Cloud Platforms Bolster Security As Active Exploits Drive Patching

Cloudflare Introduces Python Workflows in Beta Release

🐍 Cloudflare has announced Python Workflows in beta, enabling developers to orchestrate multi-step, durable applications on Workers using Python. The feature aims for feature parity with the existing JavaScript SDK while adapting APIs to Pythonic idioms—using decorators for step callbacks and snake_case naming for method calls. Under the hood it leverages Pyodide and CPython in the runtime, exposes WorkflowStep as an RPC-backed JsProxy for at-most-once durable execution, and supports DAG-style concurrency via asyncio.gather. Targeted use cases include data pipelines, ML/LLM training loops, and autonomous agents where step-level retries, state persistence, and explicit wait points simplify orchestration.

Google Cloud N4D VMs with AMD EPYC Turin Generally Available

🚀 Google Cloud announces general availability of the N4D machine series built on 5th Gen AMD EPYC 'Turin' processors and Google's Titanium infrastructure. N4D targets cost-optimized, general-purpose workloads — web and app servers, data analytics, and containerized microservices — with up to 96 vCPUs, 768 GB DDR5, 50 Gbps networking, and Hyperdisk storage. Google cites up to 3.5x web-serving throughput versus N2D and material price-performance gains for general compute and Java workloads.

Microsoft Secure Future Initiative — November 2025 Report

🔐 Microsoft’s November 2025 progress report on the Secure Future Initiative outlines governance expansion, engineering milestones, and product hardening across Azure, Microsoft 365, Windows, Surface, and Microsoft Security. The update highlights measurable gains — a nine-point rise in security sentiment, 95% employee completion of AI-attack training, 99.6% phishing-resistant MFA enforcement, and 99.5% live-secrets detection and remediation. It also introduces AI-first security capabilities, new detections, and 10 actionable SFI patterns to help customers improve posture.

Anthropic's Claude Sonnet 4.5 Now in AWS GovCloud (US)

🚀 Anthropic's Claude Sonnet 4.5 is now available in Amazon Bedrock within AWS GovCloud (US‑West and US‑East) via US‑GOV Cross‑Region Inference. The model emphasizes advanced instruction following, superior code generation and refactoring judgment, and is optimized for long‑horizon agents and high‑volume workloads. Bedrock adds an automatic context editor and a new external memory tool so Claude can clear stale tool-call context and store information outside the context window, improving accuracy and performance for security, financial services, and enterprise automation use cases.

Full-Stack Approach to Scaling RL for LLMs on GKE at Scale

🚀 Google Cloud describes a full-stack solution for running high-scale Reinforcement Learning (RL) with LLMs, combining custom TPU hardware, NVIDIA GPUs, and optimized software libraries. The approach addresses RL's hybrid demands—reducing sampler latency, easing memory contention across actor/critic/reward models, and accelerating weight copying—by co-designing hardware, storage (Managed Lustre, Cloud Storage), and orchestration on GKE. The blog emphasizes open-source contributions (vLLM, llm-d, MaxText, Tunix) and integrations with Ray and NeMo RL recipes to improve portability and developer productivity. It also highlights mega-scale orchestration and multi-cluster strategies to run production RL jobs at tens of thousands of nodes.

Gemini Code Assist adds persistent memory for reviews

🧠 Gemini Code Assist on GitHub now supports persistent memory that learns from merged pull request interactions to capture a team's coding standards, style, and best practices. The memory is stored securely in a Google-managed project specific to each installation and is applied selectively to relevant reviews. It infers reusable rules from review threads and uses them both to shape initial analysis and to filter draft suggestions so the agent adapts over time and reduces repetitive feedback.

AWS Private CA Adds ML-DSA Post-Quantum Certificates

🔐 AWS Private CA now supports the post-quantum digital signature algorithm ML-DSA (NIST FIPS 204), enabling organizations to create CAs and issue certificates designed to resist quantum attacks. The feature lets you test certificate issuance, identity verification, and code signing using ML-DSA, and supports CRLs and OCSP responders. Availability spans all commercial AWS Regions, AWS GovCloud (US), and China Regions to help teams begin transitioning PKI toward post-quantum cryptography.

