AI Infrastructure Security, HTTPS-by-Default, and Builder Automation

GitHub Agent HQ: Native, Open Ecosystem & Controls

🚀 GitHub introduced Agent HQ, a native platform that centralizes AI agents within the GitHub workflow. The initiative will bring partner coding agents from OpenAI, Anthropic, Google, Cognition, and xAI into Copilot subscriptions and VS Code. A unified "mission control" offers a consistent command center across GitHub, VS Code, mobile, and the CLI. Enterprise-grade controls, code quality tooling, and a Copilot metrics dashboard provide governance and visibility for teams.

Check Point's AI Cloud Protect with NVIDIA BlueField

🔒 Check Point has made AI Cloud Protect powered by NVIDIA BlueField available for enterprise deployment, offering DPU-accelerated security for cloud AI workloads. The solution aims to inspect and protect GenAI traffic and prompts to reduce data exposure risks while integrating with existing cloud environments. It targets prompt manipulation and infrastructure attacks at scale and is positioned for organizations building AI factories.

A4X Max, GKE Networking, and Vertex AI Training Now Shipping

🚀 Google Cloud is expanding its NVIDIA collaboration with the new A4X Max instances powered by NVIDIA GB300 NVL72, delivering 72 GPUs with high‑bandwidth NVLink and shared memory for demanding multimodal reasoning. GKE now supports DRANET for topology‑aware RDMA scheduling and integrates NVIDIA NeMo Guardrails into GKE Inference Gateway, while Vertex AI Model Garden will host NVIDIA Nemotron models. Vertex AI Training adds NeMo and NeMo‑RL recipes and a managed Slurm environment to accelerate large‑scale training and deployment.

Cortex AgentiX: Agentic AI Platform for Autonomous SOC

🤖 Palo Alto Networks introduces Cortex AgentiX, an agentic AI platform designed to build, deploy and govern autonomous security and IT agents. The vendor says AgentiX extends the Cortex foundation and leverages 1.2 billion playbook executions to deliver end-to-end agentic workflows and drive up to a 98% reduction in Mean Time to Respond with 75% less manual work. It ships with prebuilt agents for threat intelligence, email, endpoint, network, cloud and IT, and highlights full transparency, role-based controls and human-in-the-loop approvals. AgentiX is embedded in Cortex XSIAM and Cortex Cloud today; a standalone platform and Cortex XDR integration are slated for early 2026.

Cloudflare Workers: Automatic tracing now in open beta

🔍 Cloudflare announces an Open Beta for Workers tracing that provides automatic, out-of-the-box instrumentation with no code changes. Traces are visible in the Workers Observability dashboard alongside logs, and spans include timing, attributes, and error context. You can export OTLP-formatted traces and correlated logs to third-party providers like Honeycomb or Grafana. Enable tracing via wrangler.jsonc or the Cloudflare dashboard and join the beta to provide feedback.

Securing the AI Factory: Palo Alto Networks and NVIDIA

🔒 Palo Alto Networks outlines a platform-centric approach to protect the enterprise AI Factory, announcing integration of Prisma AIRS with NVIDIA BlueField DPUs. The collaboration embeds distributed zero-trust security directly into infrastructure, delivering agentless, penalty-free runtime protection and real-time workload threat detection. Validated on NVIDIA RTX PRO Server and optimized for BlueField‑3, with BlueField‑4 forthcoming, the solution ties into Strata Cloud Manager and Cortex for end-to-end visibility and control, aiming to secure AI operations at scale without compromising performance.

GitHub Agent HQ: Native AI Agents and Governance Launch

🤖 Agent HQ integrates AI agents directly into the GitHub workflow, making third-party coding assistants available through paid Copilot subscriptions. It introduces a cross-surface mission control to assign, steer, and track agents from GitHub, VS Code, mobile, and the CLI. VS Code additions include Plan Mode, AGENTS.md for custom agent rules, and an MCP Registry to discover partner servers. Enterprise features add governance, audit logging, branch CI controls, and a Copilot metrics dashboard.

Prisma AIRS 2.0: Unified Platform for Secure AI Agents

🔒 Prisma AIRS 2.0 is a unified AI security platform that delivers end-to-end visibility, risk assessment and automated defenses across agents, models and development pipelines. It consolidates Protect AI capabilities to provide posture and runtime protections for AI agents, model scanning and API-first controls for MLOps. The platform also offers continuous, autonomous red teaming and a managed MCP Server to embed threat detection into workflows.

Microsoft and NVIDIA Deepen AI Infrastructure Partnership

🚀 Microsoft and NVIDIA announced expanded AI infrastructure on Azure, bringing NVIDIA RTX PRO 6000 Blackwell Server Edition to Azure Local, new Nemotron and Cosmos models via Azure AI Foundry, and broader support for Run:ai and GB300 NVL72 supercomputing clusters. These updates enable on-premises and edge AI with cloud-like management, improved GPU utilization, and infrastructure tailored for frontier reasoning, multimodal workloads, and real-time inferencing. Microsoft also highlighted NVIDIA Dynamo optimizations for ND GB200-v6 VMs to boost inference throughput at scale.

Chrome to Enable Always Use Secure Connections by Default

🔒 Google will enable Always Use Secure Connections by default in Chrome 154 (October 2026), prompting users before the first access to any public site that lacks HTTPS. The browser will attempt HTTPS for every connection and show a bypassable warning when HTTPS is unavailable, while suppressing repeated warnings for frequently visited sites. A public-sites-only variant excludes private/local names to reduce noise and will roll out earlier to Enhanced Safe Browsing users. Administrators can disable the setting and Google provides migration guidance.

