AI Agents Boost Pipelines as Advisories Land and Trust Abuses Emerge

OpenAI Aardvark: Autonomous GPT-5 Agent for Code Security

🛡️ OpenAI Aardvark is an autonomous GPT-5-based agent that scans, analyzes and patches code by emulating a human security researcher. Rather than only flagging suspicious patterns, it maps repositories, builds contextual threat models, validates findings in sandboxes and proposes fixes via Codex, then rechecks changes to prevent regressions. OpenAI reports it found 92% of benchmark vulnerabilities and has already identified real issues in open-source projects, offering free coordinated scanning for selected non-commercial repositories.

BigQuery's Data Engineering Agent: Automating Pipelines

🔧 The preview of the Data Engineering Agent in BigQuery introduces a Gemini-powered assistant that automates pipeline development, maintenance, and migrations. The agent converts natural-language requirements into SQL, enforces engineering best practices, and supports custom instructions and UDFs to reflect organizational logic. Integrated with Dataplex, it uses governance metadata to improve table descriptions, data quality assertions, and PII-aware handling, and it also generates documentation and troubleshooting guidance. The feature is available in preview via BigQuery Pipelines and the Dataform UI.

Ray on GKE: New AI Scheduling and Scaling Features

🚀 Google Cloud and Anyscale describe tighter integration between Ray and Kubernetes to improve distributed AI scheduling and autoscaling on GKE. The release introduces a Ray Label Selector API (Ray v2.49) to align task, actor and placement-group placement with Kubernetes labels and GKE custom compute classes, enabling targeted placement and fallback strategies for GPUs and markets. It also adds Dynamic Resource Allocation for A4X/GB200 racks, writable cgroups for Ray resource isolation on GKE v1.34+, TPU/JAX training support via a JAXTrainer in Ray v2.49, and in-place pod resizing (Kubernetes v1.33) for vertical autoscaling and higher efficiency.

Amazon Kinesis Data Streams: On-demand Advantage Launch

🚀 Amazon Kinesis Data Streams introduces On‑demand Advantage, letting customers warm on‑demand streams to absorb instant throughput spikes up to 10 GB or 10 million events per second without over‑provisioning. The mode removes the fixed per‑stream charge and offers a simpler usage pricing model with data ingest at $0.032/GB and retrieval at $0.016/GB in US East (N. Virginia). Extended retention costs fall by 77%, and Enhanced fan‑out retrievals are priced the same as shared throughput, making high fan‑out scenarios more economical. On‑demand Advantage requires a minimum billed aggregate of 25 MB/s for both ingest and retrieval at the discounted rates and is available in all AWS regions, including GovCloud (US) and China.

Ray on TPUs with GKE: Native, Lower-Friction Integration

🚀 Google Cloud and Anyscale have enhanced the Ray experience on Cloud TPUs with GKE to reduce setup complexity and improve performance. The new ray.util.tpu library and a SlicePlacementGroup with a label_selector API automatically reserve co-located TPU slices and preserve SPMD topology to avoid resource fragmentation. Ray Train and Ray Serve gain expanded TPU support including alpha JAX training, while TPU metrics and libtpu logs appear in the Ray Dashboard for faster troubleshooting and migration between GPUs and TPUs.

Microsoft Signing Transparency: Verifiable Code Signing

🔒 Microsoft has announced the preview of Signing Transparency, a cloud-managed service that records every software signature in an append-only ledger protected by confidential computing. The service verifies and countersigns COSE envelopes, issues cryptographic receipts tied to a Merkle-tree inclusion proof, and keeps signing keys in a secure enclave. Organizations and auditors can independently verify releases, detect tampering, and retain receipts for compliance and incident response.

Kaspersky Launches Kaspersky for Linux for Home Users

🛡️ Kaspersky has introduced Kaspersky for Linux, extending its award-winning home security lineup to 64-bit Linux desktops and laptops. The product adapts the vendor's enterprise-grade Linux solution for home users and combines real-time monitoring, behavior-based detection, removable-media scanning, anti-phishing, online payment protection, and anti-cryptojacking. Distributed as DEB and RPM packages, installation requires a My Kaspersky account and a 30-day trial is available; subscription tier does not change Linux feature availability while GDPR readiness is pending.

