AI-Powered SecOps, Cloud Upgrades, and Cisco Remediation

Microsoft unveils Fairwater AI datacenter in Atlanta

🚀 Microsoft announced the new Fairwater Azure AI datacenter in Atlanta, Georgia, expanding its planet-scale AI superfactory. The purpose-built facility integrates massive NVIDIA Blackwell GPU clusters on a single flat network and uses rack-level direct liquid cooling plus a two-story layout to maximize compute density and reduce latency. It also connects via a dedicated AI WAN to enable cross-site fungibility and dynamic workload allocation.

BigQuery AI Functions: Reimagining SQL for the AI Era

🤖 BigQuery is introducing managed AI functions in public preview — AI.IF, AI.CLASSIFY, and AI.SCORE — that let analysts apply generative AI directly inside SQL queries. These functions enable semantic filtering and joins, label-based classification of text and images, and natural-language ranking, while BigQuery applies prompt, query-plan, and endpoint optimizations to reduce LLM calls and control cost. They complement existing Gemini inference functions and remove much of the need for complex prompt tuning or separate model selection, making AI-driven analytics more accessible within familiar SQL workflows.

Flexible path to modern EUC with Cameyo by Google Launch

🔒 Cameyo by Google is a cloud-native Virtual App Delivery solution that streams legacy Windows and Linux applications into the browser or publishes them as Progressive Web Apps, avoiding the overhead of full VDI. Paired with Chrome Enterprise Premium, Cameyo brings legacy client apps under a single secure browsing context with advanced DLP and threat protection. IT teams benefit from faster deployments, reduced VPN and infrastructure complexity, and a clear migration path to ChromeOS while preserving critical Windows workloads.

Emerging Threats Center in Google Security Operations

🛡️ The Emerging Threats Center in Google Security Operations uses the Gemini detection‑engineering agent to turn frontline intelligence from Mandiant, VirusTotal, and Google into actionable detections. It generates high‑fidelity synthetic events, evaluates existing rule coverage, and drafts candidate detection rules for analyst review. The capability surfaces campaign‑based IOC and detection matches across 12 months of telemetry to help teams rapidly determine exposure and validate their defensive posture.

Google Announces Private AI Compute for Cloud Privacy

🔒 Google on Tuesday introduced Private AI Compute, a cloud privacy capability that aims to deliver on-device-level assurances while harnessing the scale of Gemini models. The service uses Trillium TPUs and Titanium Intelligence Enclaves (TIE) and relies on an AMD-based Trusted Execution Environment to encrypt and isolate memory on trusted nodes. Workloads are mutually attested, cryptographically validated, and ephemeral so inputs and inferences are discarded after each session, with Google stating data remains private to the user — 'not even Google.' An external assessment by NCC Group flagged a low-risk timing side channel in the IP-blinding relay and three attestation implementation issues that Google is mitigating.

BigQuery adds MATCH_RECOGNIZE for row-sequence SQL

🔍 BigQuery now supports MATCH_RECOGNIZE, a SQL clause for identifying ordered patterns across rows and time-series data. It lets analysts express complex sequence logic—using PARTITION BY, ORDER BY, PATTERN, DEFINE and MEASURES—inside a single query without heavy joins or external processing. The feature targets use cases like funnels, fraud detection, log sequencing, and financial pattern detection, and is immediately available to all BigQuery users.

Bringing Connected AI Work Experiences Across Devices

🚀 Google outlines its plan to embed Generative AI across enterprise platforms and endpoints, integrating Gemini into Chrome Enterprise, Android, Pixel phones and Chromebook Plus devices. The post highlights the general availability of Cameyo by Google to virtualize legacy and modern apps in the cloud and the launch of Gemini in Chrome with enterprise-grade controls. It also previews Android XR and Pixel features powered by Gemini Nano, while expanding data loss prevention and a one-click SecOps integration to help IT secure AI-driven workflows.

