Cloud Identity Updates, AI Ops Tools, and Active Exploits

Amazon Cognito: Managed vs. Custom Login UI Options

🔒 This post contrasts Amazon Cognito's two primary UI approaches—managed login and a fully custom UI—and outlines feature, security, and operational trade-offs to guide architects and developers. Managed login (offered as a modern branding editor or the Hosted UI classic) offloads hosting, scaling, and maintenance while providing OAuth2 flows, federation with social and OIDC/SAML providers, passwordless options, and CloudTrail action logging. A custom UI gives full control over UX, session management, localization, and supports custom authentication flows via Lambda triggers, but requires development, hosting, and operational responsibility under the AWS Shared Responsibility Model.

Bybit Heist Drives Record $2bn North Korean Crypto Haul

💰 North Korea-linked hackers have stolen more than $2 billion in cryptocurrency so far in 2025, according to blockchain analysis firm Elliptic. The total is the highest annual haul on record and is driven largely by a February $1.46bn theft from exchange Bybit. Elliptic attributes over 30 separate hacks this year and warns attackers are increasingly using social engineering and sophisticated laundering to hide proceeds.

Microsoft 365 Outage Disrupts Teams, Exchange, and MFA

⚠️ Microsoft is addressing an ongoing outage that is preventing users from accessing Microsoft 365 services, including Teams, Exchange Online, and the Microsoft 365 admin center. The incident is being tracked on the Service Health Dashboard and Microsoft is publishing updates on its Service Health Status page. The outage is also affecting Microsoft Entra single sign-on and Multi-Factor Authentication, with some users unable to receive MFA prompts or authenticate.

Salesforce launches AI security and compliance agents

🔒 Salesforce introduced two AI agents on its Agentforce platform that monitor security activity and streamline compliance workflows for the Security Center and Privacy Center. The security agent analyzes event logs to detect anomalous behavior, accelerates investigations by assembling context and remediation plans, and can autonomously freeze or isolate suspicious accounts when authorized. The privacy agent maps metadata and policies against frameworks like GDPR and CCPA, surfaces exposures, and can reclassify or apply erasure policies to reduce compliance risk.

AWS launches general-purpose Amazon EC2 M8a instances

🚀 AWS announced general availability of the new Amazon EC2 M8a general-purpose instances powered by 5th Gen AMD EPYC processors (Turin), with a maximum frequency of 4.5 GHz and up to 30% higher performance over M7a. M8a instances deliver 45% more memory bandwidth and notable benchmark improvements—60% faster on GroovyJVM and up to 39% faster on Cassandra. They are SAP-certified, come in 12 sizes including two bare-metal options, and are available in US East (Ohio), US West (Oregon), and Europe (Spain). Customers can purchase M8a via On-Demand, Spot, and Savings Plans.

Amazon EC2 R8gd Instances Expand to Additional Regions

🚀 Amazon EC2 R8gd instances are now available in Europe (Ireland), Asia Pacific (Sydney, Malaysia), South America (São Paulo), and Canada (Central). Powered by AWS Graviton4, they deliver up to 30% better compute performance than Graviton3-based instances and include up to 11.4 TB of local NVMe SSD for low-latency storage. Instances offer up to 50 Gbps networking, EFA on larger sizes, and adjustable network/EBS bandwidth weighting to better optimize workloads.

Amazon Q Developer Gains Service Pricing and Estimates

🔍 Amazon Q Developer now offers integrated pricing and cost estimation, enabling developers and architects to query product attributes, regional availability, and service pricing in natural language. The assistant retrieves data from the AWS Price List APIs to provide workload cost estimates and side-by-side comparisons, so teams can evaluate cost/performance tradeoffs without manually consulting multiple pricing pages. Access the feature via the Amazon Q chat panel in the AWS Management Console.

AI-Powered Cloud Alert Investigation with FortiCNAPP

🔎 FortiCNAPP consolidates related cloud signals into composite alerts, reducing noise and prioritizing high-confidence incidents so SOC teams can focus on what matters. Its Observation Timeline sequences logins, API calls, commands, and network traffic into a single, evidence-backed storyline. An AI Alert Assistant supports natural-language queries and returns structured answers, visual relationships, and prioritized remediation steps to accelerate containment and help junior analysts act confidently.

