Cloud Guardrails Advance as Critical Patches Land and Exploits Emerge

Agent Sandbox: Kubernetes Enhancements for AI Agents

🛡️ Agent Sandbox is a new Kubernetes primitive designed to run AI agents with strong, kernel-level isolation. Built on gVisor with optional Kata Containers and developed in the Kubernetes community as a CNCF project, it reduces risks from agent-executed code. On GKE, managed gVisor, container-optimized compute and pre-warmed sandbox pools deliver sub-second startup latency and up to 90% cold-start improvement. A Python SDK and a simple API abstract YAML so AI engineers can manage sandbox lifecycles without deep infrastructure expertise; Agent Sandbox is open source and deployable on GKE today.

GKE: Unified Platform for Agents, Scale, and Inference

🚀 Google details a broad set of GKE and Kubernetes enhancements announced at KubeCon to address agentic AI, large-scale training, and latency-sensitive inference. GKE introduces Agent Sandbox (gVisor-based) for isolated agent execution and a managed GKE Agent Sandbox with snapshots and optimized compute. The platform also delivers faster autoscaling through Autopilot compute classes, Buffers API, and container image streaming, while inference is accelerated by GKE Inference Gateway, Pod Snapshots, and Inference Quickstart.

AWS expands Graviton4 EC2 C8gd, M8gd, R8gd regions

🚀 Amazon EC2 C8gd instances are now available in Europe (London) and Canada (Central), while M8gd and R8gd sizes have expanded to South America (Sao Paulo) and Europe (London), respectively. Powered by AWS Graviton4, these instances deliver up to 30% better performance versus Graviton3 and offer up to 11.4 TB NVMe local storage and EFA on select sizes. Customers can also adjust network and EBS bandwidth by 25% via instance bandwidth weighting.

Amazon Keyspaces Adds Logged Batches for Atomic Writes

🔒 Amazon Keyspaces (for Apache Cassandra) now supports Logged Batches, enabling multiple INSERT, UPDATE, and DELETE operations to be executed as a single atomic transaction. This ensures that all writes in a batch succeed or none are applied, improving consistency across rows and tables for use cases such as finance, inventory, and multi-entity profile updates. The feature preserves Cassandra's atomicity guarantees, integrates with CQL, scales serverlessly with your workload, and is available today in all AWS Commercial and AWS GovCloud (US) Regions. Customers pay only for the standard write operations processed within each batch.

Amazon EC2 M8a Instances Now in N. Virginia & Tokyo

🚀 Amazon EC2 M8a instances are now available in US East (N. Virginia) and Asia Pacific (Tokyo). Powered by 5th Gen AMD EPYC processors (code-named Turin) with up to 4.5 GHz, M8a delivers up to 30% higher performance, up to 19% better price-performance versus M7a, and 45% more memory bandwidth. They show workload gains up to 60% for GroovyJVM and 39% for Cassandra, are SAP-certified, come in 12 sizes including two bare-metal options, and run on sixth-generation AWS Nitro Cards. Customers can purchase M8a via Savings Plans, On‑Demand, or Spot.

Google Cloud Expands AI Infrastructure and Services in India

🤝 Google Cloud is increasing local AI compute in India with its AI Hypercomputer powered by Trillium TPUs, enabling training and serving of advanced Gemini models with data residency and sovereignty controls. New local offerings include batch support for Gemini 2.5 Flash, a preview of Document AI, and real‑time grounding using Google Maps for location‑aware responses. Google is also supporting Indic Arena at IIT Madras with cloud credits to benchmark Indian multilingual models and to help grow the local AI ecosystem.

How BigQuery Brought Vector Search to Analytics at Scale

🔍 In early 2024 Google introduced native vector search in BigQuery, embedding semantic search directly into the data warehouse to remove the need for separate vector databases. Users can create indexes with a simple CREATE VECTOR INDEX statement and run semantic queries via the VECTOR_SEARCH function or through Python integrations like LangChain. BigQuery provides serverless scaling, asynchronous index refreshes, model rebuilds with no downtime, partitioned indexes, and ScaNN-based TreeAH for improved price/performance, while retaining row- and column-level security and a pay-as-you-go pricing model.