AWS Site-to-Site VPN supports 5 Gbps bandwidth per tunnel

🔒 AWS Site-to-Site VPN now supports configurable tunnel bandwidth up to 5 Gbps, a 4x increase over the previous 1.25 Gbps limit. The update reduces the need to deploy complex protocols such as ECMP to aggregate tunnels, simplifying high-throughput hybrid connectivity for migrations, analytics, and disaster recovery. The capability is available in most commercial and GovCloud (US) Regions with a few regional exceptions.

Architecture of Remote Bindings for Local Worker Development

🚀 Cloudflare has made remote bindings generally available, letting local Workers connect to live resources such as R2 buckets, D1 and KV namespaces without deploying. Developers can enable a binding with "remote: true" in Wrangler v4.37.0 and use existing Wrangler OAuth credentials to access production data. The local workerd runtime proxies JS API calls to remote service bindings (including JSRPC via Cap’n Web websockets), and tooling like the Vite plugin and vitest-pool-workers can use utilities such as startRemoteProxySession to join remote sessions.

CISA Issues Guidance for Cisco ASA and Firepower Fixes

🔔 CISA released implementation guidance for Cisco ASA and Firepower devices to support Emergency Directive 25-03. The guidance lists minimum software versions that remediate CVE-2025-20333 and CVE-2025-20362 and directs agencies to perform corrective patching. CISA warns multiple organizations believed they had applied updates but had not and recommends all operators verify exact versions. Agencies with devices not yet updated or updated after Sept. 26, 2025, should follow additional temporary mitigations.

Amazon Managed Prometheus Collector Adds MSK Support

📈 The Amazon Managed Service for Prometheus collector now supports discovery and scraping of Prometheus metrics from Amazon Managed Streaming for Apache Kafka (MSK) clusters without deploying agents. The agentless collector can target metrics exposed via the JMX exporter and the Node exporter, covering host-level, JVM-level, and broker-specific telemetry. This simplifies open monitoring for MSK, improves availability and scalability, and is available in all commercial regions where the service is offered.

AWS Adds CUR 2.0 Detail for EC2 Capacity Reservations

🔍 AWS has extended the Cost and Usage Report (CUR 2.0) to surface hourly, resource-level billing information for capacity reservations including EC2 On-Demand Capacity Reservation (ODCR) and EC2 Capacity Blocks for ML. CUR 2.0 now tags capacity-related line items as Reserved, Used, or Unused, enabling precise coverage and utilization calculations. The enhancement helps identify idle reservations and attribute reservation costs to resource owners for cost optimization.

Google Sues to Dismantle Lighthouse Phishing Platform

🛡️ Google has filed a lawsuit seeking to dismantle Lighthouse, a China-linked phishing-as-a-service platform accused of powering global SMS phishing ("smishing") campaigns that impersonate USPS and E-ZPass. Google says Lighthouse has impacted more than 1 million victims across 120 countries and that phishing templates even display Google's branding to trick users. The company is pursuing federal claims including RICO, the Lanham Act, and the CFAA while expanding AI and product protections.

Amazon: APT Exploits Cisco ISE and Citrix Zero‑Days

🔒 Amazon Threat Intelligence identified an advanced threat actor exploiting undisclosed zero-day vulnerabilities in Cisco Identity Services Engine (ISE) and Citrix products. The actor achieved pre-authentication remote code execution via a newly tracked Cisco deserialization flaw (CVE-2025-20337) and earlier Citrix Bleed Two activity (CVE-2025-5777). Following exploitation, a custom in-memory web shell disguised as IdentityAuditAction was deployed, demonstrating sophisticated evasion using Java reflection, Tomcat request listeners, and DES with nonstandard Base64. Amazon recommends limiting external access to management endpoints and implementing layered defenses and detection coverage.