Microsoft WSUS Patch Disrupted Windows Server Hotpatching

⚠️ An out-of-band update, KB5070881, that addressed CVE-2025-59287 for Windows Server Update Service inadvertently removed Hotpatch enrollment on a very limited number of Windows Server 2025 machines. Microsoft has stopped offering KB5070881 to Hotpatch-enrolled devices and released KB5070893 the next day to fix the flaw without breaking Hotpatch. Systems that installed the buggy update will receive regular monthly security updates requiring restarts in November and December and will rejoin Hotpatch after the January 2026 baseline. As part of mitigations, Microsoft also disabled the display of WSUS synchronization error details.

GDI Vulnerabilities in Windows Enable RCE and Data Leak

🔒 Microsoft has issued updates to address three previously unknown flaws in the Windows Graphics Device Interface (GDI) that could permit remote code execution and information disclosure. The issues, rooted in malformed EMF/EMF+ records, cause out-of-bounds memory access in GdiPlus.dll and gdi32full.dll during image rendering, thumbnailing and print initialization. Patches were released across the May, July and August 2025 Patch Tuesdays (KB5058411, KB5062553, KB5063878); administrators should apply updates promptly and avoid opening untrusted EMF files.

Balancer V2 Exploit Drains Over $120 Million in Crypto

🚨 Balancer announced an exploit of its V2 Compostable Stable Pools on Ethereum at 07:48 UTC that resulted in reported losses exceeding $128 million. Initial analysis from GoPlus Security points to a precision rounding error in the Vault’s swap calculations that an attacker chained via batchSwap, while other researchers suggest improper authorization and callback handling in V2 vaults. Balancer says the issue is isolated to V2 Compostable Stable Pools, with V3 and other pools unaffected, and the team is working with security researchers on a full post‑mortem. Users are warned to remain vigilant for scams and phishing attempts following the incident.

SesameOp Backdoor Uses OpenAI Assistants API Stealthily

🔐 Microsoft security researchers identified a new backdoor, SesameOp, which abuses the OpenAI Assistants API as a covert command-and-control channel. Discovered during a July 2025 investigation, the backdoor retrieves compressed, encrypted commands via the API, decrypts and executes them, and returns encrypted exfiltration through the same channel. Microsoft and OpenAI disabled the abused account and key; recommended mitigations include auditing firewall logs, enabling tamper protection, and configuring endpoint detection in block mode.

Rhysida Ransomware Uses Microsoft Signing to Evade Defenses

🛡️ Rhysida ransomware operators have shifted to malvertising and the abuse of Microsoft Trusted Signing certificates to slip malware past defenses. By buying Bing search ads that point to convincing fake download pages for Microsoft Teams, PuTTY and Zoom, they deliver initial access tools such as OysterLoader (formerly Broomstick/CleanUpLoader) and Latrodectus. Signed, packaged binaries evade static detection and often run without scrutiny on Windows endpoints.

Fake Solidity VSCode Extension on Open VSX Backdoors

🛡️ A remote-access trojan named SleepyDuck, disguised as a Solidity extension on Open VSX, uses an Ethereum smart contract to deliver command-and-control instructions. The malicious package, downloaded over 53,000 times, activates on editor startup, when a Solidity file is opened, or when the compile command is run. On activation it collects system identifiers, creates a lock file for persistence, and polls an on-chain contract to update or replace its C2 endpoint. Open VSX has flagged the package and implemented security controls; developers should rely only on reputable publishers and official repositories.

Ex-Incident Response Staff Indicted for BlackCat Attacks

🔒 Three former incident response employees from DigitalMint and Sygnia have been indicted for allegedly carrying out ALPHV/BlackCat ransomware attacks on five U.S. companies between May and November 2023. Prosecutors say the defendants accessed networks, exfiltrated data, deployed encryption malware, and demanded ransoms ranging from $300,000 to $10 million, with one victim paying $1.27 million. Two named defendants face federal extortion and computer-damage charges that carry up to 20 and 10 years in prison respectively.

Google Cloud Cost Anomaly Detection Now Generally Available

🔔 Google Cloud has made Cost Anomaly Detection generally available to provide an automatic safety net for unexpected cloud spend. Alerts are enabled by default for all projects and delivered to Billing Administrators, with preferences managed in the billing console and direct links to an Anomaly dashboard that shows suspected root causes. The GA release introduces AI-generated thresholds that learn from historical spending, a percentage-deviation filter to keep alerts relevant across project sizes, and cold-start handling so new accounts receive protection immediately. The feature is free and integrates with Cloud Budgets as part of Google Cloud’s FinOps capabilities.