Microsoft releases KB5068781 — first Windows 10 ESU update

🔔 Microsoft released KB5068781, the first Extended Security Update (ESU) for Windows 10 following the platform's end of support. The update fixes a bug that incorrectly reported LTSC devices as out of support and bundles October Patch Tuesday fixes. It addresses 63 vulnerabilities — including one actively exploited elevation-of-privilege flaw — and is mandatory for enrolled devices, installing via Settings → Windows Update and updating ESU and LTSC builds to 19045.6575/19044.6575.

Bitcoin Queen Sentenced to Nearly 12 Years for £5.5B Scam

🔒 Zhimin Qian, dubbed the "Bitcoin Queen," was sentenced in London to 11 years and eight months after a seven-year Met Police investigation found she laundered proceeds from a £5.5 billion cryptocurrency investment scheme that defrauded more than 128,000 victims in China between 2014 and 2017. Investigators seized 61,000 Bitcoin — now valued at roughly £5.5 billion — marking the largest crypto seizure in UK history. Two associates received prison terms and authorities confiscated additional assets including wallets, encrypted devices, cash, and gold.

Hackers Exploit Triofox AV Feature to Deploy Remote Tools

⚠️ Hackers exploited a critical Triofox vulnerability (CVE-2025-12480) and abused the product's built-in antivirus configuration to achieve remote code execution as SYSTEM. Google Threat Intelligence Group traced the activity to UNC6485 targeting a Triofox server in August; attackers bypassed authentication via Host header/Referer spoofing and configured a malicious scanner to run a PowerShell downloader. Vendor patches are available; administrators should update and audit admin and scanner settings.

KONNI APT Abuses Google Find Hub to Wipe Android Devices

🔐 Genians Security Center (GSC) has attributed a recent destructive campaign to the KONNI APT, which abused Google’s Find Hub service to remotely wipe Android phones and tablets. Threat actors distributed a signed MSI via compromised KakaoTalk accounts, installed an AutoIt loader, and stole Google credentials to trigger remote resets when victims were away. GSC describes this as the first confirmed state-linked misuse of Find Hub and recommends stronger authentication, verification for remote wipes, and enhanced EDR and behavioral monitoring.

SAP patches critical hardcoded credentials in SQL Anywhere

🔒 SAP released November security updates addressing a maximum-severity (10.0) hardcoded credentials flaw in the non-GUI component of SQL Anywhere Monitor (CVE-2025-42890) and a critical code-injection issue in SAP Solution Manager (CVE-2025-42887). The embedded credentials could allow attackers to access administrative functions and potentially execute arbitrary code. Administrators should apply updates and follow SAP mitigation guidance promptly.

Attackers Exploit Critical Triofox Flaw for Code Execution

⚠️ Mandiant and Google GTIG observed UNC6485 exploiting a critical improper access control flaw, CVE-2025-12480, in Gladinet Triofox versions prior to 16.7.10368.56560. Attackers spoofed a localhost Host header to reach setup pages, create a native 'Cluster Admin' account and upload payloads. They abused the product's anti‑virus configuration to execute arbitrary scripts as SYSTEM, then deployed remote access tools, escalated privileges and exfiltrated credentials. Users are urged to update, audit admin accounts and hunt for indicators of compromise.

CISA Adds Samsung Zero-Day Used to Deploy LandFall Spyware

🛡️ US federal agencies have been directed to patch a critical Samsung zero-day exploited to deploy spyware on mobile devices. The out-of-bounds write flaw CVE-2025-21042 (CVSS 9.8) was patched by Samsung in April, but Palo Alto Networks reports it has been used in a campaign since mid-2024. Commercial spyware LandFall was embedded in malicious DNG images and distributed via WhatsApp, with possible zero-click remote code execution. CISA added the bug to its KEV catalog and requires mitigation or discontinuation by December 1.

GlassWorm Resurfaces in VS Code Extensions and GitHub

🐛 Researchers have found a renewed wave of the GlassWorm supply-chain worm targeting Visual Studio Code extensions and GitHub repositories after it was previously declared contained. The malware hides JavaScript payloads in undisplayable Unicode characters, making malicious code invisible in editors, and uses blockchain memos on Solana to publish remote C2 endpoints. Koi researchers identified three newly compromised OpenVSX extensions and observed credential theft and AI-styled commits used to propagate the worm.

