AWS Tightens Private Connectivity as Advisories Address Exploits

Amazon Aurora DSQL Adds FIPS 140-3 Compliant Endpoints

🔐 Amazon Web Services announced that Aurora DSQL now supports FIPS 140-3 compliant endpoints, enabling customers to meet federal cryptography requirements when sending requests over public or VPC endpoints. The capability is available beginning Oct 31, 2025, in US East (N. Virginia), US East (Ohio), and US West (Oregon). This update lets organizations contracting with the U.S. federal government use Aurora DSQL for workloads that require a FIPS-validated cryptographic module.

AWS Marketplace: Flexible Pricing and Deployment for Agents

🤖 AWS Marketplace now offers flexible pricing and simplified deployment for AI agents and tools, including contract-based and usage-based options for Amazon Bedrock AgentCore Runtime containers. The update also streamlines OAuth credential management via Quick Launch for API-based agents and allows supported remote MCP servers procured through Marketplace to be used as MCP targets on AgentCore Gateway. These enhancements reduce deployment complexity and give partners more pricing flexibility while improving scalability for customers.

OpenAI Unveils Aardvark: GPT-5 Agent for Code Security

🔍 OpenAI has introduced Aardvark, an agentic security researcher powered by GPT-5 that autonomously scans source code repositories to identify vulnerabilities, assess exploitability, and propose targeted patches that can be reviewed by humans. Embedded in development pipelines, the agent monitors commits and incoming changes continuously, prioritizes threats by severity and likely impact, and attempts controlled exploit verification in sandboxed environments. Using OpenAI Codex for patch generation, Aardvark is in private beta and has already contributed to the discovery of multiple CVEs in open-source projects.

Amazon Route 53 Resolver Adds AWS PrivateLink Support

🔒 Amazon Route 53 Resolver now supports AWS PrivateLink, enabling private management and access to Resolver and its features without traversing the public internet. Customers can use PrivateLink to reach Resolver endpoints, Route 53 Resolver DNS Firewall, Resolver Query Logging, and Resolver for AWS Outposts over the Amazon network. All operations — create, delete, edit, list — are supported via the private connection in supported regions, including AWS GovCloud.

OpenAI Aardvark: GPT-5 Agent to Find and Fix Code Bugs

🛡️ OpenAI has introduced Aardvark, a GPT-5-powered autonomous agent designed to scan, reason about, and patch code with the judgment of a human security researcher. Announced in private beta, Aardvark maps repositories, builds contextual threat models, continuously monitors commits, and validates exploitability in sandboxed environments before reporting findings. When vulnerabilities are confirmed, it proposes fixes via Codex and re-analyzes patches to avoid regressions. OpenAI reports a 92% detection rate in benchmark tests and has already identified real-world flaws in open-source projects, including ten issues assigned CVE identifiers.

Amazon RDS adds IPv6 for publicly accessible DBs in regions

🌐 Amazon RDS now extends IPv6 support to publicly accessible databases, enabling dual-stack (IPv4 and IPv6) connectivity for both RDS and Aurora publicly accessible instances. This builds on existing IPv6 support for privately accessible databases in a VPC and lets teams scale beyond IPv4 address limits and assign contiguous IP ranges to microservices. The feature is available in all AWS regions where private IPv6 RDS is offered, and can be enabled via the AWS CLI or Management Console.

Windows 11 Build 26220.7051 Adds Ask Copilot Taskbar

🖥️ Windows 11 Build 26220.7051 introduces a taskbar-based Ask Copilot, allowing testers to query the web, local files, and AI using text or voice. The feature is optional and can be enabled under Settings > Personalization > Taskbar; Microsoft says it may eventually replace the existing Windows Search UI. The update also rolls out a full-screen Xbox handheld experience, a Bluetooth LE-based "Shared audio" preview to stream audio to two devices, and improved x64 emulation support to boost ARM PC performance.

Google says Search AI Mode will access personal data

🔎 Google says a forthcoming AI Mode for Search could, with users' opt-in consent, access content from Gmail, Drive, Calendar and Maps to provide customized results and actions. The company is testing early experiments in Labs for personalized shopping and local recommendations, and suggests features like flight summaries, scheduling, or trip planning could leverage that data. Timing remains TBD.

Model Context Protocol Proxy for AWS now generally available

🔒 The Model Context Protocol (MCP) Proxy for AWS is now generally available, offering a client-side proxy that lets MCP clients connect to remote, AWS-hosted MCP servers using AWS SigV4 authentication. It supports agentic development tools such as Amazon Q Developer CLI, Kiro, Cursor, and agent frameworks like Strands Agents, and interoperates with MCP servers built on Amazon Bedrock AgentCore Gateway or Runtime. The open-source Proxy includes safety controls (read-only mode), configurable retry logic, and logging for troubleshooting, and can be installed from source, via Python package managers, or as a container to integrate with existing MCP-supported tools.