AWS Backup Adds Native Support for Amazon EKS Across Regions

🔒 AWS Backup now supports Amazon EKS, providing a fully managed, centralized solution for backing up cluster state and persistent application data. The agent-free integration replaces custom scripts and third-party tools with a native, policy-driven service that offers automated scheduling, retention management, immutable vaults, and cross-Region and cross-account copies. You can restore entire clusters, specific namespaces, or individual persistent volumes to support disaster recovery, compliance, or pre-upgrade protection.

Amazon MSK Express Brokers Add Intelligent Rebalancing

⚡ Effective today, all new Amazon MSK Provisioned clusters with Express brokers support Intelligent Rebalancing at no additional cost. The feature automates partition balancing when clusters scale up or down, maximizing capacity utilization and removing the need for manual or third-party partition management. AWS reports Intelligent Rebalancing runs up to 180× faster than Standard brokers and scales brokers without impacting client availability.

Amazon S3 Express One Zone Adds IPv6 for VPC Endpoints

🌐 Amazon now supports Internet Protocol version 6 (IPv6) addresses for S3 Express One Zone gateway VPC endpoints, enabling access over IPv6 or DualStack without additional translation infrastructure. This applies in all Regions where the storage class exists at no extra cost. You can enable IPv6 for new or existing endpoints via Console, CLI, SDK, or CloudFormation. See the S3 User Guide to get started.

Critical RCE in expr-eval JavaScript Library, affects NPM

⚠️ A critical remote code execution vulnerability (CVE-2025-12735) has been disclosed in the popular expr-eval JavaScript expression parser, which sees over 800,000 weekly downloads on NPM. Reported by Jangwoo Choe and rated 9.8 by CISA, the flaw stems from insufficient validation of the variables/context object passed to Parser.evaluate(), allowing attacker-supplied function objects to be invoked during evaluation. Both the original project and its maintained fork are affected; the fork provides a fix in v3.0.0. Developers should migrate to the patched fork and republish dependent packages immediately.

CISA Orders Federal Patch for Samsung Zero‑Day Spyware

🔒 CISA has ordered U.S. federal agencies to patch a critical Samsung vulnerability, CVE-2025-21042, which has been exploited to deploy LandFall spyware via malicious DNG images sent over WhatsApp. The flaw is an out-of-bounds write in libimagecodec.quram.so affecting devices on Android 13 and later; Samsung issued a patch in April after reports from Meta and WhatsApp security teams. CISA added the bug to its Known Exploited Vulnerabilities catalog and requires Federal Civilian Executive Branch agencies to remediate by December 1 under BOD 22-01. The spyware can exfiltrate data, record audio, and track location.

Triofox CVE-2025-12480: Unauthenticated Access Leads to RCE

⚠️ Mandiant Threat Defense observed active exploitation of an unauthenticated access control vulnerability in Gladinet's Triofox (CVE-2025-12480) that allowed attackers to bypass authentication and reach administrative setup pages. By manipulating the HTTP Host header to impersonate localhost, attackers accessed protected admin workflows, created a native admin account, and configured the built-in anti‑virus engine to execute a malicious script as SYSTEM. The chain led to a PowerShell downloader, installation of a legitimate Zoho UEMS agent, and deployment of remote access tools; the vulnerability affected Triofox 16.4.10317.56372 and was mitigated in 16.7.10368.56560. Operators should upgrade immediately, audit admin accounts, and restrict anti‑virus engine paths.

EU Commission proposes GDPR changes for AI and cookies

🔓 The European Commission's leaked "Digital Omnibus" draft would revise the GDPR, shifting cookie rules into the regulation and allowing broader processing based on legitimate interests. Websites could move from opt-in to opt-out tracking, and companies could train AI on personal data without explicit consent if safeguards like data minimization, transparency and an unconditional right to object are applied. Privacy groups warn the changes would weaken protections.

China-aligned UTA0388 leverages AI in GOVERSHELL attacks

📧 Volexity has linked a series of spear-phishing campaigns from June to August 2025 to a China-aligned actor tracked as UTA0388. The group used tailored, rapport-building messages impersonating senior researchers and delivered archive files that contained a benign-looking executable alongside a hidden malicious DLL loaded via search order hijacking. The distributed malware family, labeled GOVERSHELL, evolved through five variants capable of remote command execution, data collection and persistence, shifting communications from simple shells to encrypted WebSocket and HTTPS channels. Linguistic oddities, mixed-language messages and bizarre file inclusions led researchers to conclude LLMs likely assisted in crafting emails and possibly code.