AWS Launches General Purpose EC2 M8a Instances with AMD EPYC

🚀 AWS announced general availability of new Amazon EC2 M8a instances powered by 5th Gen AMD EPYC (Turin) processors with up to 4.5 GHz. M8a offers up to 30% higher performance, up to 19% better price-performance, and 45% more memory bandwidth vs M7a, with strong gains on JVM and Cassandra benchmarks. The family includes 12 sizes (two bare-metal), is SAP-certified, built on the AWS Nitro System, and is initially available in US East (Ohio), US West (Oregon) and Europe (Spain).

Amazon EC2 M8gd Instances Expand to Additional Regions

🚀 Amazon EC2 M8gd instances with up to 11.4 TB of local NVMe SSD storage are now available in Europe (London), Asia Pacific (Sydney, Malaysia), and Canada (Central). Powered by AWS Graviton4, they deliver up to 30% better compute performance than Graviton3-based instances, up to 40% higher I/O performance for databases, and up to 20% faster real-time analytics queries. Instances come in 12 sizes, offer up to 50 Gbps networking and 40 Gbps EBS bandwidth, support EFA on large sizes, and allow ±25% adjustment of network and EBS bandwidth via EC2 instance bandwidth weighting.

Salesforce Refuses Ransom After Massive Data Theft

🔒 Salesforce confirmed it will not engage with or pay extortion demands after a large-scale theft of customer data this year. Threat actors calling themselves Scattered Lapsus$ Hunters published a data-leak site to extort 39 companies, claiming nearly one billion records stolen. The breaches stemmed from two campaigns: late-2024 social engineering using malicious OAuth apps and an August 2025 campaign abusing stolen SalesLoft/Drift tokens to exfiltrate CRM and support-ticket data. The leak site appears to have been shut down and its domain redirected to nameservers previously associated with law enforcement seizures.

Critical auth bypass in Service Finder WordPress theme

🔒 A critical authentication bypass in the Service Finder WordPress theme (tracked as CVE-2025-5947) is being actively exploited to obtain administrator access. The flaw affects versions 6.0 and older and results from improper validation of the original_user_id cookie in the service_finder_switch_back() function. Aonetheme released a patch in version 6.1 on July 17; site operators should update immediately or discontinue use.

Crimson Collective Targets AWS Cloud Instances for Theft

🔒 Researchers report the 'Crimson Collective' has been targeting long-term AWS credentials and IAM accounts to steal data and extort companies. Using open-source tools like TruffleHog, the attackers locate exposed AWS keys, create new IAM users and access keys, then escalate privileges by attaching AdministratorAccess. They snapshot RDS and EBS volumes, export data to S3, and send extortion notices via AWS SES. Rapid7 urges organisations to audit keys, enforce least privilege, and scan for exposed secrets.

Chaos Ransomware Evolves: Faster, Smarter, More Destructive

⚠️ Chaos-C++ is a resurfaced C++ ransomware strain identified in 2025 that combines fast AES encryption, deliberate deletion of very large files, and a clipboard-hijacking capability to steal cryptocurrency payments. It employs a stealthy downloader that masquerades as a system optimizer, uses Windows CryptoAPI where available and a weaker XOR fallback otherwise, and appends a .chaos extension to affected files. Victims also see destructive post-infection commands that remove shadow copies and hinder recovery, and ForsGuard detections are available for protection.

LockBit, Qilin and DragonForce Form Ransomware Alliance

🔒 Three major ransomware groups — LockBit, Qilin, and DragonForce — have announced a strategic alliance aimed at sharing techniques, infrastructure, affiliates, and operational resources to amplify extortion campaigns worldwide. The announcement follows LockBit's resurgence and the unveiling of LockBit 5.0, which is advertised to target Windows, Linux, and ESXi systems. Security firms warn the partnership could rebuild affiliate trust, increase attacks on critical infrastructure and diversify threats across multiple industry sectors.

IUAM ClickFix Generator: Commoditizing Click-to-Run Phishing

🛡️ Unit 42 describes the IUAM ClickFix Generator, a phishing kit that automates creation of ClickFix-style pages which coerce victims into pasting and executing attacker-supplied commands. The kit creates OS-aware, highly customizable pages with clipboard injection, obfuscation, and mobile blocking to deliver infostealers and RATs such as DeerStealer and Odyssey. Unit 42 observed real campaigns, shared developer artifacts, and recommends user education and technical controls to block domains, IPs, and malware indicators.