AWS PrivateLink Adds Native Cross-Region Service Access

🚀 AWS PrivateLink now supports native cross-region connectivity for select AWS services. With this change, Interface VPC endpoints can privately access Amazon S3, Route 53, ECR and other supported services hosted in different Regions of the same AWS partition without cross-region peering or internet exposure. Endpoints present a private IP in your VPC, simplifying secure inter-region connectivity and helping meet data residency requirements. Refer to AWS PrivateLink pricing and documentation for the full list of supported services and Regions.

Conversational AI Agents: Designing for Retail UX, Commerce

🛍️ Google Cloud outlines UX and implementation guidance for building conversational AI agents tailored to online shopping. The article presents seven practical design principles — including multimodal input, intelligent query handling, rich visual presentation, and clear trust signals — that improve discovery and reduce friction. It highlights features like predictive assistance and contextual clarification and offers a Figma component library plus developer resources to accelerate deployment.

GKE and Gemini CLI Integration Enhances Developer Workflows

🚀 Google has open-sourced the GKE Gemini CLI extension, bringing Google Kubernetes Engine directly into the Gemini CLI ecosystem while also functioning as an MCP server for other MCP clients. The extension injects GKE-specific context, tools, and tailored prompts so developers can use shorter, more natural language interactions and integrated slash commands to complete complex workflows. It simplifies common operations—like selecting models and accelerators or generating Kubernetes manifests for inference—while improving compatibility with Cloud Observability. The project is actively maintained with regular releases and community contributions.

Chinese Hackers Exploit Windows LNK Zero-Day to Spy

🔒 A China-linked threat group is exploiting a high-severity Windows .LNK zero-day (CVE-2025-9491) to deploy the PlugX remote-access trojan against European diplomatic targets. The campaign begins with spearphishing that delivers malicious shortcut files themed around NATO and European Commission events. Researchers at Arctic Wolf Labs and StrikeReady attribute the activity to UNC6384 (Mustang Panda) and report the operation has expanded beyond Hungary and Belgium to other EU states. With no official patch available, defenders are urged to restrict .LNK usage and block identified C2 infrastructure.

China-linked Tick exploits Lanscope flaw to deploy backdoor

⚠️ Sophos and JPCERT/CC have linked active exploitation of a critical Motex Lanscope Endpoint Manager vulnerability (CVE-2025-61932, CVSS 9.3) to the China-aligned Tick group. Attackers leveraged the flaw to execute SYSTEM-level commands and drop a Gokcpdoor backdoor, observed in both server and client variants that create covert C2 channels. The campaign used DLL side-loading to run an OAED Loader, deployed the Havoc post-exploitation framework on select hosts, and used tools like goddi and tunneled Remote Desktop for lateral movement. Organizations are advised to upgrade or isolate internet-facing LANSCOPE servers and review deployments of the MR and DA agents.

Pennsylvania: Hacker Claims 1.2M Donor Records Breach

🔐 A threat actor claims to have compromised University of Pennsylvania systems and exfiltrated data for roughly 1.2 million students, alumni, and donors, including names, dates of birth, contact details, estimated net worth, donation histories, and sensitive demographic data. The attacker said they gained access via a compromised PennKey SSO account and accessed VPN, Salesforce Marketing Cloud, Qlik, SAP, SharePoint, and Box. After access was revoked on October 31 the actor used Marketing Cloud to send offensive emails to about 700,000 recipients and published a 1.7-GB archive of files. Penn says it is investigating; donors should watch for targeted phishing and verify solicitations directly with the university.

Choosing Google Cloud Managed Lustre for External KV Cache

🚀 This post explains how an external KV Cache backed by Google Cloud Managed Lustre can accelerate transformer inference and lower costs by offloading expensive prefill compute to I/O. In experiments with a 50K token context and ~75% cache-hit, Managed Lustre increased inference throughput by 75% and cut mean time-to-first-token by 44%. The analysis projects a 35% TCO reduction and up to ~43% fewer GPUs for the same workload, and the article summarizes practical steps: provision Managed Lustre in the same zone, deploy an inference server that supports external caching (for example vLLM), enable o_direct, and tune I/O parallelism.