Maverick Banking Malware Spreads via WhatsApp Web in Brazil

⚠️ Threat hunters report a .NET banking trojan dubbed Maverick propagating via WhatsApp Web, with analyses noting significant code overlaps with the Coyote family and attribution to the actor known as Water Saci. The campaign uses a self-propagating component named SORVEPOTEL to distribute a ZIP containing an LNK that launches PowerShell/cmd to fetch loaders from zapgrande[.]com. The loader installs modules only after geo/linguistic checks confirm the victim is in Brazil and then deploys banking-targeted credential-stealing and web-injection capabilities.

GlobalLogic warns 10,000 employees of Oracle data theft

🔒 GlobalLogic is notifying 10,471 current and former employees that personal data was stolen after attackers exploited an Oracle E-Business Suite zero-day. The compromised HR information includes names, contact details, birthdates, passport and tax identifiers, salary and bank account information. The incident aligns with a wider extortion campaign linked to the Clop ransomware group exploiting CVE-2025-61882.

GootLoader Returns Using Custom Font to Conceal Payload

🔍 Huntress observed the return of GootLoader infections beginning October 27, 2025, with two cases leading to hands-on keyboard intrusions and domain controller compromise within 17 hours. The loader now embeds a custom WOFF2 font using Z85 encoding to substitute glyphs and render obfuscated filenames readable only in the victim browser. Actors deliver XOR-encrypted ZIPs via compromised WordPress comment endpoints and SEO-poisoned search results, and the archive is crafted to appear as benign text to many automated analysis tools while extracting a JavaScript payload on Windows.

Microsoft November 2025 Patch Tuesday: 63 Flaws, 1 Zero-Day

🛡️ Microsoft’s November 2025 Patch Tuesday addresses 63 vulnerabilities, including one actively exploited zero-day in the Windows Kernel (CVE-2025-62215). The update bundle includes four Critical issues and a broad set of fixes across kernel, RDP, Hyper-V, drivers, Office components and other Windows subsystems. Organizations still on unsupported Windows 10 should upgrade to Windows 11 or enroll in Microsoft’s ESU program; Microsoft also released an out-of-band patch to fix an ESU enrollment bug.

Pixnapping vulnerability: Android screen-snooping risk

🔒 A newly disclosed exploit named Pixnapping (CVE-2025-48561) allows a malicious Android app with no special permissions to read screen pixels from other apps and reconstruct sensitive content. The attack chains intent-based off-screen rendering, translucent overlays, and a GPU compression timing side channel to infer pixel values. Google issued a September patch but researchers bypassed it, and a more robust fix is planned.

Qilin Ransomware Activity Surges, Targeting SMEs in 2025

🔐 Researchers at S-RM report a surge in activity by the Qilin ransomware-as-a-service operation, which leverages unpatched VPNs, single-factor remote access and exposed management interfaces to gain initial access. While some high-profile incidents hit healthcare, most victims are small-to-medium businesses in construction, healthcare and finance. S-RM also observed affiliates from Scattered Spider using Qilin’s platform, and noted new extortion channels including Telegram and public leak sites. The firm urges routine patching, widespread MFA adoption, network segmentation and proactive monitoring.

Amazon EC2 U7i-6tb High Memory Instances in Europe

⚙️ Amazon EC2 High Memory U7i-6tb instances are now available in Europe (Stockholm and Ireland). The u7i-6tb provides 6TB of DDR5 memory and 448 vCPUs, with up to 100 Gbps for EBS and network bandwidth and support for ENA Express. Powered by custom 4th-gen Intel Xeon (Sapphire Rapids), these instances target mission‑critical in‑memory databases such as SAP HANA, Oracle, and SQL Server.

