovery Costs for Business

🔒 Ransomware now inflicts costs far beyond ransom payments, driving operational downtime, reputational damage, and regulatory exposure that directly erode the bottom line. The 2025 Unit 42 report shows median initial extortion demands rose to $1.25M and commonly equate to about 2% of perceived annual revenue. While roughly 48% of victims paid in 2024, Unit 42 negotiation reduced median paid demands to about 0.6% of PAR, yet attackers’ disruptive tactics increasingly amplify recovery costs. Strengthening backups, segmentation, and an incremental zero trust posture are key to limiting impact and shortening recovery timelines.

Enterprise AI Now Leading Corporate Data Exfiltration

🔍 A new Enterprise AI and SaaS Data Security Report from LayerX finds that generative AI has rapidly become the largest uncontrolled channel for corporate data loss. Real-world browser telemetry shows 45% employee adoption of GenAI, 67% of sessions via unmanaged accounts, and copy/paste into ChatGPT, Claude, and Copilot as the primary leakage vector. Traditional, file-centric DLP tools largely miss these action-based flows.

Docker offers Hardened Images for SMBs and startups

🔒 Docker has opened unlimited, subscription-based access to its Hardened Images catalog starting today, offering a 30-day free trial to make near-zero CVE container images affordable for startups and SMBs. These images are built from source, signed, rootless by default, include SBOM and VEX data, and are covered by a seven-day patch SLA for newly discovered CVEs. Docker says removing nonessential components can reduce attack surface by up to 95%, and hardened variants are compatible with Alpine and Debian and can be adopted by changing a single Dockerfile line.

AWS Releases Whitepaper: Security Overview of EKS Auto Mode

🛡️ AWS has published a new whitepaper titled Security Overview of Amazon EKS Auto Mode that explains the service’s architecture, core security principles, and built-in protections. The guidance highlights a new approach to node management that leverages Amazon EC2 managed instances to let customers delegate operational control to AWS. Intended for cloud architects, security professionals, and Kubernetes practitioners, the document helps teams understand how EKS Auto Mode reduces infrastructure complexity while maintaining secure operations.

AWS Marketplace Adds EUR, GBP, AUD, JPY for Private Offers

🌍 AWS Marketplace now supports usage-based private offers priced in four additional local currencies—EUR, GBP, AUD, and JPY. Sellers and Channel Partners can create private offers and receive disbursements in the offer currency for consumption-based and contract pricing, simplifying cash flow and reducing foreign-exchange exposure. For Channel Partner Private Offers, the seller, partner, and buyer must transact in the same currency; public offers remain in USD only.

AWS Marketplace expands pricing dimensions for sellers

🧾 AWS Marketplace has expanded pricing dimension capabilities, raising the per-listing limit from 24 to 200 dimensions for both contract and usage-based pricing. Sellers can immediately use newly added SaaS usage dimensions in public offers, enabling instant access to newly launched features. AWS also removed the 90-day price update restriction for dimensions that have no active subscriptions, and these updates are available in all supported AWS Regions.

DraftKings Alerts Customers to Credential Stuffing Breach

🔒 DraftKings has notified customers that attackers accessed some accounts in a wave of credential stuffing attacks. The company says the threat actors used credentials stolen from non‑DraftKings sources to log in and may have viewed limited profile and account data — including name, address, date of birth, email, phone, the last four digits of a payment card, profile photo, transaction history, account balance, and the date the password was last changed. DraftKings said no full financial account numbers or government‑issued identification numbers were accessed. Affected users will be required to reset passwords and are being urged to enable multifactor authentication and monitor their financial and credit records.

Disrupting Threats Targeting Microsoft Teams Environments

🛡️ Microsoft Threat Intelligence details how adversaries exploit Microsoft Teams collaboration capabilities—chat, calls, meetings, and screen sharing—at multiple stages of the attack chain. The post chronicles 2024–2025 campaigns and toolsets (phishing, malvertising, deepfakes, device code phishing, and red‑team tool reuse) that enable initial access, persistence, and exfiltration. It emphasizes layered defenses across identity, endpoints, apps, data, and network controls, and provides detection guidance, hunting queries, and product-specific recommendations to help defenders disrupt these operations.

Microsoft SFI Patterns and Practices: New Security Guides

🔐 Microsoft published a second installment of the Secure Future Initiative (SFI) patterns and practices, delivering six practical, practitioner-built guides that address network isolation, tenant hardening, Entra ID app security, Zero Trust for source code access, software supply chain protection, and centralized log collection. Each article outlines the problem, Microsoft’s internal solution, actionable customer guidance, and trade-offs to help teams apply scalable controls across complex, multi-cloud environments.