Autonomous AI Hacking: How Agents Will Reshape Cybersecurity

⚠️ AI agents are increasingly automating cyberattacks, performing reconnaissance, exploitation, and data theft at machine speed and scale. In 2023 examples include XBOW's mass vulnerability reports, DARPA teams finding dozens of flaws in hours, and reports of adversaries using Claude and HexStrike-AI to orchestrate ransomware and persistent intrusions. This shift threatens accelerated attacks beyond traditional patch cycles while presenting new defensive opportunities such as AI-assisted vulnerability discovery, VulnOps, and even self-healing networks.

Qilin Ransomware Claims Data Theft from Asahi Brewery

🔒 The Qilin ransomware group has added Japanese brewer Asahi to its data leak site, claiming exfiltration of over 9,300 files totaling 27GB and publishing 29 images of internal financial documents, employee IDs, contracts, and reports. Asahi suspended operations at six facilities after a September 29 cyberattack and confirmed a ransomware-caused disruption with evidence of data theft. The company says production of its flagship Super Dry has resumed via a temporary manual ordering system, though full operations are not yet restored and new product launches are postponed.

London police arrest teenagers after nursery data doxing

🔒 Two 17-year-old suspects were arrested in Bishop's Stortford on suspicion of blackmail and computer misuse after an investigation into the doxing of children following a ransomware attack on a chain of London nurseries. The incident aligns with a September 25 breach affecting Kido nurseries, where a group known as Radiant Group claimed to have stolen sensitive data and photos of over 1,000 children. Attackers posted some images and addresses on a dark web leak site and later removed the files on October 2 after failing to extort the company and making threatening calls to parents. Nursery software provider Famly said its infrastructure was not breached, while UK authorities described the case as deeply distressing and said investigations continue.

Chinese-Linked Hackers Weaponize Nezha via Log Poisoning

🔒 Huntress reported that threat actors with suspected ties to China abused a vulnerable phpMyAdmin panel in August 2025 to perform log poisoning, recording a PHP web shell into a query log and naming the file with a .php extension. The actors used the web shell (accessed via ANTSWORD) to deploy the open-source Nezha agent and inventory over 100 hosts—primarily in Taiwan, Japan, South Korea and Hong Kong. The Nezha agent facilitated execution of an interactive PowerShell script that created Microsoft Defender exclusions and launched Gh0st RAT via a loader and dropper.

Threat actors repurpose open-source monitor as beacon

⚠️ Attackers linked to China turned a benign open-source network monitoring agent into a remote access beacon using log poisoning and a tiny web shell. Huntress says they installed the legitimate Nezha RMM via a poisoned phpMyAdmin log and then deployed Ghost RAT for deeper persistence. The intrusion affected more than 100 hosts across Taiwan, Japan, South Korea, and Hong Kong and was contained in August 2025.

Nezha Agent Linked to New Web Application Compromises

🔍 Huntress analysts uncovered a sophisticated campaign beginning in August 2025 that used log poisoning to plant a PHP web shell and then manage compromised servers via AntSword. The operators downloaded a file named 'live.exe' — identified as the open-source Nezha agent — which connected to a command server at c.mid[.]al and enabled remote tasking. Nezha was used to execute PowerShell commands to disable Windows Defender and to deploy 'x.exe', a Ghost RAT variant that persisted as 'SQLlite'. More than 100 systems, primarily in Taiwan, Japan, South Korea and Hong Kong, were observed communicating with the attackers' dashboard.

JLR Cyber-Attack Drives 25% Decline in Q2 Volume Sales

🔒 Jaguar Land Rover has reported a 25% drop in volume sales in the three months to 30 September after a cyber incident severely disrupted production and sales. Wholesales in Q2 FY2026 were 66,165 units, down 24.2% year-on-year, while retail sales fell 17.1%. The company began a controlled, phased restart of UK manufacturing from 8 October and launched a supplier financing scheme to ease cashflow during the restart.

Met Police Arrest Two Teens Over Nursery Ransomware

🔒 Two teenage boys were arrested in Bishop's Stortford on suspicion of computer misuse and blackmail following a ransomware attack on the Kido nursery group, the Metropolitan Police said. Referred to the Met by Action Fraud on 25 September, investigators allege attackers demanded £600,000 in Bitcoin after stealing names, addresses, contact details and photos of around 8,000 children via a Famly account. The group, which called itself "Radiant," reportedly contacted parents directly and posted some images on the dark web before blurring and later claiming deletion; the app provider says its infrastructure was not breached. The Met described the arrests as a significant step while inquiries continue alongside partner agencies.