Enabling a Safe Agentic Web with reCAPTCHA Controls

🔐 Google Cloud outlines a pragmatic framework to secure the emerging agentic web while preserving smooth user experiences. The post details how reCAPTCHA and Google Cloud combine agent and user identity, continuous behavior analysis, and AI-resistant mitigations such as mobile-device attestations. It highlights enabling safe agentic commerce via protocols like AP2 and tighter integration with cloud AI services.

Google Cloud launches managed DRANET for GKE with A4X Max

🚀 Google Cloud is previewing managed DRANET on GKE, enabling Kubernetes to treat high-performance RDMA network interfaces as schedulable resources. The integration aligns NICs and GPUs by NUMA topology to reduce latency and increase throughput, while abstracting away operational complexity. It launches with the new A4X Max instances to deliver topology-aware networking for large multi-GPU AI workloads. Developers can request specific network interfaces in pod specs and rely on GKE to co-schedule NICs and accelerators, improving utilization and simplifying operations.

Microsoft Copilot adds App Builder and Workflows agents

🤖 Microsoft introduced two new Microsoft 365 Copilot agents, App Builder and Workflows, to help employees create apps and automate tasks using their Microsoft 365 data. Users can describe requirements in natural language and Copilot will generate interactive elements or automated flows across Outlook, Teams, SharePoint, Planner and other services. Outputs are integrated with the Copilot experience and protected by enterprise-grade security and role-based access controls. App Builder will be added to the Agent Store this week, while Workflows is already available to customers enrolled in the Frontier program.

GitHub Agent HQ: Native, Governed AI Agents in Flow

🤖 GitHub announced Agent HQ, a unified platform that makes coding agents native to the GitHub workflow. Over the coming months, partner agents from OpenAI, Anthropic, Google, Cognition, and xAI will become available as part of paid Copilot subscriptions. The release introduces a cross‑surface mission control, VS Code planning and customizable AGENTS.md files, and an enterprise control plane with governance, metrics, and code‑quality tooling to manage agent-driven work.

AI-Powered, Quantum-Ready Network Security Platform

🔒 Palo Alto Networks presents a unified, AI-driven approach to network security that consolidates browser, AI, and quantum defenses into the Strata Network Security Platform. New offerings include Prisma Browser, a SASE-native secure browser that blocks evasive attacks and brings LLM-augmented data classification to the endpoint, and Prisma AIRS 2.0, a full-lifecycle AI security platform. The company also outlines a pragmatic path to quantum-readiness and centralizes control with Strata Cloud Manager to simplify operations across hybrid environments.

Amazon DocumentDB Planner V2.0 Improves Query Performance

🚀 Amazon DocumentDB (with MongoDB compatibility) introduces PlannerVersion 2.0 for DocumentDB 5.0, delivering advanced query optimization and up to 10x performance improvements for indexed find and update operations. The new planner improves cost estimation, selects more optimal index plans, and adds index-scan support for negation operators such as $neq and $nin, as well as nested $elementMatch. Enabling PlannerVersion 2.0 requires a simple parameter change in your cluster parameter group and does not require a restart or incur downtime; you can revert to the legacy planner if needed.

Agent Factory Recap: AI Agents for Data Engineering

🔍 The episode of The Agent Factory reviewed practical AI agents for data engineering and data science, highlighting demos that combine Gemini, BigQuery, Colab Enterprise, and Spanner-based graph queries. It showcased a BigQuery Data Engineering Agent that generates pipelines, time dimensions, and data-quality assertions from SQL, and a Data Science Agent that runs end-to-end anomaly detection in Colab. The post also covered CodeMender for autonomous code security fixes and a creative Spanner+ADK comic demo illustrating multi-region concepts.

Google Public Sector Expands Investments in Partners

🚀 At Partner Connect during the Google Public Sector Summit, Google announced expanded investments to deepen collaboration and accelerate AI adoption across the public sector partner ecosystem. Highlights include increased Rapid Innovation Team funding, doubled capacity for Partner Development Sprints, and boosted Deal Acceleration Funds to shorten sales cycles. Google also launched three new Public Sector Partner Expertise badges for Google Distributed Cloud, Infrastructure Modernization, and Gemini for Government, a standardized Services Subcontractor Program, and an expanded ISV ATO Accelerator offering up to $250,000 in GCP credits plus $500,000 in services reimbursements to speed FedRAMP/Impact Level readiness. Partner Demo Portal improvements, enhanced analytics, new labs, and bootcamps round out efforts to simplify co-selling and accelerate partner time-to-market.

Amazon EC2 I7ie Instances Now in AWS GovCloud (US-West)

🚀 Amazon Web Services has made Amazon EC2 I7ie instances available in the AWS GovCloud (US-West) Region. I7ie instances, powered by 5th Gen Intel Xeon processors and 3rd-generation AWS Nitro SSDs, are designed for large storage I/O–intensive workloads and offer up to 120 TB of local NVMe, higher vCPU and memory densities, and up to 100 Gbps network bandwidth. AWS cites up to 40% better compute performance and 20% better price performance versus I3en, along with substantial improvements in storage throughput, latency, and latency variability for low-latency, high-random I/O use cases.