CometJacking: Prompt-Injection Risk in AI Browsers

🔒 Researchers disclosed a prompt-injection technique dubbed CometJacking that abuses URL parameters to deliver hidden instructions to Perplexity’s Comet AI browser. By embedding malicious directives in the 'collection' parameter an attacker can cause the agent to consult connected services and memory instead of searching the web. LayerX demonstrated exfiltration of Gmail messages and Google Calendar invites by encoding data in base64 and sending it to an external endpoint. According to the report, Comet followed the malicious prompt and bypassed Perplexity’s safeguards, illustrating broader limits of current LLM-based assistants.

North Korean Hackers Abuse Google's Find Hub for Wipes

🔒 Genians Security Center (GSC) reports that North Korea–linked KONNI actors abused Google's Android device‑tracing and management service Find Hub to remotely track and wipe victims' phones. Attackers compromised legitimate Google accounts—often via spear‑phishing impersonating South Korea’s National Tax Service—and used Find Hub to confirm location and issue reset commands that silenced alerts. The campaign also spread malware through compromised KakaoTalk contacts sending apps disguised as 'stress-relief' programs.

CISO Guide: Defending Against AI Supply-Chain Attacks

⚠️ AI-enabled supply chain attacks have surged in scale and sophistication, with malicious package uploads to open-source repositories rising 156% year-over-year and real incidents — from PyPI trojans to compromises of Hugging Face, GitHub and npm — already impacting production environments. These threats are polymorphic, context-aware, semantically camouflaged and temporally evasive, rendering signature-based tools increasingly ineffective. CISOs should prioritize AI-aware detection, behavioral provenance, runtime containment and strict contributor verification immediately to reduce exposure and satisfy emerging regulatory obligations such as the EU AI Act.

AWS Adds EC2 I7i Storage-Optimized Instances in Regions

⚡ AWS announced that high-performance, storage-optimized Amazon EC2 I7i instances are now available in the Asia Pacific (Hyderabad) and Canada (Central) regions. Powered by 5th-gen Intel Xeon Scalable CPUs and 3rd-gen AWS Nitro SSDs, I7i delivers up to 23% better compute and substantial NVMe storage improvements over I4i. Instances support torn-write prevention, real-time NVMe performance statistics, and sizes up to 48xlarge plus bare metal options.

Microsoft November 2025 Patch Tuesday: 63 Vulnerabilities

🔒 Microsoft released its November 2025 Patch Tuesday addressing 63 vulnerabilities across Windows, Office, Visual Studio and other components, including five labeled Critical. One important kernel elevation flaw, CVE-2025-62215, has been observed exploited in the wild. Critical issues include RCE in GDI+, Office, and Visual Studio, plus a DirectX elevation-of-privilege; Microsoft rates several as less likely to be exploited. Cisco Talos published Snort and Snort 3 rules and advises customers to apply updates and rule packs promptly.

Quantum Route Redirect: Automated PhaaS Targets 90 Countries

🔒 KnowBe4 has identified a new phishing-as-a-service platform called Quantum Route Redirect that automates large-scale credential theft across roughly 90 countries and is hosted on about 1,000 domains. The kit distinguishes security tools from real users to evade URL scanning and some web application firewalls, routing victims to Microsoft 365 credential-harvesting pages. It includes redirect configuration, traffic analytics, monitoring dashboards and themed lures such as DocuSign and payroll impersonations. KnowBe4 urges multi-layered defenses including NLP-driven email analysis, sandboxing, continuous monitoring and rapid incident response.

Authentication Coercion: Abusing Rare Windows RPC Interfaces

🔒 Unit 42 details how attackers force Windows hosts to authenticate to attacker-controlled systems by abusing rarely monitored RPC interfaces. The report explains techniques, including misuse of UNC path parameters and obscure opnums, and reviews a March 2025 healthcare incident that leveraged MS-EVEN ElfrOpenBELW. It outlines indicators such as bursts of failed NTLM authentications and RPC calls containing external UNC targets. Recommendations include detection, RPC filtering, SMB signing, and Cortex XDR protections.