CISA, NSA and Partners Issue Exchange Server Best Practices

🔐 CISA, the NSA and international partners have published the Microsoft Exchange Server Security Best Practices to help organisations reduce exposure to attacks against hybrid and on‑premises Exchange deployments. The guidance reinforces Emergency Directive 25-02 and prioritises restricting administrative access, enforcing multi‑factor and modern authentication, tightening TLS and transport security, and applying Microsoft's Exchange Emergency Mitigation service. It also urges migration from unsupported or end‑of‑life systems and recommends use of secure baselines such as CISA's SCuBA. Agencies stress ongoing collaboration and a prevention-focused posture despite political and operational challenges.

Cybercriminals Exploit RMM Tools to Steal Truck Cargo

🚚 Proofpoint warns that cybercriminals are increasingly deploying legitimate remote monitoring and management tools to compromise trucking and logistics firms, enabling cargo theft and financial gain. Working with organized crime, they target asset-based carriers, brokers and integrated providers—especially food and beverage shipments—using compromised emails, fraudulent load-board listings and booby-trapped MSI/EXE installers to deliver ScreenConnect, SimpleHelp and other RMMs. Once inside, attackers conduct reconnaissance, harvest credentials with tools like WebBrowserPassView, delete bookings, block dispatcher alerts and reassign loads to facilitate physical theft, often selling stolen cargo online or overseas.

Weekly Recap: Lazarus Web3 Attacks and TEE.Fail Risks

🔐 This week's recap highlights a broad set of high‑impact threats, from a suspected China‑linked intrusion exploiting a critical Motex Lanscope flaw to deploy Gokcpdoor, to North Korean BlueNoroff campaigns targeting Web3 executives. Researchers disclosed TEE.fail, a low‑cost DDR5 side‑channel that can extract secrets from Intel and AMD TEEs. Also noted: human‑mimicking Android banking malware, WSL‑based ransomware tactics, and multiple high‑priority CVEs.

Anthropic Claude vulnerability exposes enterprise data

🔒 Security researcher Johann Rehberger demonstrated an indirect prompt‑injection technique that abuses Claude's Code Interpreter to exfiltrate corporate data. He showed that Claude can write sensitive chat histories and uploaded documents to the sandbox and then upload them via the Files API using an attacker's API key. The root cause is the default network egress setting Package managers only, which still allows access to api.anthropic.com. Available mitigations — disabling network access or strict whitelisting — significantly reduce functionality.

Malicious VSX Extension 'SleepyDuck' Uses Ethereum

🦆 Researchers at Secure Annex warned of a malicious Open VSX extension, juan-bianco.solidity-vlang, that delivers a remote access trojan dubbed SleepyDuck. Originally published as a benign library on October 31, 2025, it was updated to a malicious release after reaching about 14,000 downloads. The extension triggers on opening a code editor window or selecting a .sol file, harvesting host details and polling an Ethereum-based contract to obtain and update its command server. It also contains fallback logic using multiple Ethereum RPC providers to recover C2 information if the domain is taken down; users should only install extensions from trusted publishers and follow vendor guidance.

Hackers Use RMM Tools to Breach Freighters and Steal Cargo

🚨 Threat actors are targeting freight brokers and carriers with malicious emails and compromised load-board posts to deliver remote monitoring and management tools (RMM) such as ScreenConnect, NetSupport, and PDQ Connect. Once installed, attackers gain remote control to alter bookings, block notifications, harvest credentials, and impersonate carriers to reroute and physically steal high-value shipments. Proofpoint tracked dozens of campaigns since January, primarily in North America, exploiting social engineering and legitimate RMM functionality.

OAuth Device Code Phishing: Azure vs Google Compared

🔐 Matt Kiely of Huntress examines how the OAuth 2.0 device code flow enables phishing and highlights stark differences between Microsoft and Google. He walks through the device-code attack chain — generating a device code, social-engineering a user to enter it on a legitimate site, and polling the token endpoint to harvest access and refresh tokens. The analysis shows Azure’s implementation lets attackers control client_id and resource parameters to obtain powerful tokens, while Google’s implementation restricts device-code scopes and requires app controls that significantly limit abuse. Practical examples, cURL/Python snippets, and mitigation advice are included for defenders.