Conduent Breach Exposes Data of Over 10.5 Million People

🔒 Conduent has confirmed a breach affecting more than 10.5 million individuals, with customer notices sent in October 2025 after the incident was discovered on 13 January 2025. Unauthorized access reportedly began on 21 October 2024 and persisted for nearly three months. The criminal group SafePay claimed responsibility and said it exfiltrated large volumes of data, potentially including names, Social Security numbers, dates of birth, and medical and insurance information.

CISA and NSA Urge Immediate Hardening of Exchange Servers

🔒 CISA, the NSA and international partners have issued urgent guidance to harden on‑premises Microsoft Exchange Server instances by restricting administrative access, enforcing multi‑factor authentication, and applying strict transport security. The agencies recommend migrating or decommissioning end‑of‑life and hybrid Exchange servers, enabling the Exchange Emergency Mitigation Service, and disabling remote PowerShell for users. Organizations are also advised to maintain patch cadence, apply security baselines, and enable antivirus, EDR, ASR, and AppLocker controls.

China-Linked 'Bronze Butler' Exploits Lanscope Zero-Day

🔒 Sophos researchers discovered China-linked espionage group Bronze Butler exploiting a zero-day in Motex Lanscope Endpoint Manager (CVE-2025-61932) to deploy an updated Gokcpdoor backdoor. The flaw enabled unauthenticated remote code execution as SYSTEM on affected versions (<=9.4.7.2), and attackers used OAED Loader, DLL sideloading, and multiplexed C2 channels to evade detection. Motex released patches on October 20, 2025, and CISA added the vulnerability to its KEV list; organizations are advised to upgrade immediately since no mitigations exist.

ASD Warns of Ongoing BADCANDY Attacks on Cisco IOS XE

🛡️ The Australian Signals Directorate (ASD) has issued a bulletin warning of ongoing attacks using a Lua-based implant dubbed BADCANDY to compromise unpatched Cisco IOS XE devices via CVE-2023-20198. ASD reports variations have been seen since October 2023 and estimates about 400 Australian devices were compromised since July 2025, with 150 infections in October. Operators are urged to apply patches, restrict public access to the web UI, and follow Cisco hardening guidance.

Chinese Hackers Exploit Hard-to-Patch Windows Shortcut Flaw

🛡️Arctic Wolf reports that Chinese government-linked actors, tracked as UNC6384 and linked to the longer-running Mustang Panda cluster, conducted spear-phishing campaigns in September and October targeting diplomats in Hungary, Belgium, Serbia, Italy and the Netherlands by abusing a long-known Windows .LNK shortcut parsing flaw. The vulnerability allows command-line instructions to be concealed in .LNK whitespace so attackers can display decoy PDFs—such as an agenda for a European Commission meeting—while executing payloads that deploy the PlugX remote-access Trojan. Trend Micro and ZDI previously documented the issue (i.e., ZDI-CAN-25373, later CVE-2025-9491), but Microsoft has so far declined to fully patch it; Arctic Wolf advises blocking or disabling .LNK execution, monitoring for related binaries like cnmpaui.exe, and blocking C2 domains as interim mitigations.

Nation-State Airstalk Malware Uses AirWatch via API

🛡️ Palo Alto Networks Unit 42 linked a suspected nation-state cluster (CL-STA-1009) to a new backdoor named Airstalk that abuses the AirWatch API (now Workspace ONE Unified Endpoint Management) as a covert command-and-control channel. The malware appears in PowerShell and more capable .NET variants and can capture screenshots, harvest browser cookies, history and bookmarks, and enumerate user files. Airstalk misuses MDM custom attributes as a dead-drop resolver and leverages the API blobs feature to exfiltrate large artifacts; some .NET samples were signed with a likely stolen certificate.

Australia warns of BadCandy infections on Cisco devices

⚠️ The Australian Signals Directorate warns of ongoing attacks against unpatched Cisco IOS XE devices being backdoored with the Lua-based BadCandy webshell. The exploited flaw, CVE-2023-20198, allows unauthenticated actors to create local admin accounts via the web UI and execute commands with root privileges. Cisco issued a patch in October 2023, but many internet-exposed devices remain vulnerable and have been repeatedly re-infected.

China-Linked UNC6384 Exploits Windows LNK Vulnerability

🔒 A China-affiliated group tracked as UNC6384 exploited an unpatched Windows shortcut flaw (ZDI-CAN-25373, CVE-2025-9491) to target diplomatic and government entities in Europe between September and October 2025. According to Arctic Wolf, the campaign used spear-phishing links to deliver malicious LNK files that launch a PowerShell stager, sideload a CanonStager DLL, and deploy the PlugX remote access trojan. Microsoft says Defender detections and Smart App Control can help block this activity.