AI Fix #71 — Hacked Robots, Power-Hungry AI and More

🤖 In episode 71 of The AI Fix, hosts Graham Cluley and Mark Stockley survey a wide-ranging mix of AI and robotics stories, from a giant robot spider that went 'backpacking' to DoorDash's delivery 'Minion' and a TikToker forcing an AI to converse with condiments. The episode highlights technical feats — GPT-5 winning the ICPC World Finals and Claude Sonnet 4.5 coding for 30 hours — alongside quirky projects like a 5-million-parameter transformer built in Minecraft. It also investigates a security flaw that left Unitree robot fleets exposed and discusses an alarming estimate that training a frontier model could require the power capacity of five nuclear plants by 2028.

Hidden Text Salting: CSS Abuse in Email Threats and Evasion

🧂 Cisco Talos documents growing abuse of CSS to insert visually hidden 'salt' into emails, a technique that undermines parsing and language-detection systems. Observed across preheaders, headers, attachments and bodies between March 1, 2024 and July 31, 2025, attackers use CSS properties (font-size, opacity, display, clipping) and zero-width characters to conceal irrelevant content. Talos recommends detection plus HTML sanitization and filters—examples include Cisco Secure Email Threat Defense—to strip or ignore invisible content before downstream analysis.

AWS Service Quotas Launches Automatic Quota Alerts

🔔 AWS has announced the general availability of AWS Service Quotas automatic quota management, a capability that monitors quota usage and notifies customers before they exhaust allocated limits. Customers can configure preferred notification channels such as email, SMS, or Slack via the Service Quotas console or API. Notifications are also surfaced in AWS Health, and related AWS CloudTrail events can be subscribed to for automation. This capability is available at no additional cost in all AWS commercial regions.

Amazon RDS for Db2 Adds Native Database-Level Backups

💾 Amazon RDS for Db2 now supports native database-level backups that let customers back up individual databases within a multi-database instance. This enables selective migration of specific databases to other RDS instances or on-premises environments, and lets teams create isolated copies for development, testing, or compliance. By targeting single databases rather than full instance snapshots, customers can reduce storage costs and streamline operations. The feature is available in all Regions where Amazon RDS for Db2 is offered; see the service documentation and pricing pages for configuration and cost details.

VPC Lattice Enables Configurable IPs for Resource Gateways

🔧 Amazon Web Services announced that Amazon VPC Lattice now lets you configure the number of IPv4 addresses assigned to resource gateway ENIs. The selected IPv4 count is immutable after creation and directly affects network address translation capacity and the maximum concurrent IPv4 connections to backend resources. By default VPC Lattice assigns 16 IPv4 addresses per ENI; for IPv6 it always assigns a /80 CIDR per ENI. This capability is available at no additional cost in all Regions where VPC Lattice is offered.

Amazon Redshift Serverless Lowers Base Capacity to 8 RPUs

⚙️ Amazon Redshift Serverless now offers a reduced minimum base capacity of 8 Redshift Processing Units (RPUs) in the AWS Asia Pacific (Seoul) and Canada (Central) regions. Each RPU provides 16 GB of memory and billing remains per-second for RPU-hours; the prior minimum was 32 RPUs. Capacity can be adjusted in 8-RPU increments, making Redshift Serverless more cost-effective and flexible for small production, test, and development workloads.

Responding to Cloud Incidents: Investigation and Recovery

🔍 Unit 42 outlines a structured approach to investigating and responding to cloud incidents, noting that 29% of 2024 incident investigations involved cloud or SaaS environments. The guidance emphasizes a shift from endpoint-centric forensics to focus on identities, misconfigurations and service interactions. It recommends enabling and centralizing logs, retaining them for at least 90 days, and preparing for rapid evidence collection and VM/container imaging. The article stresses identity forensics, behavioral baselining and surgical containment to avoid alerting adversaries.

AI-Powered Breach and Attack Simulation for Validation

🔍 AI-powered Breach and Attack Simulation (BAS) converts the flood of threat intelligence into safe, repeatable tests that validate defenses across real environments. The article argues that integrating AI with BAS lets teams operationalize new reports in hours instead of weeks, delivering on-demand validation, clearer risk prioritization, measurable ROI, and board-ready assurance. Picus Security positions this approach as a practical step-change for security validation.

CISA Issues Two New ICS Advisories for Delta, Rockwell

🛡️ CISA released two Industrial Control Systems advisories on October 7, 2025, addressing security issues in Delta Electronics DIAScreen and an updated advisory for Rockwell Automation 1756-EN4TR/1756-EN4TRXT. The notices provide technical details, vulnerability descriptions, and recommended mitigations to reduce exposure in operational environments. Administrators and users are urged to review the advisories and apply mitigations promptly to protect ICS assets.

150 AI Use Cases from Startups Leveraging Google Cloud

🤖 At the AI Builders Forum, Google Cloud highlighted 150 startups using its generative AI stack—Vertex AI, Gemini, GKE, and Cloud Storage—to build agentic systems, healthcare models, developer tools, and media pipelines. The post catalogs companies across sectors (healthcare, finance, retail, security, creative) and describes technical integrations such as fine-tuning with Gemini, inference on GKE, and scalable analytics with BigQuery. It encourages startups to join Google for Startups Cloud and references a new Startup Technical Guide: AI Agents for building and scaling agentic applications.