Amazon Nova Multimodal Embeddings — Unified Cross-Modal

🚀 Amazon announces general availability of Amazon Nova Multimodal Embeddings, a unified embedding model designed for agentic RAG and semantic search across text, documents, images, video, and audio. The model handles inputs up to 8K tokens and video/audio segments up to 30 seconds, with segmentation for larger files and selectable embedding dimensions. Both synchronous and asynchronous APIs are supported to balance latency and throughput, and Nova is available in Amazon Bedrock in US East (N. Virginia).

Integrating Oracle with Google Cloud for AI Automation

🔁 This Google Cloud post explains how enterprises can integrate Oracle Database with cloud-native analytics and AI by moving transactional data into BigQuery. It recommends ingestion patterns such as low-latency Change Data Capture via Datastream, batch staging to Cloud Storage, and notes ODBC/JDBC for interactive queries but not continuous replication. Once data resides in BigQuery, organizations can leverage Gemini-powered features, BigQuery ML, and AI agents (via the Agent Developer Kit) for natural-language exploration, assisted coding, multimodal analysis, and automated workflows across retail and education use cases.

AWS Offers EC2 I7i Storage-Optimized Instances in GovCloud

🚀 Amazon Web Services has made EC2 I7i storage-optimized instances available in the AWS GovCloud (US-East, US-West) Regions. These instances use 5th-generation Intel Xeon Scalable processors and 3rd-generation AWS Nitro SSDs to deliver up to 23% better compute performance and more than 10% better price performance versus prior I4i instances, along with up to 45 TB of NVMe local storage. I7i is offered in eleven sizes (nine virtual up to 48xlarge and two bare metal) with up to 100 Gbps network and 60 Gbps EBS bandwidth, and supports torn write prevention up to 16KB to reduce database bottlenecks for I/O-intensive, latency-sensitive workloads.

Merkle Tree Certificates pilot by Cloudflare and Chrome

🔐 Cloudflare is collaborating with Chrome to experimentally deploy Merkle Tree Certificates (MTCs) to reduce the number of public keys and large post-quantum signatures transmitted during TLS handshakes. MTCs batch certificates into a Merkle tree with a single signed treehead and per-certificate inclusion proofs, dramatically shrinking handshake size and CPU work. The experiment will roll out to a subset of Cloudflare free customers while Chrome distributes validation landmarks and fallbacks to preserve existing trust.

Researchers Expose GhostCall and GhostHire Campaigns

🔍 Kaspersky details two tied campaigns, GhostCall and GhostHire, that target Web3 and blockchain professionals worldwide and emphasize macOS-focused infection chains and social-engineering lures. The attacks deploy a range of payloads — DownTroy, CosmicDoor, RooTroy and others — to harvest secrets, escalate access, and persist. Guidance stresses user vigilance, strict dependency vetting, and centralized secrets management. Kaspersky links the activity to the BlueNoroff/Lazarus cluster and notes the actor has increasingly used generative AI to craft imagery and accelerate malware development.

TEE.Fail: DDR5 physical interposition exposes CPU TEE keys

🔓 A team of researchers from Georgia Tech, Purdue University and security firm Synkhronix disclosed TEE.Fail, a side‑channel that inspects DDR5 memory traffic to extract secrets from processor TEEs. Using an inexpensive interposition device built from off‑the‑shelf parts for under $1,000, the technique can recover attestation and signing keys from Intel SGX/TDX and AMD SEV‑SNP with Ciphertext Hiding, and can be used to undermine GPU confidential computing. Vendors assert that physical bus attacks remain out of scope.

Qilin Ransomware Uses WSL to Run Linux Encryptors in Windows

🔐 Qilin ransomware operators have been observed using the Windows Subsystem for Linux (WSL) to execute Linux ELF encryptors on compromised Windows hosts, allowing them to bypass many Windows-focused EDR solutions. Trend Micro and Cisco Talos report attackers enable or install WSL, transfer payloads with WinSCP, and launch the ELF encryptor via Splashtop (SRManager.exe). Affiliates also deploy signed vulnerable drivers and DLL sideloading to disable security tools and escalate privileges, while the encryptor targets VMware ESXi environments.

Actively Exploited WSUS RCE Prompts Urgent Patching

⚠️ Microsoft has released an out-of-band patch for a critical WSUS vulnerability (CVE-2025-59287) that enables unauthenticated remote code execution by sending malicious encrypted cookies to the GetCookie() endpoint. Security vendors Huntress and HawkTrace reported active exploitation of publicly exposed WSUS instances on TCP ports 8530 and 8531. Administrators should prioritize applying the update immediately; if that is not possible, isolate WSUS servers, restrict access to management hosts and Microsoft Update servers, and block inbound traffic to ports 8530/8531 until systems are remediated.

Chrome zero-day exploited in targeted Operation ForumTroll

🔒 A critical Chrome zero-day (CVE-2025-2783) has been actively exploited in a targeted espionage operation Kaspersky calls "Operation ForumTroll," attributed to the threat actor Mem3nt0 mori. Attackers used highly personalized phishing invites and one-click, short-lived links to deliver a sandbox-escape exploit that enabled code execution in Chrome's browser process. Google moved quickly with fixes in Chrome 134.0.6998.177/.178, while related issues were later patched in Firefox as CVE-2025-2857.

