AWS Bolsters Agentic AI; Oracle, Microsoft Tighten Security

Amazon Bedrock AgentCore GA: Secure Agent Platform

🔐 Amazon Bedrock AgentCore is now generally available, offering an agentic platform to build, deploy, and operate agents securely at scale without infrastructure management. It adds VPC support, extended eight-hour runtimes, session isolation, and initial Agent-to-Agent (A2A) protocol support. Identity, Gateway, and Observability features provide secure authorization, tool discovery, and CloudWatch/OTEL monitoring.

Amazon ElastiCache Adds Vector Search with Valkey 8.2

🚀 Amazon ElastiCache now offers vector search generally available with Valkey 8.2, enabling indexing, searching, and updating billions of high-dimensional embeddings from providers such as Amazon Bedrock, Amazon SageMaker, Anthropic, and OpenAI with microsecond latency and up to 99% recall. Key use cases include semantic caching for LLMs, multi-turn conversational agents, and RAG-enabled agentic systems to reduce latency and cost. Vector search runs on node-based clusters in all AWS Regions at no additional cost, and existing Valkey or Redis OSS clusters can be upgraded to Valkey 8.2 with no downtime.

Amazon CloudWatch Adds Generative AI Observability

🔍 Amazon CloudWatch is generally available with Generative AI Observability, providing end-to-end telemetry for AI applications and AgentCore-managed agents. It expands monitoring beyond model runtime to include Built-in Tools, Gateways, Memory, and Identity, surfacing latency, token usage, errors, and performance across components. The capability integrates with orchestration frameworks like LangChain, LangGraph, and Strands Agents, and works with existing CloudWatch features and pricing for underlying telemetry.

Aisuru IoT Botnet Cripples Major US ISPs at 29.6 Tbps

⚠️ Aisuru, an IoT botnet derived from Mirai, generated a nearly 29.6 Tbps DDoS surge on Oct. 8, 2025, briefly disrupting major US ISPs and online gaming platforms. Logs show most attack traffic originated from compromised home routers, IP cameras and DVRs on networks operated by AT&T, Comcast, Verizon, T‑Mobile and Charter. TCPShield reported over 15 Tbps of junk traffic, and researchers warn Aisuru now operates as both a DDoS engine and a residential proxy network.

AWS launches EC2 High Memory U7i-12TB in Mumbai region

🚀 Amazon EC2 High Memory U7i-12tb instances with 12TiB of DDR5 memory are now available in the Asia Pacific (Mumbai) region as of Oct 13, 2025. The u7i-12tb.224xlarge is powered by custom fourth‑generation Intel Xeon Scalable (Sapphire Rapids) processors, offers 896 vCPUs, and supports up to 100Gbps for both EBS and network throughput plus ENA Express. These instances are targeted at mission‑critical in‑memory databases such as SAP HANA, Oracle, and SQL Server, enabling higher transaction throughput, faster data loading, and shorter backup windows for large-scale deployments.

Google Introduces LLM-Evalkit for Prompt Engineering

🧭 LLM-Evalkit is an open-source, lightweight application from Google that centralizes and streamlines prompt engineering using Vertex AI SDKs. It provides a no-code interface for creating, versioning, testing, and benchmarking prompts while tracking objective performance metrics. The tool promotes a dataset-driven evaluation workflow—define the task, assemble representative test cases, and score outputs against clear metrics—to replace ad-hoc iteration and subjective comparisons. Documentation and a guided console tutorial are available to help teams adopt the framework and reproduce experiments.

Microsoft restricts IE mode in Edge after zero-day attacks

🔒 Microsoft is restricting access to Internet Explorer mode in Edge after discovering attackers leveraged an unpatched zero-day in the Chakra JavaScript engine combined with social engineering to achieve remote code execution and privilege escalation. The company removed quick UI triggers (toolbar button, context menu, hamburger items) so IE mode now requires explicit configuration under Settings > Default Browser. Commercial, policy-managed deployments remain unaffected.