CISA: High-Severity Linux Privilege Flaw Used by Ransomware

🔒 CISA confirmed that CVE-2024-1086, a high-severity use-after-free bug in the nf_tables component of the Linux kernel, is being exploited in ransomware campaigns. The flaw, introduced in 2014 and patched in January 2024, enables local attackers to escalate to root. A publicly released PoC targets kernels 5.14–6.6. CISA added the issue to its KEV list and recommended mitigations such as blocklisting nf_tables, restricting user namespaces, or loading the LKRG module.

Large-Scale AWS Credential Abuse and SES Exploitation

🔐 Identity compromise is driving large-scale AWS abuse, with attackers leveraging stolen access keys to test accounts and weaponize Amazon SES for Business Email Compromise and invoice fraud. FortiGuard Labs attributes the reconnaissance layer to a campaign named TruffleNet that uses TruffleHog and automated AWS CLI/Boto3 requests to validate credentials and probe SES quotas. Fortinet recommends continuous monitoring, least-privilege access, MFA, and integrated detection via FortiCNAPP and related controls to detect and block these activities.

Log Analytics Query Builder Makes Log SQL Easier for Teams

🔍 The Log Analytics query builder in Google Cloud Console provides a UI-driven way to build and preview SQL-based log queries without hand-coding. It helps DevOps engineers, SREs, and application developers search across fields, infer JSON schemas, select nested values, and apply aggregations via an intuitive interface. Real-time SQL preview and one-click visualizations let users switch to the editor to fine-tune queries and save dashboards.

Chinese-Linked Hackers Exploit Windows Shortcut Flaw

🔎 Researchers at Arctic Wolf Labs uncovered a September–October 2025 cyber-espionage campaign that used a Windows shortcut vulnerability to target Belgian and Hungarian diplomatic entities. The operation, attributed to UNC6384 and likely tied to Mustang Panda (TEMP.Hex), combined spear phishing with malicious .LNK files exploiting ZDI-CAN-25373 and deployed a multi-stage chain ending in the PlugX RAT. Attackers used DLL side-loading, signed Canon utilities and obfuscated PowerShell to extract and execute an encrypted payload while displaying decoy diplomatic PDFs.

CISA Flags VMware Tools Zero-Day in KEV Catalog; Exploited

🛡️ CISA has added the high-severity flaw CVE-2025-41244, impacting Broadcom VMware Tools and VMware Aria Operations, to its Known Exploited Vulnerabilities catalog after reports of active exploitation. The bug (CVSS 7.8) allows a malicious local, non-administrative user with VM access and SDMP enabled to escalate privileges to root on the same VM. Broadcom-owned VMware released a patch last month, but NVISO Labs says the zero-day was exploited in the wild since mid-October 2024 and attributes activity to a China-linked actor tracked as UNC5174. Federal civilian agencies must implement mitigations by November 20, 2025.

Malicious npm Packages Use Invisible URL Dependencies

🔍 Researchers at Koi Security uncovered a campaign, PhantomRaven, that has contaminated 126 packages in Microsoft's npm repository by embedding invisible HTTP URL dependencies. These remote links are not fetched or analyzed by typical dependency scanners or npmjs.com, making packages appear to have 0 Dependencies while fetching malicious code at install time. The attackers aim to exfiltrate developer credentials and environment details, and they also exploit AI hallucinations to create plausible package names.

Open VSX Rotates Leaked Tokens After Supply-Chain Attack

🔒 Open VSX rotated access tokens after developers accidentally leaked credentials in public repositories, a lapse that allowed attackers to publish malicious VS Code–compatible extensions in a supply‑chain campaign. The Eclipse Foundation says the threat, linked to a campaign dubbed GlassWorm, was contained by Oct 21 after malicious extensions were removed and tokens revoked. The registry plans shorter token lifetimes, faster revocation workflows, automated publication scans, and increased collaboration with other marketplaces to reduce future risk.

Claude code interpreter flaw allows stealthy data theft

🔒 A newly disclosed vulnerability in Anthropic’s Claude AI lets attackers manipulate the model’s code interpreter to silently exfiltrate enterprise data. Researcher Johann Rehberger demonstrated an indirect prompt-injection chain that writes sensitive context to the interpreter sandbox and then uploads files using the attacker’s API key to Anthropic’s Files API. The exploit exploits the default “Package managers only” network setting by leveraging access to api.anthropic.com, so exfiltration blends with legitimate API traffic. Mitigations are limited and may significantly reduce functionality.