Five Best Practices for Effective AI Coding Assistants

🛠️ This article presents five practical best practices to get better results from AI coding assistants. Based on engineering sprints using Gemini CLI, Gemini Code Assist, and Jules, the recommendations cover choosing the right tool, training models with documentation and tests, creating detailed execution plans, prioritizing precise prompts, and preserving session context. Following these steps helps developers stay in control, improve code quality, and streamline complex migrations and feature work.

it-sa 2025: Nearly 1,000 Security Vendors at Nuremberg

🔒 it-sa 2025 opened in Nuremberg on October 7, with organizers reporting 990 exhibitors — a 15% increase over last year — and an expected attendance record to be announced at the close. At the opening press conference, BSI President Claudia Plattner said the agency will implement the Cyber Resilience Act in Germany and exercise market surveillance powers. Industry leaders highlighted strong market growth, rising cybercrime losses, and calls to increase corporate security budgets while supporting European security startups.

Cloud and Application Security: Awareness Best Practices

🔐 The 2025 State of Cloud Security Report from Fortinet and Cybersecurity Insiders highlights how accelerating cloud adoption and a widespread cybersecurity skills shortage are expanding organizational risk across SaaS, APIs, and hybrid environments. Many incidents result from human error — misconfigurations, exposed APIs, and overprivileged accounts — rather than sophisticated targeted attacks. The post recommends five practical measures, including embracing shared responsibility, enforcing MFA and least privilege, integrating security into CI/CD, automating configuration management, and monitoring SaaS and APIs, and stresses that tools must be paired with user awareness and cultural change.

Delta DIAScreen Multiple Out-of-Bounds Write Flaws

⚠️ Delta Electronics issued an advisory for DIAScreen addressing four out-of-bounds write vulnerabilities (CWE-787) that can be triggered when a valid user opens a maliciously crafted project file. The issues are tracked as CVE-2025-59297 through CVE-2025-59300 and have CVSS v3.1 base scores of 6.6 and CVSS v4 base scores of 6.8. Delta released v1.6.1 to remediate the flaws; administrators should apply the update and follow CISA guidance on social-engineering protections and ICS defensive best practices.

Phishers Exploit 1Password Watchtower to Steal Vaults

🔒 Malwarebytes has flagged a phishing campaign that impersonated 1Password’s Watchtower breach alerts, nearly tricking an employee into surrendering their vault credentials. The message used authentic branding, familiar phrasing and urgency cues, and embedded legitimate-seeming support links before redirecting victims via Mandrill to a typosquatted credential‑stealing page. By Oct. 2 multiple vendors had marked the site as phishing and Mandrill blocked the redirect, but earlier clicks may already have exposed entire vaults.

Microsoft Blocks More Ways to Bypass Windows 11 MSA

🔒 Microsoft is removing further methods that allow creating local accounts and bypassing the Microsoft account requirement during Windows 11 setup. The change appears in Windows 11 Insider Preview Build 26220.6772 (KB5065797) on the Dev Channel and is expected to reach production releases. Microsoft said it will remove known mechanisms in the OOBE experience because they can skip critical setup screens and leave a device not fully configured. Going forward, OOBE will require internet access and a Microsoft account to complete setup.

Why Successful Businesses Are Built on Cyber Protection

🔒 Company leaders must treat cyber risk as a strategic priority rather than a discretionary cost. The piece highlights a persistent budget-perception gap between CISOs and boards and notes SMBs often remain reactive, prioritizing firefighting over prevention. It cites high-profile breaches and the IBM Cost of a Data Breach to quantify losses and recommends technologies such as SIEM and SOAR, alongside governance measures like board oversight and appointed CISOs. Practical advice stresses framing security as business risk, using financial metrics, and reporting regularly to embed security-by-design.

AWS Marketplace Adds Japan Consumption Tax Support for CPPOs

🧾 Starting today, AWS Marketplace expands Japan consumption tax (JCT) support to Channel Partner Private Offers (CPPOs), improving tax handling for Japan ISVs and Channel Partners. AWS Japan will collect the 10% JCT on the first leg between ISVs and Channel Partners, issue a tax qualified invoice (TQI) to Channel Partners, and disburse the JCT to ISVs. AWS Japan will continue to collect the 10% JCT and issue a TQI on the second leg to buyers, unifying compliance for transactions via the AWS Japan Marketplace Operator.

Why CISO Tenures Are Shortening and What It Means?

🔁 CISO tenures now often last only 18–36 months, driven by burnout, startup pace, and escalating liability concerns. The role demands constant readiness for breaches, extensive cross‑functional communication, and navigation of company politics, which many find unsustainable long term. Larger enterprises typically retain CISOs longer thanks to scale and resources. As a result, some leaders pursue fractional roles, vendor careers, or advisory positions while organizations push for clearer standards and better board-level alignment.