High-severity runc bugs allow container breakouts via procfs

⚠ Three high-severity vulnerabilities in the runc container runtime allow attackers to escape containers and gain host-level privileges by abusing masked paths, console bind-mounts, and redirected writes to procfs. Aleksa Sarai of SUSE and the OCI described logic flaws that let runc mount or write to sensitive /proc targets, including /proc/sys/kernel/core_pattern and /proc/sysrq-trigger. Patches are available in runc 1.2.8, 1.3.3 and 1.4.0-rc.3; administrators should update promptly, favor rootless containers where feasible, and monitor for suspicious symlink behaviour.

GlassWorm Malware Found in Three VS Code Extensions

🔒 Researchers identified three malicious VS Code extensions tied to the GlassWorm campaign that together had thousands of installs. The packages — ai-driven-dev.ai-driven-dev, adhamu.history-in-sublime-merge, and yasuyuky.transient-emacs — were still available at reporting. Koi Security warns GlassWorm harvests Open VSX, GitHub, and Git credentials, abuses invisible Unicode for obfuscation, and uses blockchain-updated C2 endpoints. Defenders should audit extensions, rotate exposed tokens and credentials, and monitor repositories and wallet activity for signs of compromise.

Quantum Route Redirect PhaaS Exploits Microsoft 365 Users

📧 KnowBe4 researchers have identified a phishing automation kit named Quantum Route Redirect (QRR) that uses roughly 1,000 domains to harvest Microsoft 365 credentials. The platform is preconfigured with common lures—DocuSign requests, payment notifications, missed voicemail notices and QR prompts—and typically hosts landing pages on parked or compromised legitimate domains to aid social engineering and evade detection. QRR includes a built-in filter that distinguishes humans from bots and security scanners, redirecting genuine users to credential-harvesting pages while sending automated systems to benign sites. Most observed attacks target U.S. users, and defenders are urged to deploy robust URL filtering and continuous account monitoring.

Triofox Authentication Bypass Leads to Remote Access

🔒 Google's Mandiant reported active n‑day exploitation of a critical authentication bypass in Gladinet's Triofox (CVE-2025-12480, CVSS 9.1) that lets attackers access configuration pages and execute arbitrary payloads. Adversaries abused the product's antivirus executable path to run a malicious batch, installing Zoho UEMS and remote‑access tools such as Zoho Assist and AnyDesk. Operators created admin accounts, escalated privileges, and established SSH tunnels for inbound RDP. Triofox customers should apply the vendor patch, remove unauthorized admins, and verify antivirus executable paths cannot run untrusted scripts.

Yanluowang Access Broker Pleads Guilty in Ransomware Case

🔒 A Russian national has pleaded guilty to acting as an initial access broker for the Yanluowang ransomware group, admitting to selling corporate network access used in attacks on at least eight U.S. companies between July 2021 and November 2022. FBI searches of a server tied to the operation recovered chat logs, stolen files, and victim credentials that linked payments and access to the defendant. Investigators traced the suspect through Apple iCloud data, cryptocurrency exchange records, and social media accounts, and blockchain analysis tied portions of ransom payments to addresses he provided. He faces decades in prison and more than $9.1 million in restitution.

Yanluowang Broker Pleads Guilty to Ransomware Access

🔒 Aleksey Olegovich Volkov, a Russian national who used aliases including chubaka.kor and nets, has agreed to plead guilty to acting as an initial access broker for the Yanluowang ransomware group. Between July 2021 and November 2022 he sold credentials that enabled intrusions at eight U.S. companies and facilitated ransom demands ranging from $300,000 to $15 million. FBI warrants seized server logs, stolen data, chat histories and iCloud records linking Volkov to the scheme and to partial Bitcoin payments. He faces up to 53 years in prison and must pay more than $9.1 million in restitution.

Weekly Recap: Hidden VMs, AI Leaks, and Mobile Spyware

🛡️ This week's recap highlights sophisticated, real-world threats that bypass conventional defenses. Actors like Curly COMrades abused Hyper-V to run a hidden Alpine Linux VM and execute payloads outside the host OS, evading EDR/XDR. Microsoft disclosed the Whisper Leak AI side-channel that infers chat topics from encrypted traffic, and a patched Samsung zero-day was weaponized to deploy LANDFALL spyware to select Galaxy devices. Time-delayed NuGet logic bombs, a new criminal alliance (SLH), and ongoing RMM and supply-chain abuses underscore rising coordination and stealth—prioritize detection and mitigations now.