Cybercriminals Use RMM Tools to Enable Cargo Theft

🚚 Proofpoint researchers report that cybercriminals are compromising transportation firms to facilitate physical cargo theft by abusing remote management and access tools. Attackers use social engineering — including fake load-board listings, email thread hijacking and targeted phishing — to deliver installers that deploy RMM and RAS utilities. Once inside, they perform reconnaissance, harvest credentials with tools such as WebBrowserPassView, and expand access, enabling organized-crime partners to bid on and steal shipments.

BankBot-YNRK and DeliveryRAT: New Android Banking Threats

🔒 Cybersecurity researchers CYFIRMA and independent analyst F6 have disclosed two active Android trojans—BankBot‑YNRK and DeliveryRAT—that harvest financial and device data from compromised phones. BankBot‑YNRK impersonates an Indonesian government app, performs device fingerprinting and anti-emulation checks, abuses accessibility services to steal credentials and automate transactions, and communicates with a command server. DeliveryRAT, promoted via a Telegram bot, lures Russian users with fake delivery and marketplace apps and delivers malware-as-a-service variants that collect notifications, SMS and call logs and can hide their launchers. Users should avoid untrusted APKs, review permissions, and keep devices updated—Android 14 reduces some accessibility-based abuses.

Conti Suspect Appears in US Court After Extradition

🔒 A Ukrainian national extradited from Ireland has appeared in a US court, accused of conspiring to deploy Conti ransomware and manage stolen data and ransom notes. Authorities allege Oleksii Lytvynenko participated in attacks between 2020 and July 2022 that resulted in more than $500,000 in cryptocurrency extorted from victims in the Tennessee district and the publication of additional stolen data. He faces computer fraud and wire fraud conspiracy charges and could receive up to 25 years in prison if convicted.

SesameOp backdoor abuses OpenAI Assistants API for C2

🛡️ Microsoft DART researchers uncovered SesameOp, a novel .NET backdoor that leverages the OpenAI Assistants API as a covert command-and-control (C2) channel instead of traditional infrastructure. The implant includes a heavily obfuscated loader (Netapi64.dll) and a backdoor (OpenAIAgent.Netapi64) that persist via .NET AppDomainManager injection, using layered RSA/AES encryption and GZIP compression to fetch, execute, and exfiltrate commands. Microsoft and OpenAI investigated jointly and disabled the suspected API key; detections and mitigation guidance are provided for defenders.

HttpTroy Backdoor Poses as VPN Invoice in Kimsuky Attack

🔒 Security researchers at Gen Digital disclosed a targeted Kimsuky campaign that delivered a previously undocumented backdoor called HttpTroy, hidden inside a ZIP attachment masquerading as a VPN invoice. The multi-stage chain used a Golang dropper, a loader dubbed MemLoad and a DLL backdoor executed via a scheduled task named "AhnlabUpdate" to achieve persistence. HttpTroy provides extensive remote-control capabilities and communicates with a C2 server over HTTP, while employing layered obfuscation to hinder analysis and detection.

AWS and SANS Whitepaper: AI for Security Guidance Overview

🔒 AWS and SANS released a whitepaper, AI for Security and Security for AI, that examines how organizations can use generative AI safely and defend against AI-powered threats. The paper examines three lenses: securing generative AI applications, using generative AI to improve cloud security posture, and protecting against AI-enabled attacks. It offers practical action items, architecture guidance, and recommendations for responsible AI and human oversight.

CloudWatch Synthetics Adds Multi-Browser Support in GovCloud

🔍 Amazon CloudWatch Synthetics now supports running the same canary scripts across Chrome and Firefox in AWS GovCloud (US‑East, US‑West). You can use Playwright‑based or Puppeteer‑based canaries to collect browser-specific performance metrics, success rates, and visual monitoring results while retaining aggregate health views. This helps teams detect and remediate browser compatibility issues faster.

Amazon Cognito simplifies Machine-to-Machine pricing

🔔 AWS has simplified pricing for Amazon Cognito machine-to-machine (M2M) authentication by removing the M2M app client price dimension. Customers will now be charged only for successful M2M token requests per month instead of both registered app clients and token requests. The change is effective immediately across all supported Cognito regions and is automatic, requiring no customer action. This reduces the cost to build and scale M2M integrations.