Chrome zero-day exploited to deliver LeetAgent spyware

⚠️ Kaspersky reports a patched Google Chrome zero-day (CVE-2025-2783) was exploited to deploy a newly documented spyware called LeetAgent linked to Italian firm Memento Labs. The operation used personalized, short‑lived phishing links to a Primakov Readings lure that triggered a sandbox escape in Chromium browsers and dropped a loader to launch the implant. Targets included media, universities, research centers, government and financial organizations in Russia and Belarus.

Schneider Electric EcoStruxure OPC UA Server DoS Advisory

🔒 CISA and Schneider Electric describe a vulnerability (CVE-2024-10085) in EcoStruxure that allows remote actors to exhaust server resources and cause denial of service by sending a large number of OPC UA requests to the server. Affected products include EcoStruxure OPC UA Server Expert versions prior to SV2.01 SP3 and EcoStruxure Modicon Communication Server (all versions). The issue has a CVSS v4 base score of 8.2 and is noted as remotely exploitable with low attack complexity. Schneider has released SV2.01 SP3 to address the OPC UA Server Expert and plans remediation for Modicon; interim mitigations and hardening guidance are provided.

CISA Adds Two Dassault DELMIA Apriso Vulnerabilities

🔒 CISA added two vulnerabilities to its Known Exploited Vulnerabilities Catalog affecting Dassault Systèmes DELMIA Apriso. The issues—CVE-2025-6204 (code injection) and CVE-2025-6205 (missing authorization)—have evidence of active exploitation and pose significant risk. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV-listed CVEs by the required due dates. CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management.

Vertikal Systems Hospital Manager Backend Services

⚠️ CISA disclosed critical vulnerabilities in Vertikal Systems Hospital Manager Backend Services that were fixed as of September 19, 2025. One flaw exposed the unauthenticated ASP.NET tracing endpoint (/trace.axd), allowing disclosure of request traces, headers, session identifiers, and internal paths. A second flaw returned verbose ASP.NET error pages for invalid WebResource.axd requests, revealing framework versions, stack traces, and server paths. CVE-2025-54459 and CVE-2025-61959 were assigned; organizations should apply vendor updates and follow network isolation best practices.

Copilot Mermaid Diagrams Could Exfiltrate Enterprise Emails

🔐 Microsoft has patched an indirect prompt injection vulnerability in Microsoft 365 Copilot that could have been exploited to exfiltrate recent enterprise emails via clickable Mermaid diagrams. Researcher Adam Logue demonstrated a multi-stage attack using Office documents containing hidden white-text instructions that caused Copilot to invoke an internal search-enterprise_emails tool. The assistant encoded retrieved emails into hex, embedded them in Mermaid output styled as a login button, and added an attacker-controlled hyperlink. Microsoft mitigated the risk by disabling interactive hyperlinks in Mermaid diagrams within Copilot chats.

Atlas Browser Flaw Lets Attackers Poison ChatGPT Memory

⚠️ Researchers at LayerX Security disclosed a vulnerability in OpenAI’s Atlas browser that allows attackers to inject hidden instructions into a user’s ChatGPT memory via a CSRF-style flow. An attacker lures a logged-in user to a malicious page, leverages existing authentication, and taints the account-level memory so subsequent prompts can trigger malicious behavior. LayerX reported the issue to OpenAI and advised enterprises to restrict Atlas use and monitor AI-driven anomalies. Detection relies on behavioral indicators rather than traditional malware artifacts.

CISA Warns of Two Actively Exploited DELMIA Flaws Now

⚠️ CISA has confirmed active exploitation of two vulnerabilities in Dassault Systèmes' DELMIA Apriso: CVE-2025-6205 (critical missing authorization) and CVE-2025-6204 (high-severity code injection). Both flaws were patched by the vendor in early August 2025 and affect Releases 2020 through 2025. Federal agencies must remediate within three weeks under BOD 22-01, and CISA urges all organizations to prioritize vendor mitigations or discontinue use if no fixes exist.

TEE.Fail breaks confidential computing on DDR5 CPUs

🔓 Academic researchers disclosed TEE.Fail, a DDR5 memory-bus interposition side-channel that can extract secrets from Trusted Execution Environments such as Intel SGX, Intel TDX, and AMD SEV-SNP. By inserting an inexpensive interposer between a DDR5 DIMM and the motherboard and recording command/address and data bursts, attackers can map deterministic AES-XTS ciphertexts to plaintext values and recover signing and cryptographic keys. The method requires physical access and kernel privileges but can be implemented for under $1,000; Intel, AMD and NVIDIA were notified and are developing mitigations.

Dentsu Confirms Data Breach at U.S. Subsidiary Merkle

🔒 Dentsu disclosed a cybersecurity incident at its U.S. subsidiary Merkle, saying attackers accessed and stole files containing client, supplier, and employee information. The company detected abnormal activity, proactively took certain systems offline, and initiated incident response procedures while engaging third‑party responders. A circulated memo indicated exposed payroll and bank details, salary and National Insurance numbers, and personal contact details; impacted individuals are being notified and authorities in affected countries have been informed. Dentsu said Japan-based systems were not impacted and that the full scope and financial impact remain under investigation; no ransomware group has claimed responsibility so far.

Herodotus Android Trojan Mimics Humans to Evade Fraud

⚠️ Herodotus, a new Android banking trojan, has been observed conducting device takeover (DTO) attacks in Italy and Brazil and was advertised as a malware‑as‑a‑service supporting Android 9–16. According to ThreatFabric, it abuses accessibility services and overlay screens to steal credentials and SMS 2FA, intercept the screen, and install remote APKs. Uniquely, operators added randomized typing delays (300–3000 ms) to mimic human input and evade behaviour‑based anti‑fraud detections.