Agent Session Smuggling Threatens Stateful A2A Systems

🔒 Unit42 researchers Jay Chen and Royce Lu describe agent session smuggling, a technique where a malicious AI agent exploits stateful A2A sessions to inject hidden, multi‑turn instructions into a victim agent. By hiding intermediate interactions in session history, an attacker can perform context poisoning, exfiltrate sensitive data, or trigger unauthorized tool actions while presenting only the expected final response to users. The authors present two PoCs (using Google's ADK) showing sensitive information leakage and unauthorized trades, and recommend layered defenses including human‑in‑the‑loop approvals, cryptographic AgentCards, and context‑grounding checks.

Ukrainian Extradited from Ireland on Conti Ransomware Charges

🔒 A 43-year-old Ukrainian national, Oleksii Lytvynenko, has been extradited from Ireland to the United States on charges tied to the Conti ransomware operation. U.S. authorities allege he controlled stolen data and participated in sending ransom notes during double-extortion attacks between 2020 and June 2022. Arrested by An Garda Síochána in July 2023, Lytvynenko could face up to 25 years in prison if convicted. Prosecutors say the conspiracy extorted cryptocurrency and targeted victims across multiple jurisdictions.

Resiliency in the Cloud: Shared Responsibility & Azure

☁️ Microsoft positions resiliency as a shared responsibility, combining its global infrastructure, SLAs, and platform capabilities with customer-owned architecture, configuration, and recovery planning. Azure Essentials packages blueprints, assessments, and validation tools like Azure Chaos Studio and Azure Monitor to enable zone-redundant and multi-region designs. The guidance stresses continuous validation, automated remediation, and governance to reduce downtime and accelerate recovery.

Amazon Route 53 Resolver Adds AWS PrivateLink Support

🔒 Amazon Route 53 Resolver now supports AWS PrivateLink, allowing customers to access and manage Resolver and its associated features privately over the Amazon network rather than the public internet. This private access covers Resolver endpoints, Route 53 Resolver DNS Firewall, Resolver Query Logging, and Resolver for AWS Outposts, with create, delete, edit and list operations handled via PrivateLink. Route 53 Resolver continues to respond recursively for public records, VPC-specific DNS names, and private hosted zones and remains available by default in all VPCs. The capability can be used in regions where Resolver and its features are offered, including AWS GovCloud (US) Regions.

Microsoft Edge adds scareware sensor for faster blocking

🛡️ Microsoft is adding a new scareware sensor to Edge that notifies Defender SmartScreen in real time to speed up indexing and global blocking of tech-support and full-screen scam pages. The sensor is included in Edge 142, disabled by default, and reports suspected scams immediately without sharing screenshots or extra data beyond SmartScreen’s usual telemetry. Edge’s local scareware blocker — introduced at Ignite 2024 and widely enabled since February — still warns users, exits full-screen, stops loud audio, shows a thumbnail, and offers an option to continue. Microsoft plans to enable the sensor for users who have SmartScreen enabled and will add more anonymous detection signals over time.

Amazon DynamoDB Accelerator (DAX) Adds AWS PrivateLink

🔒 Amazon DynamoDB Accelerator (DAX) now supports AWS PrivateLink, allowing cluster management APIs such as CreateCluster, DescribeClusters, and DeleteCluster to be accessed over private IP addresses inside your VPC. Data-plane operations like GetItem and Query were already handled privately within the VPC; this update moves management-plane traffic off the public regional endpoint. The feature is available in all Regions where DAX runs and incurs additional AWS PrivateLink charges.

AWS VPC IPAM Adds Automated Prefix List Resolver Support

🔁 AWS announced that Amazon VPC IP Address Manager (IPAM) can now automate prefix list updates using a prefix list resolver (PLR). Administrators can define business rules in IPAM to synchronize prefix lists with IP address ranges from VPCs, subnets, and IPAM pools, and reference those lists in route tables and security groups. This automation removes the need for manual updates and reduces operational overhead. The feature is available in all AWS Regions where IPAM is supported, including AWS China and AWS GovCloud (US).

Alleged Jabber Zeus Coder 'MrICQ' Extradited to U.S.

🔒 A Ukrainian man long accused of building and operating components of the Jabber Zeus banking trojan has been arrested in Italy and is now in U.S. custody. Prosecutors say 41-year-old Yuriy Igorevich Rybtsov, previously identified only by the handle MrICQ, was charged in a 2012 Nebraska indictment as a developer and notification handler for the group. Investigators allege Jabber Zeus used a custom ZeuS variant and a Leprechaun component to intercept credentials and bypass multi-factor protections, enabling large payroll thefts via recruited money mules.