SimonMed: 1.2M Patients Affected in January Breach

🔒 SimonMed Imaging is notifying more than 1.2 million individuals that attackers accessed its network between January 21 and February 5, 2025. The company says hackers stole data and the Medusa ransomware group claimed a 212 GB exfiltration and published proof files including ID scans, medical reports, payment details and raw scans. SimonMed reset passwords, implemented multifactor authentication, deployed EDR, removed vendor access, restricted traffic, notified law enforcement and is offering affected people free Experian identity monitoring.

Weekly Recap: WhatsApp Worm, Oracle 0-Day and Ransomware

⚡This weekly recap covers high-impact incidents and emerging trends shaping enterprise risk. Significant exploitation of an Oracle E-Business Suite zero-day (CVE-2025-61882) and linked payloads reportedly affected dozens of organizations, while a GoAnywhere MFT flaw (CVE-2025-10035) enabled multi-stage intrusions by Storm-1175. Other highlights include a WhatsApp worm, npm-based phishing chains, an emerging ransomware cartel, AI abuse, and a prioritized list of critical CVEs.

Researchers Warn RondoDox Botnet Expands Exploitation

🔍 Trend Micro warns that RondoDox botnet campaigns have significantly expanded their targeting, exploiting more than 50 vulnerabilities across over 30 vendors to compromise routers, DVR/NVR systems, CCTV devices, web servers and other networked infrastructure. First observed by Trend Micro on June 15, 2025 via exploitation of CVE-2023-1389, and first documented by Fortinet FortiGuard Labs in July 2025, the threat now leverages a loader-as-a-service model that co-packages RondoDox with Mirai/Morte payloads, accelerating automated, multivector intrusions. The campaign includes 56 tracked flaws—18 without CVEs—spanning major vendors and underscores urgent detection and remediation needs.

Microsoft Restricts Edge IE Mode After Active Exploits

🔒 Microsoft has tightened access to Internet Explorer mode in Edge after credible reports in August 2025 that unknown actors abused the legacy compatibility feature to compromise devices. Attackers used social engineering to coerce users into reloading pages in IE mode and then chained unpatched Chakra JavaScript engine exploits to gain remote code execution and elevate privileges. Microsoft removed the IE mode toolbar button, context-menu and hamburger-menu entries; IE mode must now be enabled explicitly via Edge settings and sites must be added to an IE mode pages list.

Millions of Qantas Customers' Data Published Online

🔐 Around three months after an early-July cyberattack, hackers have published online data reportedly belonging to up to 5.7 million Qantas customers. The airline says the information was stolen via a third-party provider's platform and included names, emails, phone numbers, dates of birth and frequent flyer numbers, but not credit card, financial or passport data. Qantas obtained an Australian court injunction prohibiting use of the information; the data appeared on both the dark web and publicly accessible sites.

New zero-day in Gladinet re-enables patched RCE flaw

⚠️ Huntress has observed criminals exploiting a new zero-day (CVE-2025-11371) in Gladinet CentreStack and Triofox file-sharing servers that enables unauthenticated local file inclusion. The flaw can expose the application's Web.config machineKey, effectively re-enabling a prior ViewState deserialization RCE (CVE-2025-30406). Gladinet has not yet released a patch; Huntress advises disabling the UploadDownloadProxy temp handler as a mitigation. Huntress detected misuse across multiple customers and notes that SOC telemetry flagged irregular base64 payloads; administrators should assume 'fully patched' may not equal secure and isolate or disable vulnerable handlers until a vendor patch is available.

Oracle issues emergency patch for E-Business Suite

🔒 Oracle released an emergency update to address CVE-2025-61884, an information disclosure flaw in the E-Business Suite Runtime UI that affects versions 12.2.3 through 12.2.14. The vulnerability is remotely exploitable without authentication and has been assigned a CVSS base score of 7.5, meaning a successful exploit could expose sensitive resources. Oracle strongly urges customers to apply the out-of-band patch or recommended mitigations immediately, particularly for internet-facing instances.