BlueNoroff (Lazarus) GhostCall and GhostHire Campaigns

🛡️ A Kaspersky GReAT analysis describes two BlueNoroff campaigns—GhostCall and GhostHire—linked to the Lazarus threat actor and focused on the cryptocurrency sector. GhostCall targets executives, often on macOS, using investor-themed social engineering and fake meeting portals that prompt malicious updates and downloads. GhostHire lures blockchain developers with job offers and Telegram bots that point to GitHub test tasks or archived files with tight deadlines; performing the tasks leads to infection. The campaigns share a common management infrastructure and multiple infection chains; technical details and indicators of compromise are published on Securelist.

Volvo Third-Party Breach Highlights Forensic Readiness Gaps

🔒 In August 2025 Volvo Group North America disclosed a breach that originated in its third‑party HR provider, Miljödata, and a slow timeline of detection and notification has raised questions about forensic readiness. Reported exposed records included Social Security numbers and sensitive employee identifiers, and Volvo offered 18 months of identity‑protection services. The author provides five practical recommendations to preserve evidentiary integrity: embed forensics from day zero, align IR and forensic priorities, automate collection and triage, contractually manage vendor response, and coordinate legal messaging to reduce litigation and regulatory risk.

Criminal Gangs Deploy Toll and Postal Texts to Steal Cards

💳 Criminal gangs operating from China send deceptive texts about overdue tolls, postal fees, and municipal fines to trick victims into divulging credit-card details. Investigators say the groups exploit an installation trick that provisions stolen card numbers into Google and Apple Wallet accounts in Asia, then share those virtual cards with buyers in the United States. The Department of Homeland Security estimates the scheme has generated over $1 billion in the last three years, enabling purchases of phones, gift cards, apparel and cosmetics by fraud rings that coordinate messaging, remote provisioning, and cross-border purchasing.

Recruitment red flags: spotting faux job applicants

🔍 Organizations are facing a growing threat from applicants who pose as legitimate job seekers but are in fact operatives tied to overseas actor networks. Recent cases — including a July 2024 incident at KnowBe4 and longer running campaigns tracked as WageMole and DeceptiveDevelopment — show perpetrators use stolen identities, deepfakes and remote infrastructure to gain employment. The article outlines practical detection cues for recruitment teams and containment steps to limit insider risk.

SideWinder Adopts ClickOnce and PDF Lures in 2025 Campaign

🛡️ Trellix researchers report that the threat actor SideWinder has evolved its tradecraft in 2025 by adopting a PDF + ClickOnce infection chain alongside previously used Word exploit vectors. Four spear‑phishing waves from March through September targeted a European embassy in New Delhi and organizations in Sri Lanka, Pakistan and Bangladesh, using tailored lures and a signed MagTek executable that side‑loads a malicious DLL. The DLL decrypts and runs a .NET loader (ModuleInstaller) which fetches StealerBot, a .NET implant capable of reverse shells, delivering additional payloads, and collecting screenshots, keystrokes, credentials and files.

Windows 11 KB5067036 Preview Adds Administrator Protection

🔒 Microsoft has released the KB5067036 preview cumulative update for Windows 11 24H2 and 25H2, introducing the new Administrator Protection feature alongside a refreshed Start menu. Administrator Protection requires users to verify identity with Windows Hello before permitting actions that require administrative privileges; it is off by default and can be enabled via OMA-URI in Microsoft Intune or Group Policy. The preview also delivers File Explorer and UI enhancements plus a range of bug fixes across authentication, graphics, accessibility and Windows Update reliability. Microsoft reports no known issues with this update.

Chrome to warn before opening insecure HTTP sites in 2026

🔒 Google will enable Always Use Secure Connections by default in Chrome 154 (October 2026), prompting users before the first access to any public site that uses HTTP. This change promotes the existing opt-in HTTPS-First Mode to a default setting to better protect users from man-in-the-middle attacks and content tampering. Chrome will avoid repeated alerts for frequently visited insecure sites and offers options to restrict warnings to public sites or to include private intranets. Before the full rollout, Chrome 147 (April 2026) will enable the setting for over 1 billion users with Enhanced Safe Browsing to help identify sites that need migration.

Herodotus Android malware mimics human typing behavior

🛡️ Herodotus is a newly observed Android malware family offered as a MaaS that deliberately mimics human input timing to evade behavior-based detection. Threat Fabric says operators likely linked to Brokewell are distributing a dropper via smishing targeting Italian and Brazilian users. The installer requests Accessibility access and uses deceptive overlays to hide permission flows while a built-in "humanizer" inserts randomized 0.3–3s delays between keystrokes to imitate human typing. Users should avoid sideloading APKs, enable Play Protect, and promptly review or revoke Accessibility permissions for unfamiliar apps.

CISA Releases Three ICS Advisories on Schneider, Vertikal

🔔 CISA released three Industrial Control Systems (ICS) advisories addressing multiple vulnerabilities that may affect operational technology safety and availability. The advisories cover ICSA-25-301-01 Schneider Electric EcoStruxure, ICSMA-25-301-01 Vertikal Systems Hospital Manager Backend Services, and an update to ICSA-24-352-04 Schneider Electric Modicon (Update B). Administrators and asset owners should review the technical findings, assess exposure, and apply recommended mitigations promptly to reduce operational risk.