OpenAI Disrupts Malware Abuse by Russian, DPRK, China

🛡️ OpenAI said it disrupted three clusters that misused ChatGPT to assist malware development, including Russian-language actors refining a RAT and credential stealer, North Korean operators tied to Xeno RAT campaigns, and Chinese-linked accounts targeting semiconductor firms. The company also blocked accounts used for scams, influence operations, and surveillance assistance and said actors worked around direct refusals by composing building-block code. OpenAI emphasized that models often declined explicit malicious prompts and that many outputs were not inherently harmful on their own.

GitHub Copilot Chat prompt injection exposed secrets

🔐 GitHub Copilot Chat was tricked into leaking secrets from private repositories through hidden comments in pull requests, researchers found. Legit Security researcher Omer Mayraz reported a combined CSP bypass and remote prompt injection that used image rendering to exfiltrate AWS keys. GitHub mitigated the issue in August by disabling image rendering in Copilot Chat, but the case underscores risks when AI assistants access external tools and repository content.

VirusTotal simplifies access with contributor tiers

🤝 VirusTotal announces simplified access and tiered pricing to keep the platform open and sustainable. The update preserves a robust, free VT Community tier for researchers and educators while introducing a dedicated Contributor Tier for engine partners that includes blindspot feeds, priority support, and early feature access. New paid tiers (VT Lite, VT Duet) target small teams and large organizations respectively, with pricing aligned to usage and contribution.

New FileFix Variant Uses Cache Smuggling to Evade Security

⚠️ A new FileFix variant uses cache smuggling to deliver a malicious ZIP via Chrome's disk cache while impersonating a Fortinet VPN Compliance Checker, tricking victims into pasting a crafted path into File Explorer. The embedded PowerShell command extracts a hidden ZIP from cached image files, writes a ComplianceChecker.zip and launches an executable, enabling execution without obvious downloads. Security firms report rapid abuse by ransomware and info-stealer operators and advise training users never to paste clipboard content into OS dialogs.

Security firm urges disconnecting Gemini from Workspace

⚠️FireTail warns that Google Gemini can be tricked by hidden ASCII control characters — a technique the firm calls ASCII Smuggling — allowing covert prompts to reach the model while remaining invisible in the UI. The researchers say the flaw is especially dangerous when Gemini is given automatic access to Gmail and Google Calendar, because hidden instructions can alter appointments or instruct the agent to harvest sensitive inbox data. FireTail recommends disabling automatic email and calendar processing, constraining LLM actions, and monitoring responses while integrations are reviewed.

Hackers Inject Redirecting JavaScript via WordPress Themes

🔒 Security researchers warn of an active campaign that modifies WordPress theme files (notably functions.php) to inject malicious JavaScript that redirects visitors to fraudulent verification and malware distribution pages. The injected loader uses obfuscated references to advertising services but posts to a controller domain that serves a remote script from porsasystem[.]com and an iframe mimicking Cloudflare assets. The activity has ties to the Kongtuke traffic distribution system and highlights the need to patch themes, enforce strong credentials, and scan for persistent backdoors.

Amazon EC2 C8gd Instances: Up to 11.4 TB NVMe in Regions

⚡ Amazon EC2 C8gd instances with up to 11.4 TB of local NVMe SSD are now available in Europe (Ireland) and Asia Pacific (Sydney, Malaysia). Powered by AWS Graviton4 processors, they deliver up to 30% better performance than Graviton3 and accelerate I/O-intensive database and real-time analytics workloads. Built on the AWS Nitro System, C8gd offers 12 sizes, up to 50 Gbps network and up to 40 Gbps EBS bandwidth, with configurable bandwidth weighting (+25%) and EFA on select large sizes.

Microsoft Enables Default Auto-Archiving in Exchange Online

📥 Microsoft is enabling threshold-based auto-archiving by default for Exchange Online, moving the oldest items to users' archive mailboxes when primary mailbox usage approaches 90%, provided an archive is provisioned and has available space. The Managed Folder Assistant will continuously monitor mailbox sizes and archive until usage drops below the threshold. Rollout begins this month for public clouds and is scheduled for government clouds in November; users can tag items with the Never Move to Archive flag to prevent them from being archived. The change complements recent Defender for Office 365 updates that detect email bombing attacks.