Botnet Uses 100,000 IPs in Massive RDP Attack Wave

🛡️ GreyNoise researchers uncovered a massive RDP attack wave using more than 100,000 IP addresses across over 100 countries, which analysts link to a single large botnet targeting U.S. Remote Desktop infrastructure. The attackers used two enumeration techniques — an RD Web Access timing attack to infer valid usernames and an RDP Web Client login enumeration to guess credentials — enabling efficient compromise while reducing obvious alerts. GreyNoise published a dynamic blocklist template, microsoft-rdp-botnet-oct-25, and recommends that organizations review logs for unusual RDP access patterns and automatically block associated IPs at the network edge.

Harvard Probes Data Breach Linked to Oracle Zero-Day

🔒 Harvard University is investigating a data breach after the Clop ransomware gang listed the school on its data leak site and attributed the incident to a recently disclosed Oracle E-Business Suite zero-day (CVE-2025-61882). A Harvard IT spokesperson said the issue affected a limited number of parties within a small administrative unit and that a patch from Oracle was applied upon receipt. The university reports no evidence of broader compromise while it continues monitoring.

AWS Service Changes: Maintenance, Sunset, and End of Support

📢 AWS is updating the availability status of a range of services and features across three lifecycle categories: moving to Maintenance, entering Sunset, and reaching End of Support. Services moving to maintenance will stop accepting new customers on Nov 7, 2025, while current customers can continue using them as they evaluate alternatives. Several services, including Amazon FinSpace, AWS IoT Greengrass v1, and AWS Proton, are entering sunset with documented timelines (typically ~12 months). AWS Mainframe Modernization App Testing has reached end of support as of Oct 7, 2025. AWS provides migration guides and support resources to help customers transition.

Rust-Based ChaosBot Backdoor Uses Discord for C2 Operations

🔒 eSentire disclosed a Rust-based backdoor named ChaosBot that leverages Discord channels for command-and-control, allowing operators to perform reconnaissance and execute arbitrary commands on compromised systems. The intrusion, first observed in late September 2025 at a financial services customer, began after attackers used compromised Cisco VPN credentials and an over-privileged Active Directory service account via WMI. Distribution included phishing LNK files that launch PowerShell and display a decoy PDF, while the payload sideloads a malicious DLL through Microsoft Edge to deploy an FRP reverse proxy. ChaosBot supports commands to run shells, capture screenshots, and transfer files, and newer variants employ ETW patching and VM detection to evade analysis.

Google transitions to cryptographic media sanitization

🔐 Google will transition in November 2025 from overwrite-based media sanitization to cryptographic erasure, using default encryption to render data unrecoverable by securely deleting encryption keys rather than overwriting drives. Recognized in NIST SP 800-88, this method is faster and better suited to modern storage technologies. Google says it will apply a layered, defense-in-depth model with independent verification, key rotations, and protections for device secrets to maintain strong safeguards.

Apple Doubles Top Bug Bounty to $2M, Bonuses Possible

🔐 Apple has increased the top award in its Apple Security Bounty program to $2m for exploit chains that emulate sophisticated mercenary spyware. Bonuses for Lockdown Mode bypasses and vulnerabilities found in beta software can more than double that payout, potentially exceeding $5m. Apple also raised many category rewards — including $100,000 for a Gatekeeper bypass and $1m for broad unauthorized iCloud access — and introduced a Target Flags initiative to speed and standardize exploitability demonstrations.

Massive Multi-Country Botnet Targets US RDP Services

🔍 Researchers at GreyNoise have identified a large-scale, multi-country botnet that began targeting Remote Desktop Protocol (RDP) services in the United States on October 8. The campaign uses over 100,000 IP addresses and employs two RDP-specific techniques: RD Web Access timing attacks to infer valid usernames and RDP Web Client login enumeration to observe differing server behaviors. Nearly all sources share a common TCP fingerprint, indicating coordinated clusters. Administrators should block attacking IPs, review RDP logs, and avoid exposing remote desktop services to the public internet—use VPNs and enable multi-factor authentication.