How Scientists Can Use Gemini Enterprise for AI Workflows

🔬 Google Cloud presents how researchers can accelerate scientific workflows by combining Gemini Enterprise with integrated HPC infrastructure. It showcases AI agents—like the Deep Research agent for literature synthesis and the Idea Generation agent for proposing and ranking hypotheses—alongside developer tooling such as Gemini Code Assist and Gemini CLI for code, debugging, and workflow automation. The platform pairs these capabilities with purpose-built VMs (H4D, A4, A4X) and Google Cloud Managed Lustre to scale simulations and analysis.

AWS Config Adds 52 New Resource Types Across Key Services

🔔 AWS Config now supports 52 additional AWS resource types across services including Amazon EC2, Amazon Bedrock, and Amazon SageMaker. With recording for all resource types enabled, AWS Config will automatically begin tracking these additions and they are available to Config rules and aggregators. You can monitor the new types in all Regions where supported, expanding discovery, assessment, audit, and remediation coverage.

European Ransomware Leak-Site Victims Spike in 2025

🔒 CrowdStrike's 2025 European Threat Landscape Report found a 13% year-on-year rise in ransomware victims across Europe, with the UK hardest hit. The study, covering leak sites from September 2024 to August 2025, identified 1,380 victims and noted that since January 2024 more than 2,100 organisations were named on extortion sites, with 92% involving file encryption and data theft. The report highlights Akira and LockBit as the most active groups and warns of persistent big-game hunting, growing vishing campaigns and an emerging Violence-as-a-Service threat landscape.

2025 European Threat Landscape: Extortion and State Activity

🔍 CrowdStrike’s 2025 European Threat Landscape Report reveals rising extortion and intensifying nation-state operations across Europe, with Big Game Hunting (BGH) actors naming roughly 2,100 Europe-based victims on more than 100 dedicated leak sites since January 1, 2024. The United Kingdom, Germany, Italy, France and Spain are most targeted, across sectors such as manufacturing, professional services, technology, industrials and retail. The report details an active cybercrime ecosystem — forums, encrypted apps and marketplaces — and notes enabling techniques like voice phishing and fake CAPTCHA lures, while geopolitical conflicts drive expanded Russian-, Chinese-, Iranian- and DPRK-linked operations.

Generative AI Speeds XLoader Malware Analysis and Detection

🔍 Check Point Research applied generative AI to accelerate reverse engineering of XLoader 8.0, reducing days of manual work to hours. The models autonomously identified multi-layer encryption routines, decrypted obfuscated functions, and uncovered hidden command-and-control domains and fake infrastructure. Analysts were able to extract IoCs far more quickly and integrate them into defenses. The AI-assisted workflow delivered timelier, higher-fidelity threat intelligence and improved protection for users worldwide.

Hacktivists Target Internet-Exposed Industrial Controls

⚠️ The Canadian Centre for Cyber Security warns hacktivists are increasingly exploiting internet-accessible industrial control systems (ICS), citing recent intrusions that affected a water utility, an oil and gas automated tank gauge (ATG), and a farm's grain-drying silo. Attackers manipulated pressure, fuel-gauge, and environmental controls, creating safety and service disruptions. The alert urges secure remote access via VPNs with MFA and inventories of OT assets. Provincial and municipal coordination is recommended to protect sectors lacking cybersecurity oversight.

4th Circuit Lowers Proof Threshold in Data Breach Suits

🔒 In October the 4th U.S. Circuit Court of Appeals ruled that listing stolen consumer data on the dark web can be sufficient to let plaintiffs proceed in data-breach lawsuits. The panel determined that dark-web publication — paywalled or not — increases the risk of fraud and is therefore materially different from mere theft. CISOs should monitor dark-web exposure and preserve evidence of publicization to assess legal and financial risk.

CloudWatch Agent Adds NVMe Local Volume Performance Metrics

📈 The Amazon CloudWatch agent can now collect detailed performance metrics for NVMe local volumes attached to EC2 instances, including queue depths, I/O sizes, and device utilization. These metrics mirror the detailed statistics available for EBS volumes, enabling a consistent monitoring experience across storage types. You can create CloudWatch dashboards, set alarms, and analyze trends for NVMe-based instance store volumes, and the capability is available for all local NVMe volumes on Nitro-based EC2 instances in AWS Commercial and AWS GovCloud (US) Regions.