AI as Strategic Imperative for Modern Risk Management

🛡️ AI is a strategic imperative for modernizing risk management, enabling organizations to shift from reactive to proactive, data-driven strategies. Manfra highlights four practical AI uses—risk identification, risk assessment, risk mitigation, and monitoring and reporting—and shows how NLP, predictive analytics, automation, and continuous monitoring can improve coverage and timeliness. She also outlines operational hurdles including legacy infrastructure, fragmented tooling, specialized talent shortages, and third-party risks, and calls for leadership-backed governance aligned to SAIF, NIST AI RMF, and ISO 42001.

Agentic AI: Reset, Business Use Cases, Tools & Lessons

🤖 Agentic AI burst into prominence with promises of streamlining operations and accelerating productivity. This Special Report assesses what's practical versus hype, examining the current state of agentic AI, the primary deployment challenges organizations face, and practical lessons from real-world success stories. It highlights business processes suited to agentic agents, criteria for evaluating development tools, and how LinkedIn built a platform. The report also outlines near-term expectations and adoption risks.

Eclipse Foundation Revokes Leaked Open VSX Tokens Promptly

🔒 The Eclipse Foundation said it revoked a small number of Open VSX access tokens after Wiz reported several VS Code extensions had inadvertently exposed credentials in public repositories. The exposures were attributed to developer error, not an Open VSX infrastructure compromise. Open VSX introduced an ovsxp_ token prefix, removed flagged extensions, reduced default token lifetimes, and plans automated scans to bolster supply‑chain defenses.

Windows 11 Build 26220.7051 Adds Ask Copilot and More

🗞️ Windows 11 Build 26220.7051 is rolling out to Insiders and introduces three headline features: a taskbar-based Ask Copilot, a new full-screen Xbox experience for handhelds, and Bluetooth Shared audio. Ask Copilot lets users search the internet, local files, and AI using text or voice and can be enabled via Settings > Personalization > Taskbar > Ask Copilot. The new full-screen experience (FSE) aims to prioritize gaming on compatible handheld devices and can be set under Settings > Gaming > Full screen experience. Additionally, Windows now supports sharing audio to two Bluetooth devices and improves ARM PC performance by expanding x64 emulation support.

Windows 11 Trials Shared Bluetooth Audio on AI PCs

🔊 Microsoft is testing a new Shared audio feature in Windows 11 that uses Bluetooth LE Audio broadcast technology to stream audio to two Bluetooth devices simultaneously on eligible Copilot+ PCs. The option appears as Shared audio (preview) in Quick Settings in Windows 11 Build 26220.7051 (KB5067115). Initially it is limited to select Surface models with Qualcomm Snapdragon X and a few upcoming Samsung and Surface AI PCs, and requires compatible accessories such as Galaxy Buds2 Pro.

Amazon GameLift Streams Adds AWS Health Lifecycle Alerts

🔔 Amazon GameLift Streams is integrated with AWS Health to send automated lifecycle notifications about aging stream groups. Accounts receive reminders on days 45 and 150 warning that adding new applications will be restricted after day 180, with a final re-creation reminder on day 335 before expiration at day 365. The feature is available in all AWS Regions at no additional cost, and expiration details are visible in the console or via the GetStreamGroup ExpiresAt field.

Hunting BGP Zombies: Causes, Effects, and Mitigations

🧟 Cloudflare details 'BGP zombies' — routes that remain in the Default-Free Zone after a withdrawal due to path hunting, delayed processing, or MRAI timers. Through experiments and BYOIP on-demand tests, they show how more-specific withdrawals can trigger loops and long-lived reachability issues, often worse on IPv4. Cloudflare proposes graceful draining, a multi-step BYOIP failover using same-length native announcements, and vendor adoption of RFC9687 to reduce impact.

Russian Police Arrest Suspected Meduza Stealer Operators

🔒 Russian authorities have arrested three individuals in Moscow accused of creating and operating the Meduza information‑stealing malware. Announced on Telegram by police general Irina Volk, investigators say the group developed and distributed Meduza via hacker forums around two years ago and offered it as a subscription-based service. The tool steals browser-stored credentials and cryptocurrency data and, since December 2023, can resurrect expired Chrome authentication cookies to facilitate account takeover. Authorities opened a criminal case after operators targeted an Astrakhan institution and seized confidential server data.