SonicWall SSLVPN Accounts Breached With Stolen Credentials

🛡️ Researchers report that threat actors have compromised more than a hundred SonicWall SSLVPN accounts in a large-scale campaign that began on October 4 and persisted through at least October 10. The attackers appear to be using valid, stolen credentials rather than brute-force methods, and many malicious requests originated from IP 202.155.8[.]73. After authenticating, actors conducted reconnaissance and attempted lateral movement to access numerous local Windows accounts; investigators recommend immediate secret rotation, strict access restrictions, and multi-factor authentication for all admin and remote accounts.

Microsoft Investigates Microsoft 365 Access Outage

⚠️ Microsoft is investigating an ongoing incident that is preventing some customers from accessing Microsoft 365 applications. The issue has been tagged as an incident in the admin center while Redmond reviews telemetry and recent service changes to identify the root cause. Microsoft first acknowledged the problem at 05:06 AM UTC and said it continued analysis nearly four hours later to develop a fix. Impact appears limited to users served by the affected infrastructure.

Attackers Exploit ScreenConnect Features for Network Access

🔒 DarkAtlas researchers warn that APT groups are leveraging legitimate RMM platforms to gain initial access, increasingly favoring ScreenConnect as it evades basic detection. Attackers abuse features like unattended access, VPN, REST API and file transfer, deploy in-memory installers that leave little disk artefacts, and register persistent services such as ScreenConnect.WindowsClient.exe. Defenders should monitor invite links, config files, in-memory activity and specific event IDs for effective DFIR.

Spain Arrests Leader of GXC Team Phishing Operation

🚨 Spanish authorities have arrested a 25-year-old Brazilian national accused of leading the GXC Team, a Crime-as-a-Service operation that sold phishing kits, Android malware and AI-based tools to cybercriminals. The Guardia Civil detained the suspect known as "GoogleXcoder" after a year-long investigation and six coordinated raids across Spain. Investigators seized devices containing source code, client communications and cryptocurrency records, and identified six suspected accomplices. The probe, supported by Group-IB and Brazil's Federal Police, remains ongoing as authorities disable the group's online infrastructure.

FBI and French Police Seize BreachForums Domain Again

🛡️ US and French authorities say they have seized at least one clearweb domain used by the cybercrime forum BreachForums, which has been acting as a leak site linked to recent Salesforce breaches. Screenshots of the site display logos for the FBI, DOJ, BL2C and JUNALCO, although the forum's .onion instance appears still accessible. Reports suggest breachforums[.]hn was disrupted while threat actors such as ShinyHunters claim backups and backend servers were compromised or destroyed. Experts warn the seizure may yield valuable historical data for investigations, but will not immediately stop ongoing extortion of victims.

Astaroth Banking Trojan Uses GitHub to Stay Operational

🔒 Cybersecurity researchers warn of a recent campaign delivering the Astaroth banking trojan that leverages GitHub repositories to host hidden configurations and regain functionality after C2 takedowns. The attack, concentrated in Brazil and across Latin America, begins with a DocuSign-themed phishing message that drops an LNK file which executes obfuscated JavaScript, retrieves an AutoIt loader and ultimately injects a Delphi-based DLL. Astaroth monitors browser activity for banking and cryptocurrency sites, exfiltrates credentials via Ngrok, and employs steganography, anti-analysis checks, and persistent LNK-based startup execution to maintain stealth and resilience.

Stealit Infostealer Campaign Deploys via Fake VPN Apps

🛡️ FortiGuard Labs has identified a campaign distributing the Stealit infostealer via disguised game and VPN installers shared on file‑hosting sites and platforms like Discord. Attackers use Node.js Single Executable Apps (SEA) and PyInstaller bundles, heavy obfuscation and multiple anti‑analysis techniques to avoid detection. Once executed, Stealit harvests data from browsers, game clients, messaging apps and cryptocurrency wallets, and its operators rotate C2 domains while marketing the toolkit commercially.