November Patch Tuesday: Critical Windows Kernel Zero-Day

⚠️ Microsoft’s November Patch Tuesday addresses 63 vulnerabilities, including an actively exploited Windows kernel zero-day CVE-2025-62215 that can allow local attackers to escalate to SYSTEM via a complex race-condition double-free. Administrators should prioritize this fix across servers, domain controllers, and desktops, including Windows 10 systems enrolled in the ESU program. Other notable fixes include a Copilot Chat extension RCE (CVE-2025-62222) and a critical Microsoft Graphics Component overflow that could be triggered by specially crafted document uploads.

Google Sues to Dismantle Lighthouse Phishing Platform

⚖️ Google has filed a lawsuit to dismantle the Lighthouse phishing‑as‑a‑service platform accused of enabling global SMS phishing (“smishing”) that impersonates USPS and toll providers. The company says Lighthouse has impacted more than 1 million victims in 120 countries and that similar scams may have exposed up to 115 million U.S. payment cards between July 2023 and October 2024. Google’s complaint invokes federal racketeering, trademark, and computer fraud laws and seeks to seize the infrastructure hosting fraudulent templates that even mimic Google sign‑in screens.

Tenable Reveals New Prompt-Injection Risks in ChatGPT

🔐 Researchers at Tenable disclosed seven techniques that can cause ChatGPT to leak private chat history by abusing built-in features such as web search, conversation memory and Markdown rendering. The attacks are primarily indirect prompt injections that exploit a secondary summarization model (SearchGPT), Bing tracking redirects, and a code-block rendering bug. Tenable reported the issues to OpenAI, and while some fixes were implemented several techniques still appear to work.

Amazon: Threat Actor Exploited Cisco and Citrix Zero-Days

⚠️ Amazon's threat intelligence team disclosed that it observed an advanced threat actor exploiting two zero-day vulnerabilities in Citrix NetScaler ADC (CVE-2025-5777) and Cisco Identity Services Engine (CVE-2025-20337) to deploy a custom web shell. The backdoor, disguised as an IdentityAuditAction component, operates entirely in memory, uses Java reflection to inject into running threads, and registers a Tomcat listener to monitor HTTP traffic. Amazon observed the activity via its MadPot honeypot, called the actor highly resourced, and noted both flaws were later patched by the vendors.

Synnovis Notifies NHS of Patient Data Theft After Ransomware

🔒 Synnovis has notified NHS organisations that a June 2024 ransomware incident resulted in the theft of patient data, including names, NHS numbers, dates of birth, and some test results. The company says the exfiltrated files were unstructured and fragmented, requiring specialist analysis to reassemble. Synnovis confirmed no ransom was paid, is coordinating notifications with affected trusts and expects to complete notifications by 21 November 2025. The incident has been linked to the Qilin ransomware operation.

CISA Issues Guidance on Cisco ASA and Firepower Risks

⚠️ CISA released Implementation Guidance for Emergency Directive 25‑03 addressing ongoing exploitation of Cisco ASA and Firepower devices, identifying minimum software versions that remediate known vulnerabilities. The guidance directs federal agencies to perform corrective patching and recommends all organizations verify and apply the specified minimum updates. CISA also provides the RayDetect scanner to analyze ASA core dumps for RayInitiator compromise and offers temporary mitigation recommendations for agencies still completing compliance.

Microsoft Patches 63 Flaws Including Kernel Zero‑Day

🔒 Microsoft released patches for 63 vulnerabilities, four rated Critical and 59 Important, including a Windows Kernel zero-day (CVE-2025-62215) that Microsoft says is being exploited in the wild. The flaws span privilege escalation, remote code execution, information disclosure and DoS, with notable heap-overflow issues in Graphics Component and WSL GUI. Administrators are urged to prioritize updates where exploits are known or where vulnerabilities permit privilege escalation or remote code execution.

Microsoft Fixes Windows Kernel Zero Day in November

🔒 Microsoft released its November Patch Tuesday updates addressing over 60 CVEs, including an actively exploited Windows kernel zero-day (CVE-2025-62215). The flaw is a race-condition and double-free that can let low-privileged local attackers corrupt kernel memory and escalate to system privileges, though exploitation requires precise timing and local code execution. Administrators should also prioritise a critical GDI+ RCE (CVE-2025-60724, CVSS 9.8) that can be triggered by parsing specially crafted metafiles. Microsoft additionally issued an out-of-band update (KB5071959) to resolve Windows 10 Consumer ESU enrollment failures.