Amazon Lightsail Adds Larger Instances up to 64 vCPUs

🔹 Amazon Lightsail now offers three larger instance bundles with up to 64 vCPUs and 256 GB memory, announced in October 2025. The bundles are available with pre-configured Linux OS and application blueprints and support both IPv6-only and dual-stack networking. Blueprints include WordPress, cPanel & WHM, Plesk, Drupal, Magento, MEAN, LAMP, Node.js, Amazon Linux, Ubuntu, CentOS, Debian, AlmaLinux, and Windows. These higher-performance instances enable scaling of web and application servers, large databases, virtual desktops, batch processing, and enterprise applications, and they are available in all AWS Regions where Lightsail is offered.

Google Confirms AI Search Will Include Ads, Evolving Format

📣Google says its ad business will remain central as it integrates advertising into AI-powered search experiences. Google currently offers AI Overviews and a more capable AI Mode, and has begun limited experiments placing ads within those results. Executives say ads won't disappear but may appear differently and become more personalized based on user data. Tests and further plans are expected to continue into next year.

Agencies Publish Best Practices to Secure Exchange Server

🔒 Cybersecurity agencies in the United States, Australia and Canada have issued coordinated best-practice guidance to help organizations harden on-premises Microsoft Exchange Server installations against ongoing attacks and misconfiguration risks. The advisory emphasizes keeping servers fully patched and on the supported Subscription Edition, enabling Microsoft’s Emergency Mitigation Service, and establishing security baselines. It also urges stronger authentication and encryption, dedicated administrative workstations, and built-in protections such as Microsoft Defender Antivirus and App Control to reduce attack surfaces.

Clearview AI Faces Criminal Complaint in Austria Over GDPR

🔍 Clearview AI has been hit with a criminal complaint filed in Austria by the European Center for Digital Rights (noyb), alleging that the company ignored decisions by several EU data protection authorities. The complaint invokes GDPR provisions allowing criminal sanctions under Article 84 and seeks prosecution of executives, potentially including jail time and personal liability when traveling to Europe. The action follows fines and bans from multiple DPAs and ongoing appeals, notably only in the UK.

SAP Cloud ERP (GROW) Now Available in Frankfurt Region

🚀 SAP and AWS have expanded the SAP Cloud ERP on AWS (GROW) offering to the Europe (Frankfurt) region, delivering a full SaaS ERP solution that can be implemented in months rather than years. The service centers on SAP S/4HANA Cloud, Public edition and integrates HR, procurement, sales, finance, supply chain, and manufacturing with SAP Business AI–powered processes. Customers can leverage generative AI via Amazon Bedrock in the SAP generative AI hub and benefit from AWS Graviton processors' energy efficiency.

Amazon Connect adds scheduling for individual agents

📅 Amazon Connect now supports scheduling of individual agents, allowing managers to create and publish schedules for specific employees and automatically merge them with existing business unit schedules. For example, when onboarding 100 new agents into a unit with published schedules for the next two months, you can schedule only the new hires and merge without regenerating or copying entire schedules. This eliminates manual workarounds, improves manager productivity, and increases operational efficiency. The capability is available in all AWS Regions where Amazon Connect agent scheduling is supported.

OpenAI Eyes Memory-Based Ads for ChatGPT to Boost Revenue

📰 OpenAI is weighing memory-based advertising on ChatGPT as it looks to diversify revenue beyond subscriptions and enterprise deals. The company, valued near $500 billion, has about 800 million users but only ~5% pay, and paid customers generate the bulk of recent revenue. Internally the move is debated — focus groups suggest some users already assume sponsored answers — and the company is expanding cheaper Go plans and purchasable credits.

Will AI Strengthen or Undermine Democratic Institutions

🤖 Bruce Schneier and Nathan E. Sanders present five key insights from their book Rewiring Democracy, arguing that AI is rapidly embedding itself in democratic processes and can both empower citizens and concentrate power. They cite diverse examples — AI-written bills, AI avatars in campaigns, judicial use of models, and thousands of government use cases — and note many adoptions occur with little public oversight. The authors urge practical responses: reform the tech ecosystem, resist harmful applications, responsibly deploy AI in government, and renovate institutions vulnerable to AI-driven disruption.

October 2025: Key Cybersecurity Stories and Guidance

🔒 As October 2025 concludes, ESET Chief Security Evangelist Tony Anscombe reviews the month’s most significant cybersecurity developments and what they mean for defenders. He highlights that Windows 10 reached end of support on October 14 and outlines practical options for affected users and organizations. He also warns about info‑stealing malware spread through TikTok videos posing as free activation guides and summarizes Microsoft’s report that Russia, China, Iran and North Korea are increasingly using AI in cyberattacks — alongside China’s accusation of an NSA operation targeting its National Time Service Center.