Agile, Fungible Data Centers for the AI Era: Standards

🚀 Google outlines designs for agile, fungible data centers to meet explosive AI demand, advocating modular, interoperable architectures and late-binding of facility resources. It highlights Project Deschutes liquid cooling, +/-400Vdc power proposals with Mt. Diablo side-car designs, and open efforts like Caliptra 2.0 and OCP L.O.C.K.. The post calls for community standards across power, cooling, telemetry, networking, and security to improve resilience, sustainability, and operational flexibility.

Amazon RDS Adds Latest CU and GDR Updates for SQL Server

🛡️Amazon Relational Database Service (Amazon RDS) now supports the latest General Distribution Release (GDR) and Cumulative Update packages for Microsoft SQL Server, including SQL Server 2016 SP3+GDR (KB5065226), 2017 CU31+GDR (KB5065225), 2019 CU32+GDR (KB5065222) and 2022 CU21 (KB5065865). These updates address multiple security vulnerabilities tracked as CVE-2025-47997, CVE-2025-55227 and CVE-2024-21907. AWS recommends that customers upgrade their RDS SQL Server instances using the Amazon RDS Management Console, AWS SDKs or the AWS CLI and follow the RDS SQL Server upgrade guidance.

Getting Started with Chaos Engineering on Google Cloud

⚙️ This post introduces the fundamentals of chaos engineering and explains why deliberately injecting controlled failures helps teams build more resilient cloud-native systems. It covers core principles — such as defining a steady-state hypothesis, limiting blast radius, replicating realistic failure modes, and automating experiments — and translates them into practical steps for experiment design, fault injection, probing, and rollback. The article recommends using Chaos Toolkit and points to Google Cloud–specific recipes to help engineers begin safely and iteratively.

Varonis Interceptor: Multimodal AI Email Defense Platform

🛡️ Varonis introduces Interceptor, an AI-native email security solution that combines multimodal AI—visual, linguistic, and behavioral models—to detect advanced phishing, BEC, and social engineering. It augments or replaces API-based filters with a phishing sandbox that pre-analyzes newly registered domains and URLs and a lightweight browser extension for multichannel protection. Integrated with the Varonis Data Security Platform, Interceptor aims to reduce false positives, accelerate detection of zero-hour threats, and stop breaches earlier in the attack chain.

SageMaker AI Projects Adds Custom ML Templates from S3

🛠️ Amazon Web Services announced that SageMaker AI Projects can now provision custom ML project templates stored in Amazon S3. Administrators can define and manage standardized end-to-end project templates in SageMaker AI Studio so data scientists can create projects that follow organizational patterns and automated workflows. The feature is available in all AWS Regions where SageMaker AI Projects is offered.

AWS Config Adds Support for Three New Resource Types

📣 AWS Config now supports three additional resource types—AWS::ApiGatewayV2::Integration, AWS::CloudTrail::EventDataStore, and AWS::Config::StoredQuery—providing broader visibility across AWS environments. If you have recording enabled for all resource types, AWS Config will automatically begin tracking these new types. They are available for use in Config rules and Config aggregators in all Regions where the resources exist. This expansion enhances your ability to discover, assess, audit, and remediate a wider range of resources.

AWS Resource Explorer Enables Immediate Regional Discovery

🔍 AWS Resource Explorer now provides immediate access to resource search within each AWS Region without requiring prior activation. To start searching you need, at minimum, permissions granted by the AWS Resource Explorer Read Only Access or AWS Read Only Access managed policies, and you can discover resources via the Resource Explorer console, Unified Search, or AWS CLI/SDKs. To index the full inventory, including historical backfill and automatic updates, complete Resource Explorer setup so it can create a service-linked role. You can also enable cross-Region search with a single console click or the new CreateResourceExplorerSetup API, and the feature is available at no additional cost in supported Regions.