Configure and Verify ACM Certificates with Trust Stores

🔐 This post explains how to configure customer trust stores to accept public certificates issued through AWS Certificate Manager (ACM) and clarifies the role of Amazon Trust Services. It warns that ACM issues certificates via dynamically selected intermediates, so trusting only intermediates or pinning end-entity certificates can cause outages. The recommended action is to install five Amazon root CAs in your trust stores and to validate configuration across Windows, Amazon Linux, and Java environments.

Amazon EC2 I7ie Instances Now in AWS São Paulo Region

⚙️ AWS has made Amazon EC2 I7ie instances available in the South America (São Paulo) region. Designed for high-density, storage-optimized workloads, I7ie uses 5th Gen Intel Xeon processors and 3rd-generation AWS Nitro SSDs, offering up to 120 TB of local NVMe and up to twice the vCPUs and memory of the prior generation. AWS reports up to 40% better compute, up to 65% better storage performance, and lower I/O latency and variability versus I3en, with up to 100 Gbps network and 60 Gbps EBS throughput.

How Cloudflare Found and Fixed a Bug in Go's ARM64 Compiler

🔍 Cloudflare engineers describe discovering a rare race condition in the Go arm64 compiler that caused goroutine stack-unwinding crashes in production. They traced sporadic fatal panics and segfaults to async preemption interrupting a split stack-pointer adjustment, leaving an invalid stack frame. A minimal reproducer showed the assembler could split a large ADD into multiple instructions, creating a one-instruction window where preemption caused unwinder corruption. The issue was fixed upstream in go1.23.12, go1.24.6, and go1.25.0.

Rising Digital Fraud Costs Companies 7.7% of Revenue

📈 TransUnion's H2 2025 update warns that rising digital fraud is costing firms an average of 7.7% of annual revenue, amounting to an estimated $534bn in global losses. US businesses reported heavier impacts — 9.8% of revenue, or roughly $114bn — driven by a surge in account takeover and synthetic identity fraud. The report urges firms to move beyond reactive defenses and strengthen identity verification across digital touchpoints.

Amazon EC2 C7gd Instances Now in Europe (Zurich) Region

🚀 Amazon EC2 C7gd instances are now available in the Europe (Zurich) Region, offering up to 3.8 TB of local NVMe SSD block storage and DDR5 memory on the AWS Nitro System. These Graviton3-based instances deliver up to 45% improved real-time NVMe storage performance versus comparable Graviton2 instances and use up to 60% less energy for equivalent performance. They suit workloads needing high-speed, low-latency temporary storage such as scratch space, caches, and temp files, and AWS provides migration tools like the Graviton Fast Start program and Porting Advisor.

Fraudulent Emails Imitating Airlines and Airports Sector

🛫 Kaspersky researchers uncovered a widespread email fraud campaign impersonating major airlines and airports to solicit advance refundable deposits. Attackers use convincing business-style messages, registration forms and NDAs rather than malware, then request several-thousand-dollar payments to secure partnership consideration. Recipients are urged to verify sender domains against official corporate contacts and treat any deposit request as a major red flag. Organizations should deploy strong email-gateway defenses and provide targeted security awareness training for finance, sales and procurement teams.

Flock License-Plate Surveillance Raises Legal Concerns

🔍 A U.S. District Court complaint alleges that Norfolk, Virginia’s 176 Flock Safety automated license-plate readers tracked plaintiffs repeatedly as they drove — one retired veteran was logged 526 times and another resident 849 times between mid-February and early July. The September lawsuit contends that this pervasive, warrantless tracking raises serious Fourth Amendment and privacy issues. The ACLU and a 2024 ruling by Judge Jamilah LeCruise, which excluded warrantless plate-reader data in a robbery prosecution, underscore growing legal scrutiny.

Amazon Location Service Updates Vietnam Boundaries

🗺️ Amazon Location Service updated Vietnam mapping data to reflect the nationwide administrative reorganization that took effect on July 1, 2025. The refresh consolidates provincial-level units from 63 to 34 (28 provinces and 6 centrally managed cities) and reduces commune-level units from 10,310 to 3,321 while preserving street-level address accuracy. Place names and administrative components in POI records were updated, and the revised data is automatically available to customers querying Vietnam addresses. The update supports logistics, e-commerce, and public-service use cases such as delivery zone planning, service-area management, and address validation.