New hardware attack (TEE.fail) breaks modern secure enclaves

🔒 A new low-cost hardware-assisted attack called TEE.fail undermines current trusted execution environments from major chipmakers. The method inserts a tiny device between a memory module and the motherboard and requires a compromised OS kernel to extract secrets, defeating protections in Confidential Compute, SEV-SNP, and TDX/SDX. The attack completes in roughly three minutes and works against DDR5 memory, meaning the physical-access threats TEEs are designed to defend against are no longer reliably mitigated.

CISA Adds Samsung Mobile CVE to KEV Catalog for Remediation

🔔 CISA has added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-21042, an out-of-bounds write in Samsung mobile devices that CISA reports is being actively exploited. This class of flaw can enable code execution or device compromise and poses a significant risk to the federal enterprise. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate listed KEVs by required due dates. CISA strongly urges all organizations to prioritize timely remediation and to apply vendor updates and mitigations without delay.

Researchers Trick ChatGPT into Self Prompt Injection

🔒 Researchers at Tenable identified seven techniques that can coerce ChatGPT into disclosing private chat history by abusing built-in features like web browsing and long-term Memories. They show how OpenAI’s browsing pipeline routes pages through a weaker intermediary model, SearchGPT, which can be prompt-injected and then used to seed malicious instructions back into ChatGPT. Proof-of-concepts include exfiltration via Bing-tracked URLs, Markdown image loading, and a rendering quirk, and Tenable says some issues remain despite reported fixes.

ClickFix Phishing Campaign Targets Hotels, Delivers PureRAT

🔒 Sekoia warns of a large-scale phishing campaign targeting hotel staff that uses ClickFix-style pages to harvest credentials and deliver PureRAT. Attackers impersonate Booking.com in spear-phishing emails, redirect victims through a scripted chain to a fake reCAPTCHA page, and coerce them into running a PowerShell command that downloads a ZIP containing a DLL-side‑loaded backdoor. The modular RAT supports remote access, keylogging, webcam capture and data exfiltration and persists via a Run registry key.

Amazon EC2 High Memory U7i Instances Now in GovCloud

🚀 Amazon Web Services has added High Memory U7i instances to AWS GovCloud, offering 12TiB (u7i-12tb.224xlarge) and 16TiB (u7in-16tb.224xlarge) in GovCloud (US-West) and 24TiB (u7in-24tb.224xlarge) in GovCloud (US-East). These 7th‑generation instances use custom 4th‑generation Intel Xeon Scalable (Sapphire Rapids) processors, provide 896 vCPUs and DDR5 memory, and support ENA Express. The u7i-12tb delivers up to 100Gbps network and EBS throughput while the 16tb and 24tb variants deliver up to 200Gbps, making them well suited for mission‑critical in‑memory databases like SAP HANA, Oracle, and SQL Server.

Whisper Leak side channel exposes topics in encrypted AI

🔎 Microsoft researchers disclosed a new side-channel attack called Whisper Leak that can infer the topic of encrypted conversations with language models by observing network metadata such as packet sizes and timings. The technique exploits streaming LLM responses that emit tokens incrementally, leaking size and timing patterns even under TLS. Vendors including OpenAI, Microsoft Azure, and Mistral implemented mitigations such as random-length padding and obfuscation parameters to reduce the effectiveness of the attack.

Konni Exploits Google's Find Hub to Remotely Wipe Devices

⚠️ The North Korea-linked Konni threat actor has been observed combining spear-phishing and signed installers to compromise Windows and Android systems and exfiltrate credentials. Genians Security Center reports attackers used stolen Google account credentials to access Google Find Hub and remotely reset devices, causing unauthorized data deletion. The campaign, detected in early September 2025, uses malicious MSI packages and RATs including EndRAT and Remcos to maintain long-term access and propagate via compromised KakaoTalk sessions.

Google Public Sector Achieves CMMC Level 2 Certification

🔒 Google Public Sector announced it has achieved CMMC Level 2 certification, validated by a certified third-party assessment organization (C3PAO). The certification confirms that its internal systems used to process and store Controlled Unclassified Information (CUI) meet DoD cybersecurity expectations. While the certification covers Google’s internal systems and does not extend to customer environments, Google highlights support for the Defense Industrial Base through FedRAMP-authorized cloud services and published compliance resources, including a Google Workspace CMMC Implementation Guide, to help partners accelerate their own CMMC journeys.