Cloudflare analysis confirms Turkmenistan IP changes

🔍 Cloudflare researchers revisited historic telemetry to assess reports that Turkmenistan experienced an unprecedented easing of IP address blocking in mid‑2024 and may have been testing a new firewall. Using Radar metrics, they observed a clear surge in HTTP requests beginning in mid‑June, alongside shifts in TCP reset and timeout patterns. These connection anomalies manifested at different stages of the TCP lifecycle across multiple autonomous systems, and while the data cannot provide attribution, the observed patterns are consistent with large‑scale filtering or firewall testing.

Mountpoint S3 CSI Driver Adds Observability Metrics

📈 You can now monitor Mountpoint operations in observability tools such as Amazon CloudWatch, Prometheus, and Grafana. Mountpoint emits near real-time metrics (request count, request latency, and error types) over the OpenTelemetry Protocol (OTLP), so you can use the CloudWatch agent or an OpenTelemetry collector to publish metrics and build dashboards. Configure Mountpoint at mount time to stream per-EC2-instance metrics for proactive monitoring and faster troubleshooting.

Ground Zero: Five Critical Steps After a Cyberattack

🛡️ Rapid, methodical incident response is essential when you suspect unauthorized access. Activating a rehearsed IR plan and notifying a cross-functional incident team (including HR, PR, legal and executives) helps you quickly establish scope, preserve evidence and maintain chain of custody. Contain affected systems without destroying forensic data, protect offline backups, notify regulators, insurers and law enforcement, then proceed to eradication, recovery and hardening.

Mercado Libre's Spanner-Based Platform for Scale and AI

🚀 Mercado Libre leverages Spanner as the core of a developer-facing platform, exposing consistent, globally-scalable transactions through its internal gateway, Fury. Fury abstracts distributed database complexity and serves both relational and key-value workloads. Integration with BigQuery via Data Boost and Change Streams enables near-real-time analytics and reverse ETL to operational systems.

AI Summarization Optimization Reshapes Meeting Records

📝 AI notetakers are increasingly treated as authoritative meeting participants, and attendees are adapting speech to influence what appears in summaries. This practice—called AI summarization optimization (AISO)—uses cue phrases, repetition, timing, and formulaic framing to steer models toward including selected facts or action items. The essay outlines evidence of model vulnerability and recommends social, organizational, and technical defenses to preserve trustworthy records.

Continuous Exposure Management Transforms SOC Ops Today

🔍 SOC analysts are increasingly overwhelmed by alert volume and contextual blind spots that force extensive manual triage. Continuous exposure management brings environment-specific intelligence into existing EDR, SIEM, and SOAR workflows to prioritize assets, validate exploitability, and visualize attack paths. By correlating exposures with MITRE ATT&CK techniques and automating remediation workflows, teams reduce false positives, accelerate investigations, and harden detections over time.

Windows Task Manager Won't Quit After KB5067036 Update

⚠️ Microsoft confirmed a known issue where closing Task Manager does not terminate the taskmgr.exe process after installing the October 28, 2025 preview update (KB5067036). Multiple background instances can consume CPU and cause stutters. As a temporary workaround, end each process in a new Task Manager window or run: taskkill.exe /im taskmgr.exe /f while Microsoft investigates a permanent fix.

Aligning Security with Business Strategy: Practical Steps

🤝 Security leaders must move beyond a risk-only mindset to actively support business goals, as Jungheinrich CISO Tim Sattler demonstrates by joining his company’s AI center of excellence to advise on both risks and opportunities. Industry research shows significant gaps—only 13% of CISOs are consulted early on major strategic decisions and many struggle to articulate value beyond mitigation. Practical alignment means embedding security into initiatives, using business metrics to measure effectiveness, and prioritizing controls that enable growth rather than impede operations.

Month of VT Search: Unlimited GUI Searches in November

🔍 This November VirusTotal is offering uncapped GUI searches for all Enterprise customers, allowing manual queries through the web interface without consuming quota. Take this opportunity to experiment with VirusTotal Intelligence search modifiers to pivot across hashes, domains, IPs, and URLs, hunt for related samples, and uncover campaign infrastructure. API interactions will continue to consume quota, while daily shared queries and community tips — tagged #MonthOfVTSearch — will help users explore advanced search techniques.