Major Milestone: Majority of Human Traffic Uses PQ TLS

🔒 Cloudflare reports that, as of late October 2025, the majority of human-initiated traffic through its network is protected with post‑quantum key agreement, reducing the risk of harvest‑now/decrypt‑later attacks. The post summarizes progress since the last update 21 months earlier: NIST standardization, broad adoption of ML‑KEM hybrids, Google's Willow milestone, and Craig Gidney's optimizations that materially moved Q‑day closer. It explains why migrating key agreement was urgent and relatively straightforward, why signature/certificate migration remains the harder challenge, and what organizations and regulators should prioritize now.

AWS EC2 Im4gn Instances Available Now in Milan Region

🚀 Amazon EC2 Im4gn instances are now available in Europe (Milan). Built on the AWS Nitro System and powered by Graviton2 processors, these instances provide up to 30 TB of 2nd Generation Nitro SSD local instance storage for I/O‑intensive workloads. They deliver high compute performance, up to 100 Gbps networking, and Elastic Fabric Adapter (EFA) support for demanding database, search, and analytics use cases. Get started via the AWS Management Console, CLI, or SDKs.

Amazon EC2 R8i and R8i-flex Available in London Region

🚀 Amazon EC2 R8i and R8i-flex instances are now available in Europe (London), powered by custom Intel Xeon 6 processors exclusive to AWS. AWS reports up to 15% better price-performance and 2.5x more memory bandwidth versus previous Intel-based generations, and up to 20% higher performance compared to R7i for many workloads. R8i-flex introduces memory-optimized Flex sizing (large through 16xlarge) for applications that do not fully utilize compute, while R8i offers 13 sizes including two bare-metal options and a new 96xlarge and is SAP-certified. Instances can be purchased via On-Demand, Savings Plans or Spot.

ACCC Sues Microsoft Over Copilot Subscription Practices

📝 The Australian Competition and Consumer Commission (ACCC) has sued Microsoft, alleging it misled 2.7 million Australian Microsoft 365 subscribers when integrating Copilot by obscuring the option to remain on existing plans at the same price. The ACCC says renewal communications presented the AI‑enabled tiers as the apparent way to keep service active while the choice to stay was only visible via the cancellation flow. The complaint alleges breaches of multiple Australian Consumer Law provisions and seeks civil penalties, injunctions, and consumer compensation. Microsoft says it is reviewing the ACCC's claim and will cooperate with the regulator.

Google for Startups: AI Cohort Boosts LATAM Cybersecurity

🔐 Google selected 11 startups for its inaugural Google for Startups Accelerator: AI for Cybersecurity in Latin America, a ten-week program that pairs founders with Google's technical resources, mentorship, and product support. The cohort — drawn from Brazil, Chile, Colombia, and Mexico — focuses on AI-driven solutions across threat detection, compliance automation, fraud prevention, and protections for AI agents. Participants will receive hands-on guidance to scale, validate, and deploy tools that reduce cyber risk across the region.

Atroposia RAT Adds Local Vulnerability Scanner, UAC Bypass

🛡️ Atroposia is a new malware-as-a-service platform offering a modular remote access trojan for a $200 monthly subscription, combining persistent access, stealthy remote desktop, data theft, and a built-in local vulnerability scanner. Researchers at Varonis say the RAT can bypass UAC, perform host-level DNS hijacks, capture credentials and clipboard data, and compress and exfiltrate targeted files with minimal traces. Its vulnerability-audit plugin identifies missing patches and outdated software so attackers can prioritize exploits, making it particularly dangerous in corporate environments. Users should download only from official sources, avoid pirated software and torrents, and refrain from executing unfamiliar commands found online.

Amazon Kinesis Data Streams: Record Size Raised to 10MiB

📣 Amazon Web Services has increased the maximum record size for Kinesis Data Streams from 1MiB to 10MiB and doubled the maximum PutRecords request size to 10MiB. You can update a stream's maximum record size to 10MiB via the AWS Management Console or the UpdateMaxRecordSize API using the AWS SDK or CLI, and continue using existing Kinesis APIs to publish and consume larger records. AWS Lambda now supports Kinesis payloads up to 6MiB; there are no additional charges beyond standard Kinesis fees. The feature is available in supported regions and AWS provides documentation describing region coverage and downstream handling guidance.

Investment Scams Mimicking Crypto and Forex Surge in Asia

🔍 Group-IB's research warns of a rapid rise in fake investment platforms across Asia that mimic cryptocurrency and forex exchanges to defraud victims. Organized, cross-border groups recruit via social media and messaging apps, deploying polished trading interfaces, automated chatbots and complex back-end systems to extract payments. The report maps two analytical models — Victim Manipulation Flow and Multi-Actor Fraud Network — and urges banks and regulators to monitor reused infrastructure and tighten KYC controls.

Sanctions Undermine Nation-State Cyber Ecosystems Globally

🔒 A new RUSI report published on 28 October finds cyber-related sanctions seldom fully disrupt state-backed attacks by themselves but can "toxify" networks, forcing intermediaries and collaborators to distance themselves from named actors. The study highlights the US as the most effective practitioner due to long-standing legal frameworks and coordinated use of diplomatic, legal and technical tools, while the EU and UK face operational and coordination limits. RUSI urges clearer strategic goals, cross-domain integration and targeted action against enablers like exchanges and service providers to boost impact.