Cyberattack Halts Dutch Broadcaster, Forces Vinyl Use

🎧 RTV Noord, a regional Dutch TV and radio broadcaster, reported a cyber incident on November 6, 2025, that blocked staff access to critical systems. Presenters on the "De Ochtendploeg" breakfast show resorted to playing CDs and LPs to stay on air. The attackers left a message on the network, prompting suspicion of ransomware, and the newsroom confirmed internal channels were limited to WhatsApp while services were restored.

65% of Top Private AI Firms Exposed Secrets on GitHub

🔒 A Wiz analysis of 50 private companies from the Forbes AI 50 found that 65% had exposed verified secrets such as API keys, tokens and credentials across GitHub and related repositories. Researchers employed a Depth, Perimeter and Coverage approach to examine commit histories, deleted forks, gists and contributors' personal repos, revealing secrets standard scanners often miss. Affected firms are collectively valued at over $400bn.

Ludwigshafen City Administration Faces Extended IT Outage

🚨 Ludwigshafen's city administration shut down its IT systems on 6 November after monitoring tools flagged serious anomalies, leaving online services and phone and email communications unavailable. A specialist internet-forensics firm was engaged overnight and reported a cyberattack could not be ruled out; officials say indicators have since intensified. There is currently no evidence of citizen data exfiltration, and backups and emergency plans operated as intended while investigations continue.

AWS Control Tower adds automatic account enrollment

🔁 AWS Control Tower customers can now automatically enroll member accounts simply by moving them into an Organizational Unit (OU). When moved, Control Tower applies the destination OU's baseline configurations and controls and removes the originals from the prior OU, removing the need for manual re-registration. This streamlines provisioning by allowing accounts to be created and then placed in the correct OU using the AWS Organizations console or the CreateAccount and MoveAccount APIs. Customers on landing zone version 3.1+ can opt in by toggling the automatically enroll accounts flag or by setting RemediationTypes to Inheritance_Drift in the CreateLandingZone or UpdateLandingZone APIs.

AWS Releases 2025 H1 IRAP Report for Australian Customers

🔒 AWS announced the 2025 H1 IRAP report is now available on AWS Artifact for Australian customers. An ASD-certified IRAP assessor completed the evaluation in September 2025, and four services were newly assessed at the PROTECTED level: Amazon Application Recovery Controller, AWS Global Accelerator, Amazon Q Business, and AWS Resource Explorer. AWS also published an IRAP documentation pack aligned to ACSC guidance and the ISM (March 2025) to help customers assess and architect PROTECTED workloads. Customers can request inclusion of additional services via their AWS representatives.

Vibe-coded Ransomware Found in Microsoft VS Code Marketplace

🔒 Security researcher Secure Annex discovered a malicious extension in the Microsoft Marketplace that embeds "Ransomvibe" ransomware for Visual Studio Code. Once the extension activates, a zipUploadAndEcnrypt routine runs, applying typical ransomware techniques and using hard-coded C2 URLs, encryption keys and bundled decryption tools. The package appears to be a test build, limiting immediate impact, but researchers warn it can be updated or triggered remotely. Microsoft has removed the extension and says it will blacklist and uninstall malicious extensions.

Phishing Campaign Uses Meta Business Suite to Target SMBs

📨 Check Point email security researchers uncovered a large-scale phishing campaign that abuses Meta's Business Suite and the facebookmail.com delivery domain to send convincing fake notifications. Attackers craft messages that appear to originate from Meta, allowing them to bypass many traditional security filters and increase the likelihood of SMBs across the U.S. and internationally engaging with malicious links or credential-stealing pages. Organizations should strengthen email defenses, monitor suspicious Business Suite activity, and educate staff to reduce exposure.

Browser Security Report 2025: Emerging Enterprise Risks

🛡️ The Browser Security Report 2025 warns that enterprise risk is consolidating in the user's browser, where identity, SaaS, and GenAI exposures converge. The research shows widespread unmanaged GenAI usage and paste-based exfiltration, extensions acting as an embedded supply chain, and a high volume of logins occurring outside SSO. Legacy controls like DLP, EDR, and SSE are described as operating one layer too low. The report recommends adopting session-native, browser-level controls to restore visibility and enforce policy without disrupting users.