Unmonitored JavaScript: The Holiday Shopping Risk 2025

⚠️ The article warns that unmonitored JavaScript on e-commerce sites is the single biggest holiday security risk, enabling attackers to steal payment data while server-side defenses like WAFs and intrusion detection systems remain blind. It reviews major 2024 incidents, including the Polyfill.io and Cisco Magecart campaigns, and highlights a dramatic uptick in attacks during peak shopping windows. Recommended mitigations emphasize closing visibility gaps with real-time client-side monitoring, maintaining strict third-party script inventories, and deploying Content Security Policy (initially in report-only mode) using nonces rather than weakening directives.

AI and the Future of American Politics: 2026 Outlook

🔍 The essay examines how AI is reshaping U.S. politics heading into the 2026 midterms, with campaign professionals, organizers, and ordinary citizens adopting automated tools to write messaging, target voters, run deliberative platforms, and mobilize supporters. Campaign vendors from Quiller to BattlegroundAI are streamlining fundraising, ad creation, and research, while civic groups and unions experiment with AI for outreach and internal organizing. Absent meaningful regulation, these capabilities scale rapidly and raise risks ranging from decontextualized persuasion and registration interference to state surveillance and selective suppression of political speech.

AI-aided malvertising: Chatbot prompt-injection scams

🔍 Cybercriminals have abused X's AI assistant Grok to amplify phishing links hidden in paid video posts, a tactic researchers have dubbed 'Grokking.' Attackers embed malicious URLs in video metadata and then prompt the bot to identify the video's source, causing it to repost the link from a trusted account. The technique bypasses ad platform link restrictions and can reach massive audiences, boosting SEO and domain reputation. Treat outputs from public AI tools as untrusted and verify links before clicking.

Strengthening Access Controls to Prevent Ransomware

🔐 Ransomware intrusions increasingly begin with compromised identities: recent analyses attribute roughly three quarters of incidents to stolen or misused credentials. Defenses must shift from infrastructure-centric controls to identity-first models like Zero Trust, combining RBAC, MFA and context-aware authentication. Adaptive, risk-based access and passwordless methods reduce friction while improving detection and auditability. Regulatory regimes such as NIS2 and DORA further mandate auditable access controls.

Building a Lasting Security Culture at Microsoft Initiative

🔐 Microsoft frames security culture as a company-wide movement driven by people and operationalized through the Secure Future Initiative (SFI). The company overhauled employee education—launching the Microsoft Security Academy, refreshing the Security Foundations series, and requiring three annual sessions (90 minutes total)—to address AI-enabled attacks, deepfakes, and identity threats. Leadership mandates, linked compensation, measurable training outcomes (99% completion; rising satisfaction and relevancy scores), new identity and AI guides, Deputy CISOs in engineering, and embedded DevSecOps are highlighted as evidence of measurable cultural change.

Developers Leading AI Transformation Across Enterprise

💡 Developers are accelerating AI adoption across industries by using copilots and agentic workflows to compress the software lifecycle from idea to operation. Microsoft positions tools like GitHub, Visual Studio, and Azure AI Foundry to connect models and agents to enterprise systems, enabling continuous modernization, migration, and telemetry-driven product loops. The shift moves developers from manual toil to intent-driven design, with agents handling upgrades, tests, and routine maintenance while humans retain judgment and product vision.

AI Governance: Building a Responsible Foundation Today

🔒 AI governance is a business-critical priority that lets organizations harness AI benefits while managing regulatory, data, and reputational risk. Establishing cross-functional accountability and adopting recognized frameworks such as ISO 42001:2023, the NIST AI RMF, and the EU AI Act creates practical guardrails. Leaders must invest in AI literacy and human-in-the-loop oversight. Governance should be adaptive and continuously improved.