Malicious npm Package Typosquats GitHub Actions Artifact

🔍 Cybersecurity researchers uncovered a malicious npm package, @acitons/artifact, that typosquats the legitimate @actions/artifact package to target GitHub-owned repositories. Veracode says versions 4.0.12–4.0.17 included a post-install hook that downloaded and executed a payload intended to exfiltrate build tokens and then publish artifacts as GitHub. The actor (npm user blakesdev) removed the offending versions and the last public npm release remains 4.0.10. Recommended actions include removing the malicious versions, auditing dependencies for typosquats, rotating exposed tokens, and hardening CI/CD supply-chain protections.

Fantasy Hub: Android RAT sold on Telegram as MaaS service

🔒 Cybersecurity researchers disclosed a new Android remote access trojan, Fantasy Hub, marketed on Russian-speaking Telegram channels under a Malware-as-a-Service model. The MaaS offers turnkey builders, bot-driven subscriptions, custom trojanized APKs and a C2 panel to manage compromised devices and exfiltrate SMS, contacts, media and call logs. Sellers provide fake Google Play landing pages and instruction to abuse the default SMS handler and deploy overlays to intercept banking 2FA and harvest credentials.

APT37 Abuses Google Find Hub to Remotely Wipe Android

🔍 North Korean-linked operators abuse Google Find Hub to locate targets' Android devices and issue remote factory resets after compromising Google accounts. The attacks focus on South Koreans and begin with social engineering over KakaoTalk, using signed MSI lures that deploy AutoIT loaders and RATs such as Remcos, Quasar, and RftRAT. Wiping devices severs mobile KakaoTalk alerts so attackers can hijack PC sessions to spread malware. Recommended defenses include enabling multi-factor authentication, keeping recovery access ready, and verifying unexpected files or messages before opening.

Windows 11 KB5068861 & KB5068865 November 2025 Updates

🔔 Microsoft released cumulative updates KB5068861 and KB5068865 for Windows 11 25H2/24H2 and 23H2, delivering the November 2025 Patch Tuesday security fixes, bug repairs, and several feature changes. The updates are mandatory security releases and update system build numbers to 26200.7019 (25H2/24H2 variants) and 226x1.6050 (23H2). Notable additions include a redesigned Start menu with Categories mode, updated battery icons with percentage, a new Copilot page in Get Started, Administrator Protection Preview, and post-quantum cryptography API support. Microsoft said the rollout is gradual and reported no new known issues at announcement time.

CPU Spike Reveals RansomHub Intrusion Before Ransomware

🔍 Varonis responded after a server CPU spike exposed an active intrusion later attributed to RansomHub affiliates. The attacker gained initial access via a SocGholish JavaScript masquerading as a browser update, then deployed a persistent Python-based SOCKS proxy and automated reconnaissance to hunt credentials and enumerate Active Directory. Within hours the actor obtained Domain Admin privileges and initiated broad discovery and exfiltration; Varonis developed an unpacker, identified IOCs, and coordinated containment and remediation that prevented ransomware with zero downtime.

AI startups expose API keys on GitHub, risking models

🔐 New research by cloud security firm Wiz found verified secret leaks in 65% of the Forbes AI 50, with API keys and access tokens exposed on GitHub. Some credentials were tied to vendors such as Hugging Face, Weights & Biases, and LangChain, potentially granting access to private models, training data, and internal details. Nearly half of Wiz’s disclosure attempts failed or received no response. The findings highlight urgent gaps in secret management and DevSecOps practices.

Microsoft emergency Windows 10 update fixes ESU enrollment

🔧Microsoft released an out‑of‑band update (KB5071959) to address a Windows 10 Consumer ESU enrollment failure that could cause the ESU wizard to abort. Once the update is installed and the device is rebooted, affected systems should be able to complete ESU enrollment and resume receiving Extended Security Updates via Windows Update. Microsoft flagged the patch as a security update for non‑enrolled devices to restore access to essential fixes.

Amazon CloudWatch Adds Threshold-Based Composite Alarms

🔔 Amazon CloudWatch now lets teams create threshold-based composite alarms that trigger only when a specified subset of monitored resources meet a condition. Using the new AT_LEAST function, you can define fixed counts or percentages — for example, at least two of four volumes low on capacity or 50% of hosts with high CPU — to reduce alert noise. The capability is available in all commercial AWS regions, AWS GovCloud (US), and China Regions; composite alarms pricing applies.