Aembit Launches IAM for Agentic AI with Blended Identity

🔐 Aembit today announced Aembit Identity and Access Management (IAM) for Agentic AI, introducing Blended Identity and the MCP Identity Gateway to assign cryptographically verified identities and ephemeral credentials to AI agents. The solution extends the Aembit Workload IAM Platform to enforce runtime policies, apply least-privilege access, and maintain centralized audit trails for agent and human actions. Designed for cloud, on‑premises, and SaaS environments, it records every access decision and preserves attribution across autonomous and human-driven workflows.

ThreatLocker Adds macOS Configuration Scanning Beta

🔒 ThreatLocker has released DAC for macOS in Beta, extending its configuration-scanning capability to Apple endpoints. Using the existing ThreatLocker agent, the feature can scan Macs up to four times daily and surface risky settings—FileVault, firewall, sharing/remote access, admin accounts, Gatekeeper, update policies—directly in the same console used for Windows. Findings are grouped by endpoint and category and include step-by-step remediation plus mappings to frameworks such as CIS, NIST, ISO 27001, and HIPAA. The aim is to make misconfigurations visible and remediable before they become security incidents.

Go clients, HTTP/2 PING floods, and ENHANCE_YOUR_CALM

🔍 This post investigates why Cloudflare returned ENHANCE_YOUR_CALM for internal HTTP/2 traffic and traces the issue to an easy-to-make Go client behavior. An incorrect pattern where a response is closed without being fully read caused the Go HTTP/2 library to emit RST_STREAM and PING frames in quick succession, triggering PING-flood mitigations. The fix: always drain response bodies (for example, io.Copy(io.Discard, resp.Body)) before calling Close().

Offensive 'We got hacked' emails sent from Penn addresses

📧 The University of Pennsylvania distributed a series of offensive emails to students and alumni claiming data was stolen in a breach and urging action. The messages, with the subject line "We got hacked (Action Required)", were sent from multiple Penn addresses, including the Graduate School of Education, via the connect.upenn.edu mailing-list platform hosted on Salesforce Marketing Cloud. Penn's Office of Information Security said the messages are fraudulent, its Incident Response team is investigating, and the university has placed a website banner advising recipients to disregard or delete the emails.

Why Password Controls Still Matter in Cybersecurity

🔒 In January 2024, Russian attackers bypassed layered defenses at Microsoft, underscoring that passwords remain a primary attack vector in complex IT environments. The article identifies frequent failure points such as forgotten legacy accounts and predictable user patterns, and recommends adaptive controls: advanced banned password lists, nuanced rotation policies, long memorable passphrases, and risk-based authentication. It also advises a staged rollout with user education, clear KPIs, and practical self-service resets, and highlights Specops Password Policy as a tool that scans Active Directory against billions of compromised passwords.

The Unified Linkage Model: Reframing Cyber Risk in Practice

🔗The Unified Linkage Model (ULM) reframes cyber risk by focusing on the relationships — not just individual assets — that allow vulnerabilities and adversaries to propagate across systems. Drawing on the Okta 2023 support-credential compromise, the model highlights three structural linkage types: adjacency, inheritance and trustworthiness. ULM shifts analysis from topology or isolated CVE lists to the connective tissue that enables systemic exposure. Applied correctly, it clarifies prioritization, accelerates impact analysis and unifies threat and vulnerability data into actionable risk pathways.

AI in Bug Bounties: Efficiency Gains and Practical Risks

🤖 AI is increasingly used to accelerate bug bounty research, automating vulnerability discovery, API reverse engineering, and large-scale code scanning. While platforms and triage services like Intigriti can flag unreliable, AI-generated reports, smaller or open-source programs (for example Curl) are overwhelmed by low-quality submissions that consume significant staff time. Experts stress that AI augments skilled researchers but cannot replace human judgment.

AI-Powered Bug Hunting Disrupts Bounty Programs and Triage

🔍 AI-powered tools and large language models are speeding up vulnerability discovery, enabling so-called "bionic hackers" to automate reconnaissance, reverse engineering, and large-scale scanning. Platforms such as HackerOne report sharp increases in valid AI-related reports and payouts, but many submissions are low-quality noise that burdens maintainers. Experts recommend treating AI as a research assistant, strengthening triage, and preserving human judgment to filter false positives and duplicates.

MSP Cybersecurity Readiness: Turn Security Into Growth

🔒 The Hacker News guide helps MSPs evaluate readiness to expand into advanced cybersecurity and compliance services. It highlights two essential dimensions — mindset and operational readiness — and provides a practical checklist covering service definition, staffing, tools, processes, sales capability, and financial planning. The guide reframes security as a business enabler rather than a technical checkbox.