Defend the Target, Not Just the Door: Google Workspace

🛡️ Modern cloud work lives across email, files, chat, and a mesh of integrations, and attackers increasingly exploit trusted OAuth grants rather than compromising accounts directly. In early August the actor behind recent Salesforce intrusions used stolen Drift email tokens to access a small set of Google Workspace mailboxes; Google revoked the tokens and disabled the integration on August 9. Material Security advocates shifting from perimeter-only defenses to content-centric controls such as message-level MFA, OAuth governance, and automated containment to make stolen tokens far less damaging.

Severe Figma MCP Command Injection Enables RCE Remotely

🔒 Cybersecurity researchers disclosed a now-patched command injection vulnerability in the figma-developer-mcp Model Context Protocol server that could allow remote code execution. Tracked as CVE-2025-53967 (CVSS 7.5), the flaw stems from unsanitized user input interpolated into shell commands when a fetch fallback uses child_process.exec to run curl. Imperva reported the issue and maintainers released a fix in figma-developer-mcp v0.6.3; users should update immediately.

Smashing Security: Mouse Eavesdropping and Ransomware

🖱️ A recent episode of the Smashing Security podcast examines how commonplace devices and online behaviour can create unexpected security risks. Hosts discuss academic work that turns a standard computer mouse into an acoustic eavesdropping sensor, showing how a malicious webpage could exploit peripheral hardware. They also consider a ransomware crew’s reputation problems, and round out the episode with lighter items such as a quirky baked potato hack and a literary detour to Paraguay.

Optical Mice Can Be Used to Eavesdrop on Conversations

🖱️ Researchers at the University of California, Irvine demonstrated a proof-of-concept called Mic-E-Mouse, showing that high-end optical mice can pick up desk-transmitted voice vibrations and be used to reconstruct nearby conversations. The attack can be executed on PC, Mac and Linux by non-privileged user-space programs, and Wiener and neural-network filtering was used to enhance muffled signals into intelligible speech. Practical limits include a quiet environment, thin desks (≈3 cm or less), mostly stationary mice and very high-DPI hardware; placing a rubber pad or mouse mat under the mouse prevents the leakage.

Cybersecurity Nightmares: Password Graveyard Webinar

🔒 Join The Hacker News and Specops Software for a Halloween webinar, "Cybersecurity Nightmares: Tales from the Password Graveyard," that examines how weak passwords lead to costly breaches and operational strain. The live session reviews real breach stories, explains why traditional complexity rules fail, and offers a live demo showing how Specops blocks breached passwords in real time and builds compliant, user-friendly policies. Attendees will get a straightforward three-step plan to cut helpdesk resets, meet compliance, and stop credential-based attacks.

Measuring Cybersecurity: KPIs, KRIs and Effective Metrics

🔍 This article explains how organizations can measure cybersecurity effectively by aligning technical metrics with executive concerns. It outlines five iterative steps — define requirements, select key indicators, identify metrics, collect and analyze data, and report indicators — to create an actionable measurement cycle. Emphasis is placed on using high-level KPIs and KRIs, automating collection, and reviewing indicators with stakeholders to ensure relevance and drive decisions.

How to Respond After Clicking a Suspicious Link Safely

⚠ If you clicked a suspicious link, stay calm and act promptly. For work devices, contact IT immediately and follow their instructions. For personal devices, close the browser and check for unexpected downloads; if you entered credentials, change passwords and enable MFA; if financial data was entered, contact your bank; if a file was downloaded, disconnect, run a full scan, and consider restoring from a clean backup. Monitor accounts and report phishing attempts.

Check Point and HackShield Empower Young Cyber Agents

🛡️ Check Point has partnered with HackShield, an award-winning cyber education platform, to deliver gamified cybersecurity learning to children aged 8–12. The collaboration will expand access to age-appropriate resources and help cultivate resilient Cyber Agents in schools, families, and communities. The initiative aligns with Check Point’s mission to build lasting cybersecurity foundations and promote safe online habits among the next generation.

Cybersecurity Awareness Month 2025: Move Beyond Passwords

🔐 October's Cybersecurity Awareness Month reminds users that passwords alone no longer provide reliable protection. Adopt MFA wherever possible—prefer authenticator apps or hardware security keys over SMS—and consider emerging passwordless options such as passkeys. Organizations should enforce strong authentication to protect systems, customers and reputation. Watch ESET's video with Tony Anscombe for practical guidance.