Synology Patches Critical BeeStation RCE Shown at Pwn2Own

🔒 Synology has released a patch for a critical remote code execution flaw (CVE-2025-12686) in BeeStation OS, following a proof-of-concept exploit shown at Pwn2Own Ireland. The vulnerability, described as a buffer copy without checking input size, can enable arbitrary code execution on impacted NAS devices and has no practical mitigations. Synology advises users to upgrade to BeeStation OS 1.3.2-65648 or later to remediate the issue. The flaw was demonstrated by Synacktiv researchers Tek and anyfun, who earned a $40,000 reward.

EU draft seeks GDPR changes for AI training and cookies

🛡️A leaked draft of the EU Commission’s proposed “Digital Omnibus” would amend the GDPR to absorb cookie rules and relax limits on AI training with personal data. The draft, due to be presented on 19 November 2025, would add Article 88a to move cookie regulation into the GDPR and allow processing on a closed list of low‑risk purposes or other legal bases including legitimate interest. Critics warn this shifts tracking from opt‑in to opt‑out and risks diluting privacy protections, while the proposal also narrows sensitive‑data protections and requires browsers to transmit consent preferences.

Global Cyber Attacks Surge in October 2025: Ransomware Rise

📈 Check Point Research found a continued uptick in global cyber assaults in October 2025, with organizations experiencing an average of 1,938 attacks per week. That represents a 2% increase from September and a 5% rise year‑over‑year. The report attributes the growth to an explosive expansion of ransomware operations and emerging risks tied to generative AI, while the education sector remained the most heavily targeted. Security teams are urged to strengthen detection, patching and access controls to counter increasingly automated and AI‑assisted threats.

AWS PCS Adds Slurm CLI Filter Plugin Support for HPC

🛠️ AWS Parallel Computing Service (PCS) now supports Slurm CLI Filter plugins, letting administrators extend and modify how Slurm evaluates and schedules HPC jobs without changing Slurm source code. With CLI Filter plugins, you can enforce custom submission policies — validate required flags, reject submissions missing attributes, or adjust job parameters at submission. This capability is available in all Regions where PCS is offered.

Amazon EC2 C6id and R6id Instances Expand Regions Now

🚀 Amazon Web Services has made EC2 C6id instances available in Europe (Milan) and R6id instances available in Africa (Cape Town). Powered by 3rd-generation Intel Xeon Scalable Ice Lake processors (3.5 GHz all-core turbo) and up to 7.6 TB of local NVMe SSD, these Nitro-based instances deliver high compute, memory access, and low-latency storage. Use cases include media processing, distributed in-memory caches, in-memory databases, data logging, and real-time analytics. Customers can purchase capacity via Savings Plans, Reserved, On-Demand, and Spot, and provision using the AWS CLI and SDKs.

Windows 11 23H2 Home and Pro Reach End of Support Now

⚠️ Microsoft confirmed that Windows 11, version 23H2 Home and Pro editions reached end of servicing on November 11, 2025; the November 2025 monthly security update is the last patch for those SKUs. Devices running those editions will no longer receive monthly security or preview updates protecting against the latest threats. Users are advised to upgrade to Windows 11, version 25H2, available to eligible devices via Settings > Windows Update.

Lightricks Scales Video Diffusion Training with JAX

🚀 Lightricks rewrote its training stack in JAX to scale high-performance video diffusion models on TPUs after hitting limits with PyTorch/XLA. The migration enabled reliable sharding, fixed FlashAttention and data-loading issues, and delivered linear scaling across small and large TPU pods. These improvements translated to ~40% more training steps per day, faster iteration, and doubled team productivity. Their stack leverages Flax, Optax, Orbax, and the MaxText blueprint for robust, testable, and efficient large-scale training.

Senate Restores Lapsed Cybersecurity Laws After Shutdown

🛡️ The Senate voted 60-40 to advance a continuing resolution that temporarily reinstates the Cybersecurity Information Sharing Act of 2015 (CISA) and the Federal Cybersecurity Enhancement Act through January 2026. The measure restores liability shields, antitrust exemptions and FOIA protections that encourage private-sector threat sharing and renews authority for EINSTEIN intrusion-detection services for civilian agencies. The stopgap leaves another funding deadline early next year and raises questions about a full reauthorization versus further short-term extensions.