Building Data Security from the Inside Out: Hybrid Focus

🛡️ Cybersecurity Awareness Month underscores that protecting organizational data requires attention to internal handling as well as external threats. Fortinet’s 2025 Insider Risk Report found 77% of organizations experienced insider-related data loss in the past 18 months, with nearly half of incidents tied to simple negligence. The report highlights mounting GenAI concerns and recommends a layered approach combining visibility, behavioral analytics, and real-time coaching to prevent accidental and malicious loss.

Quarter of Scam Victims Report Considering Self-Harm

⚠️ A new 2025 Consumer Impact Report from the Identity Theft Resource Center (ITRC) finds identity fraud is driving severe mental and financial harm, with one quarter of surveyed consumers saying they seriously considered self-harm after an incident. The figure rises to 68% among self-identified victims but falls to 14% for those who contacted the ITRC, underscoring the value of professional support. The study of 1,033 general consumers also highlights rising repeat victimisation, large monetary losses — including more than 20% losing over $100,000 and 10% losing at least $1m — social media account takeovers as the most common crime, and widespread concern that AI will be a major battleground for identity security.

Q3 2025 Internet Disruptions: Causes and Observations

🌐 In Q3 2025 Cloudflare observed a wide range of Internet disruptions affecting governments, carriers, and infrastructure worldwide. Incidents included government-directed shutdowns in Sudan, Syria, Iraq, Venezuela, and Afghanistan; submarine and terrestrial cable cuts; power outages; a major earthquake; a targeted cyberattack; and technical failures such as Great Firewall anomalies and Starlink outages. The post synthesizes observed traffic losses using Cloudflare Radar metrics.

Cybersecurity Becomes Top Challenge for Financial Sector

🔒 A recent PPI survey of 50 banks and 53 insurers in Germany reports a sixfold rise in cyberattacks compared with 2021. Sixty-four percent of respondents now view cyberattacks as the sector's top challenge, ahead of digitization, credit quality and regulation. Firms cite low employee awareness and difficulty with real-time detection; malware installation and IT disruption are the most frequent attack types.

Support for Dobrindt's Active Cyber Defense Plan in Germany

🛡️ Federal Interior Minister Alexander Dobrindt's proposal for active cyber defense has drawn cross-party, cautious approval as he prepares a legal amendment to counter attacks originating from servers abroad. A ministry spokesperson says the measures would allow intervening steps to stop or mitigate attacks by manipulating or disrupting the IT systems or data traffic used, and stressed this is not about hackback or broad retaliatory strikes. Greens signaled conditional support if the approach follows rule-of-law principles, CDU security figures praised a more proactive stance, and Dobrindt expects to present the amendment to cabinet next year.

AWS Resource Explorer Adds 47 New Resource Types in AWS

🔍 AWS has expanded Resource Explorer to support 47 additional resource types across services including Amazon Bedrock, AWS Shield, AWS Glue, VPC Lattice, WAFv2, SageMaker, and S3. With this update, customers can search for and discover these resources centrally, improving inventory accuracy and operational visibility. The change aims to streamline compliance, incident response, and cross-service troubleshooting by making more resource types queryable from a single interface.

AI-Driven Malicious SEO and the Fight for Web Trust

🛡️ The article explains how malicious SEO operations use keyword stuffing, purchased backlinks, cloaking and mass-produced content to bury legitimate sites in search results. It warns that generative AI now amplifies this threat by producing tens of thousands of spam articles, spinning up fake social accounts and enabling more sophisticated cloaking. Defenders must deploy AI-based detection, graph-level backlink analysis and network behavioral analytics to spot coordinated abuse. The piece emphasizes proactive, ecosystem-wide monitoring to protect trust and legitimate businesses online.

Giles AI on Google Cloud: Transforming Medical Research

🚀 Giles AI migrated its healthcare-focused platform to Google Cloud to reduce latency, improve scalability, and accelerate developer velocity. Using Google Kubernetes Engine, Cloud Run, and Compute Engine, the company orchestrates complex clinical data flows and routes prompts through Vertex AI and Model Garden to remain model-agnostic. Data storage and extraction are handled with Cloud SQL, Cloud Storage, and Document AI, while Cloud Armor and Security Command Center bolster security and compliance. Early customer results include dramatic reductions in research time and improvements in response accuracy.

How evolving regulations are redefining CISO responsibility

⚖️ CISOs are increasingly exposed to personal and even criminal liability as regulators such as the SEC, DOJ and international authorities press executives to disclose accurate cyber risk and incident information. Rising IoT/OT device vulnerabilities — with vulnerability-based breaches up 34% year over year and accounting for roughly 20% of breaches — are driving mandates like Executive Order 14028, NIS2 and the Cyber Resilience Act. Organizations are updating governance, improving asset inventories and adopting device intelligence tools like SomosID to correlate inventories, SBOM data and vulnerabilities, helping to support compliance and reduce executive exposure.

BiDi Swap: Bidirectional Text Trick Makes Fake URLs Look Real

🔍 Varonis Threat Labs highlights BiDi Swap, a technique that exploits Unicode bidirectional rendering to make malicious URLs appear legitimate. By mixing Right-to-Left and Left-to-Right scripts, attackers can visually move parameters, paths, or subdomains into the apparent host name to facilitate phishing and spoofing. Browser defenses vary — some highlight domains or flag lookalikes while others leave gaps — so the report urges user caution and vendor improvements.