AWS adds IPv6 for S3 Gateway and Interface VPC Endpoints

🌐 Amazon Web Services now supports IPv6 addresses for AWS PrivateLink Gateway and Interface VPC endpoints for Amazon S3. To enable IPv6 connectivity on new or existing S3 endpoints, set the IP address type to IPv6 or Dualstack; S3 will update route tables for gateway endpoints and provision ENIs with IPv6 for interface endpoints. IPv6 for S3 VPC endpoints is available in all AWS Commercial Regions and AWS GovCloud (US) Regions at no additional cost, and can be configured via the Console, CLI, SDK, or CloudFormation.

Firefox 145 Adds Stronger Anti-Fingerprinting Defenses

🔒 Mozilla has rolled out enhanced anti-fingerprinting protections in Firefox 145, initially active in Private Browsing and Enhanced Tracking Protection (ETP) Strict mode. Phase 2 measures add targeted noise to background image reads, restrict reported fonts to standard OS sets with select language exceptions, coarsen touch reporting, report screen height minus 48 pixels, and always report two processor cores. After testing these changes will be enabled by default; users can disable them per-site for compatibility. The release also removes the 32-bit Linux build.

FileFix: New File Explorer Social-Engineering Threat

🔒 FileFix is a social‑engineering technique that tricks users into pasting a malicious command into the Windows File Explorer address bar instead of the Run dialog. Attackers hide a long payload before a benign-looking file path using leading spaces so only the harmless path is visible, then invoke a PowerShell script (for example via conhost.exe) to retrieve and run malware. Defenses emphasize robust endpoint protection and ongoing employee awareness training, since blocking shortcuts alone is insufficient.

Amazon Braket Adds Native CUDA-Q Support in Notebooks

🔬 Amazon Braket notebook instances now include native support for CUDA-Q, enabled by upgrading the underlying OS to Amazon Linux 2023 to deliver improved performance, security, and compatibility for quantum development and production-ready workflows. Developers can run GPU-accelerated quantum circuit simulation alongside access to QPUs from IonQ, Rigetti, and IQM within the managed notebook environment. This eliminates the need for local deployment or separate Hybrid Jobs, streamlining hybrid quantum-classical experimentation. CUDA-Q support is available in all Regions where Braket operates.

CloudWatch Agent Adds Shared Memory Utilization Metrics

📈 Amazon Web Services announced that the Amazon CloudWatch Agent can now collect shared memory utilization metrics from Linux hosts running on Amazon EC2 or in on‑premises environments. This complements existing memory metrics (free, used, cached) and captures memory used by large enterprise databases and in‑memory applications. Administrators can enable the feature in the agent configuration file to obtain accurate total memory usage for sizing and optimization. The capability is available in all commercial and AWS GovCloud (US) Regions; CloudWatch custom metrics pricing applies.

Acronis on FileFix, SideWinder and Shadow Vector Campaigns

🔍 Acronis TRU describes practical VirusTotal hunting techniques used to track the FileFix ClickFix variant, the long-running SideWinder actor, and the Shadow Vector SVG campaign targeting Colombian users. Using Livehunt, content-based YARA rules, VT Diff, and metadata pivoting, analysts located clipboard-based web payloads, document exploits (CVE‑2017‑0199/11882), and judicial-themed SVG decoys. The post emphasizes iterative rule tuning, retrohunt for timelines, and infrastructure pivots that convert fragmented indicators into actionable intelligence.

Zeotap cuts costs 46% migrating to Bigtable from ScyllaDB

🚀 Zeotap migrated its Customer Data Platform from ScyllaDB to Bigtable to address scaling challenges, operational overhead, and highly spiky workloads. The cloud-native stack—using Dataflow, a home-grown streaming engine, Memorystore as a cache, Bigtable as the hot store, and BigQuery for analytics—delivers predictable low-latency reads and writes at scale. The transition yielded a 46% reduction in TCO and a ~20% drop in operational tasks while enabling sub-second SLAs and faster ML deployment.

NCSC to Retire Web Check and Mail Check Tools in 2026

⚠️The National Cyber Security Centre (NCSC) has announced it will retire its Web Check and Mail Check external attack surface tools by 31 March 2026. These services, introduced in 2017, scanned for web vulnerabilities, misconfigurations, and email anti‑spoofing controls such as SPF, DKIM and DMARC. Current users are urged to seek commercial alternatives and consult an NCSC buyer’s guide and other Check services before the end-of-life date.