Cyber spies target German public administration, says BSI

🔒 The German Federal Office for Information Security (BSI) reports that cyber espionage is increasingly targeting public administration, with notable victims in defense, judiciary and public safety. The 1 July 2024–30 June 2025 report notes law-enforcement actions against ransomware providers LockBit and Alphv but warns many incidents go unreported. It highlights rising quishing and vishing attacks, insufficient basic protections—especially among SMEs and political organizations—and calls for stronger investment and reduced dependence on U.S. infrastructure.

Shadow AI: The Emerging Security Blind Spot for Companies

🔦 Shadow AI — the unsanctioned use of generative and agentic tools by employees — is creating a sizeable security blind spot for IT teams. Unsanctioned chatbots, browser extensions and autonomous agents can expose sensitive data, introduce vulnerabilities, or execute unauthorized actions. Organizations should inventory use, define realistic acceptable-use policies, vet vendors and combine technical controls with user education to reduce data leakage and compliance risk.

Why a Fully Passwordless Enterprise May Remain Elusive

🔒 Enterprises have pursued a passwordless future for more than a decade, yet deployment is stalling as legacy systems, industrial and IoT devices, and custom apps often lack support. A recent RSA report found 90% of organizations face coverage gaps or poor user experience, leaving most firms able to cover only about 75–85% of use cases. Experts warn that enrollment, recovery, and fallback mechanisms frequently reintroduce passwords and expand attack surfaces unless those flows are made as phishing-resistant as logins.

Beyond Silos: DDI and AI Redefining Cyber Resilience

🔐 DDI logs — DNS, DHCP and IP address management — are the authoritative record of network behavior, and when combined with AI become a high-fidelity source for threat detection and automated response. Integrated DDI-AI correlates disparate events into actionable incidents, enabling SOAR-driven quarantines and DNS blocking at machine speed. This fusion also powers continuous, AI-driven breach and attack simulation to validate defenses and harden models.

Fortinet Wins Red Dot Award for FortiGate Rugged Series

🏆Fortinet’s FortiGate Rugged series (FGR-50G-5G and FGR-70G-5G) earned the Red Dot Product Design Award for its fanless industrial design, integrated 5G, and purpose-built ASIC performance. Engineered for OT and critical infrastructure, the appliances combine thermal resilience, shock and moisture protection, and low-latency security functions including next-generation firewalling, SD-WAN, VPN, and AI-driven threat detection. The recognition underscores Fortinet’s focus on precision engineering and durable, field-ready security.

Mountpoint for Amazon S3 Included in Amazon Linux 2023

🔧 Mountpoint for Amazon S3 is now included in Amazon Linux 2023, making it straightforward to install, update, and mount S3 buckets with a single command. Previously, users downloaded the Mountpoint package from GitHub, resolved dependencies, and managed updates manually; inclusion in AL2023 streamlines that workflow. The open source project is backed by AWS and offers 24/7 AWS cloud support for Business and Enterprise Support customers—consult the repository and documentation to get started.

The AI Fix #76 — AI self-awareness and the death of comedy

🧠 In episode 76 of The AI Fix, hosts Graham Cluley and Mark Stockley navigate a string of alarming and absurd AI stories from November 2025. They discuss US judges who blamed AI for invented case law, a Chinese humanoid that dramatically shed its outer skin onstage, Toyota’s unsettling walking chair, and Google’s plan to put specialised AI chips in orbit. The conversation explores reliability, public trust and whether prompting an LLM to "notice its noticing" changes how conscious it sounds.

Webinar: Modern Patch Management Strategies for 2026

🔐 On December 2 at 2:00 PM ET, BleepingComputer and SC Media will host a live webinar featuring Gene Moody, Field CTO at Action1, on modern patch management strategies to reduce risk and speed remediation. The session, titled Winning the 2026 vulnerability race, explains how cloud-native, policy-driven tools can address limitations of legacy systems like WSUS. Attendees will learn prioritization techniques, visibility practices, and automation use cases to align patching with business impact.