Dull but Dangerous: 15 Overlooked Cybersecurity Gaps

🔒 This article catalogs 15 frequently overlooked security blind spots that quietly increase organizational risk across six domains: time & telemetry, identity & edge, configuration & crypto, DNS & web trust, cloud & SaaS sprawl, and software supply chain & recovery readiness. It explains how mundane issues — NTP drift, orphaned DNS records, default IoT credentials, stale backups — become high-impact failures. The piece recommends immediate inventories, enforced baselines and a 90-day action plan to measure and close these gaps, and highlights metrics to track such as log coverage, patching cadence and backup restore success.

Buyer’s Guide — Data Protection Platforms for Hybrid Clouds

🔒 This buyer’s guide explains why organizations need comprehensive data protection platforms for hybrid cloud environments and which capabilities to prioritize. It highlights core requirements such as data discovery and classification, layered protections (encryption, DLP, immutability), continuous monitoring, and automated recovery to address ransomware, misconfigurations, outages and compliance. The guide also surveys market trends and leading vendors to help IT teams evaluate DPaaS, cloud-native and on-premises options.

AI Ethical Risks, Governance Boards, and AGI Perspectives

🔍 Paul Dongha, NatWest's head of responsible AI and former data and AI ethics lead at Lloyds, highlights the ethical red flags CISOs and boards must monitor when deploying AI. He calls out threats to human agency, technical robustness, data privacy, transparency, bias and the need for clear accountability. Dongha recommends mandatory ethics boards with diverse senior representation and a chief responsible AI officer to oversee end-to-end risk management. He also urges integrating audit and regulatory engagement into governance.

Windows 11 Media Creation Tool Fails on Windows 10

⚠️ Microsoft says the Windows 11 Media Creation Tool (MCT) version 26100.6584 released on September 29, 2025, may close unexpectedly on Windows 10 22H2 devices without showing an error. The company is working on a fix and recommends downloading a Disk Image (ISO) for x64 systems as a temporary workaround. Microsoft also notes the MCT is not supported on Windows 10 ARM64 machines, following earlier ARM64 compatibility problems after the Windows 11 25H2 rollout.

CIO100 and CSO30 ASEAN 2025 Team Awards Finalists Announced

🏆 CIO and CSO ASEAN have named the finalists for the CIO100 ASEAN and CSO30 ASEAN 2025 Team Awards, recognising leading technology and cybersecurity teams across Southeast Asia. Selected by a panel of CIO and CSO executive editors, finalists span six categories including CIO Innovation, CIO Customer Value and CSO Public-Private Partnership. The in-person Gala Night will take place in Singapore on 12 November 2025 to celebrate winners and foster networking among industry leaders.

Amazon QuickSight Adds Expanded Font Customization

🔤 Amazon QuickSight now extends font customization to data labels and axes across supported charts, complementing existing controls for titles, subtitles, legends, and table headers. Authors can set font family, pixel size, color, and styling such as bold, italics, and underline for analyses, dashboards, reports, and embedded scenarios. The update improves branding alignment and readability on large displays and is available in all supported regions.

How to Scrub and Minimize Your Digital Footprint Effectively

🔍 Regularly search for yourself—names, emails and usernames—to uncover forgotten accounts, impersonators, and exposed data. Delete obsolete accounts, revoke third‑party access, clear browser and device traces, and use unique passwords stored in a reliable manager. Use tools like Just Delete Me and breach monitors such as Have I Been Pwned, invoke your right to be forgotten where applicable, and request archive removals. Tighten app permissions, unsubscribe from old lists, and consider privacy‑focused services or stronger 'paranoid' measures if needed.

Rewiring Democracy: New Book on AI's Political Impact

📘 My latest book, Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship, will be published in just over a week. Two sample chapters (12 and 34 of 43) are available to read now, and copies can be ordered widely; signed editions are offered from my site. I’m asking readers and colleagues to help the book make a splash by leaving reviews, creating social posts, making a TikTok video, or sharing it on community platforms such as SlashDot.