Amazon EC2 C7i‑flex Instances Now Available in UAE Region

🚀Amazon Web Services has launched EC2 C7i-flex instances in the Middle East (UAE), offering up to 19% better price performance versus C6i. Powered by AWS-exclusive 4th generation Intel Xeon Scalable (Sapphire Rapids) custom processors and priced about 5% below C7i, these instances cover common sizes from large through 16xlarge. They target web and application servers, caches, databases, Apache Kafka, Elasticsearch and other compute-intensive workloads that don’t fully utilize all vCPUs. For sustained heavy-CPU needs or very large configurations, customers can continue to use standard C7i instances.

Layered Security for SMBs During the Holiday Season

🔒 Small and medium-size businesses face rising, measurable cyber risk as ransomware incidents increase and attacks spike during the holiday season. Resource constraints and end-of-life Windows 10 devices magnify exposure, while firmware-level and endpoint gaps can defeat traditional defenses. A layered, defense-in-depth approach across silicon, the operating system, and endpoints reduces attack surfaces. Business-grade devices such as the ASUS Expert Series integrate these protections to turn necessary upgrades into strategic security investments.

5 Reasons Attackers Prefer Phishing via LinkedIn Channels

🔒 Phishing is moving beyond email to platforms like LinkedIn, where direct messages sidestep traditional email defenses and evade many web-based controls. Attackers exploit account takeovers, weak MFA adoption, and AI-driven outreach to scale targeted campaigns against executives and cloud identity services. Because LinkedIn messages are accessed on corporate devices but outside email channels, organizations often rely on user reporting and URL blocking—measures that are slow and ineffective. Vendor Push Security recommends browser-level protections that analyze page code and behavior in real time to block in-browser phishing and SSO-based compromises.

NCA Campaign Targets Men Under 45 Over Crypto Scams

🚨 The UK's National Crime Agency (NCA) has launched the "Crypto Dream Scam Nightmare" campaign to warn men under 45 about crypto investment fraud that lures victims with professional sites, apps and romance baiting. The initiative, part of the Home Office's Stop! Think Fraud programme, includes a short video and a 10-tip info sheet to help people recognise and avoid scams. The NCA noted Action Fraud logged over 17,000 investment fraud reports last year.

Amazon SageMaker Unified Studio Adds Catalog Notifications

🔔 Amazon SageMaker Unified Studio now delivers real-time notifications for data catalog activities, including new dataset publications, metadata changes, subscription requests, comments, and access approvals. Alerts are surfaced via a bell icon on the project home page and through a notification center that shows a recent list and a full, filterable tabular view by catalog, project, and event type. The feature is available in all regions where SageMaker Unified Studio is supported.

Proving Cybersecurity's Business Value to the Board

📊 Cybersecurity leaders increasingly must translate technical metrics into business language to demonstrate program value and secure budget support. Studies from Ponemon Institute and Open Text show executives expect measurable business impact, yet many CISOs default to technical statistics that confuse boards. Experts recommend creating or aligning with an ERM function, using a documented risk register, and mapping metrics to business priorities. Use clear business measures such as potential financial exposure, risk-reduction percentages, ROI, and peer benchmarking to illustrate impact and prioritize investments.

CrowdStrike Named Overall Leader in 2025 ITDR Compass

🔒 CrowdStrike has been named the Overall Leader in the 2025 KuppingerCole Leadership Compass for Identity Threat Detection and Response, achieving top placement across Product, Innovation, Market, and Overall Ranking. The report cites Falcon Next-Gen Identity Security for its cloud-native design, AI/ML-driven detections, behavioral analytics, and automated identity-centric response. KuppingerCole highlights unified visibility across Active Directory, Entra ID, Okta, Ping, AWS IAM and SaaS via Falcon Shield, and notes deep integrations with XDR, SIEM, SOAR, IdP, IGA, PAM, and ITSM to accelerate detection and remediation for human, non-human, and AI agent identities.

Purple Teaming and Continuous Practice for SOC Readiness

🪂 Purple teaming must become ongoing practice, not a one-off exercise. Many organisations run purple team engagements as transactional penetration tests that emphasise bypass and board-ready reports rather than sustained capability building. Real SOC uplift requires repetition, rehearsal, and collaborative iteration between testers and defenders, with an emphasis on simplicity, context-aware detection, and teaching analysts to understand attacker behaviour. Embedding project-style coordination and running small, focused simulations helps turn the SOC from a static service into a living capability.