A Framework for Measuring Internet Resilience Nationwide

🔍 This post introduces a reproducible, data-driven framework to quantify Internet resilience, motivated by the July 8, 2022 Rogers outage that affected millions. It defines resilience as the ability of a national or regional ecosystem to maintain diverse, secure routing and rapidly recover from failures. The framework combines public sources (RouteViews, RIPE RIS, traceroutes, IXPs, submarine cable maps) and focuses on measurable metrics such as RPKI, ROV, IXP distribution, submarine cable diversity, AS path diversity, and impact-weighted assessments.

Rethinking Service Provider Risk: A CISO Imperative

🔍 As organizations outsource more critical systems and security functions to managed service providers, the complexity and frequency of third-party incidents are rising — 47% of organizations reported a third-party breach in the 12 months to mid-2025. Security leaders must balance rigorous, standards-based assurance (for example ISO 27001 or SOC 2) with relationship-driven vetting that fosters transparency and shared responsibility. Experts from media company Advance, the University of Queensland and vendor advisors argue that questionnaires alone are insufficient: meaningful dialogue, selective disclosure (summaries of pen tests rather than full reports), contractual clarity, and AI-aware controls are all needed to assess and manage evolving risks.

Amazon ElastiCache Adds Dual-Stack IPv6 Service Endpoints

🌐 Amazon ElastiCache now provides dual-stack service endpoints, enabling management of resources over both IPv4 and IPv6. ElastiCache interface VPC endpoints powered by AWS PrivateLink also support dual-stack connectivity. The update, available in all AWS commercial, China, and GovCloud (US) Regions, helps simplify IPv6 migration and compliance without extra charges. This enables staged migrations and modernization while preserving existing IPv4 access.

Hardening Google Workspace: Practical Guidance for Teams

🔒 Small security teams can harden Google Workspace by enforcing MFA, restricting admin roles, and tightening sharing and OAuth app permissions. The article stresses stronger email defenses — advanced phishing controls, DMARC/DKIM/SPF — and proactive monitoring for account takeovers through alerts and behavioral signals. It argues native controls form a solid foundation but leave gaps, and recommends augmenting them with Material Security for unified visibility and automated remediation.

Python Foundation Rejects $1.5M NSF Grant Over DEI Terms

🛡️ The Python Software Foundation (PSF) withdrew a $1.5 million proposal to the U.S. National Science Foundation after the approved award included conditions that would bar all PSF programs from activities that 'advance or promote diversity, equity, and inclusion.' The funding, under NSF’s Safety, Security, and Privacy of Open Source Ecosystems program, was intended to support automated malware-detection tools for PyPI and to be ported to other package ecosystems. PSF leaders said DEI is central to their mission, creating an unacceptable conflict that led the board to unanimously decline the grant and ask the community for donations and membership support.

The AI Fix 74: AI Glasses, Deepfakes, and AGI Debate

🎧 In episode 74 of The AI Fix, hosts Graham Cluley and Mark Stockley survey recent AI developments including Amazon’s experimental delivery glasses, Channel 4’s AI presenter, and reports of LLM “brain rot.” They examine practical security risks — such as malicious browser extensions spoofing AI sidebars and AI browsers being tricked into purchases — alongside wider societal debates. The episode also highlights public calls to pause work on super-intelligence and explores what AGI really means.

Privileged Account Monitoring and Protection Guide Overview

🔐 This article outlines Mandiant's practical framework for securing privileged access across modern enterprise and cloud environments. It emphasizes a three-pillar approach—Prevention, Detection, and Response—and details controls such as PAM, PAWs, JIT/JEA, MFA, secrets rotation, and tiered access. The post highlights detection engineering, high-fidelity session capture, and SOAR automation to reduce dwell time and blast radius, and concludes with incident response guidance including enterprise password rotations and protected recovery paths.

Move Beyond the SOC: Adopt a Risk Operations Center

📡 The Resilience Risk Operations Center (ROC) reframes cyber defense by fusing technical, business and financial intelligence into a single operating environment. Rather than relying solely on a traditional SOC that reacts to alerts, the ROC prioritizes threats using actuarial and claims data to show potential financial impact and guide urgent decisions. Inspired by the US Air Force AOC, it co-locates multidisciplinary experts to anticipate attacks and accelerate response. Early use, including response to an April 2024 VPN zero-day, showed faster mitigation and reduced losses.

Internal Conflicts Often Worse Than Cyberattacks for CISOs

🛡️ Roughly 70% of senior security leaders say internal conflicts during a cyber crisis cause more disruption than the attack itself, according to the Cytactic 2025 State of Cyber Incident Response Management (CIRM) Report. The survey of 480 US cybersecurity executives highlights blurred authority, poor communication, and unrehearsed roles that delay response. Experts recommend demonstrating security's business value, reducing operational friction with passwordless controls, and aligning incentives with lines of business.

Early Threat Detection: Protecting Growth and Revenue

🔎 Early detection turns cybersecurity from a reactive cost into a business enabler. Investing in continuous visibility, threat intelligence, and rapid detection reduces incident costs, preserves uptime, and protects revenue and reputation. Solutions such as ANY.RUN's Threat Intelligence Feeds and TI Lookup deliver real-time IOCs, context-enriched analyses, and STIX/TAXII-ready integrations so SOCs can prioritize and act faster, lowering MTTR and operational burden.