Canon TTF Printer Vulnerability Allows Remote Code Execution

🖨️ Independent researcher Peter Geissler disclosed a critical vulnerability (CVE-2024-12649) in certain Canon printers that can be triggered simply by printing an XPS document containing a malicious TTF font. The exploit abuses TTF hinting instructions to overflow a virtual-machine stack in the printer’s font engine, allowing code execution on devices running Canon’s DryOS. Canon has issued firmware updates, but organizations should promptly patch, restrict printer exposure, and segment printers to reduce risk.

Zero-day Attacks Exploit Citrix Bleed 2 and Cisco ISE

🛡️ Amazon's MadPot honeypot observed exploitation of Citrix Bleed 2 (CVE-2025-5777) and Cisco ISE (CVE-2025-20337) before public disclosure. The attacker used the ISE flaw to deploy a stealthy custom web shell named IdentityAuditAction, which registered an HTTP listener, used Java reflection to inject into Tomcat threads, and relied on DES with non-standard base64 encoding for concealment. Apply vendor patches and limit edge device access through layered firewall controls.

Google Sues China-Based Operators of PhaaS 'Lighthouse'

⚖️ Google has filed a civil lawsuit in the U.S. District Court for the Southern District of New York against China-based operators of the PhaaS kit Lighthouse, which Google says has ensnared over one million users across 120 countries. The platform is accused of powering industrial-scale SMS phishing and smishing campaigns that impersonate trusted brands like E-ZPass and USPS to steal financial data. Google alleges the actors illegally used its trademarks on at least 107 spoofed sign-in templates and seeks to dismantle the infrastructure under the RICO, Lanham Act, and the Computer Fraud and Abuse Act. Security firms link Lighthouse to a broader PhaaS ecosystem including Darcula and Lucid, and to a smishing syndicate tracked as Smishing Triad.

Payroll Pirates Malvertising Hijacks Hundreds of Sites

🏴‍☠️ Since mid‑2023, researchers tracked a financially motivated malvertising network named Payroll Pirates that impersonated payroll portals to harvest credentials and facilitate fraud. The operation used sponsored ads to funnel more than 500,000 visitors to cloned login pages and targeted over 200 interfaces, including payroll systems, credit unions, and trading platforms across the U.S. Its tactics evolved with refined ad placement, credential-harvesting pages, and coordinated infrastructure to maximize theft and evade detection.

CISA Adds Three CVEs to KEV Catalog Targeting Federal Assets

🔔CISA added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-9242 (WatchGuard Firebox out-of-bounds write), CVE-2025-12480 (Gladinet Triofox improper access control), and CVE-2025-62215 (Microsoft Windows race condition). Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by the required due dates. CISA urges all organizations to prioritize timely remediation and other mitigations to reduce exposure to active threats.

Typosquatted npm Package Targets GitHub Actions Builds

⚠️ A malicious npm package, @acitons/artifact, impersonated the legitimate @actions/artifact module and was uploaded on November 7 to specifically target GitHub Actions CI/CD workflows. It included a post-install hook that executed an obfuscated shell-script named "harness," which fetched a JavaScript payload (verify.js) to detect GitHub runners and exfiltrate build tokens. Using those tokens the attacker could publish artifacts and impersonate GitHub; the package accrued over 260,000 downloads across six versions before detection.

Initial Access Broker Pleads Guilty in Yanluowang Case

🔒Aleksey Olegovich Volkov, a 25-year-old Russian accused of acting as an initial access broker, is set to plead guilty in a federal case tied to the Yanluowang ransomware group. Prosecutors say he sold administrator credentials to operators and received over $256,000, while victims paid ransoms up to $1 million. Investigators traced Bitcoin flows to wallets Volkov verified with identity documents, and his plea includes more than $9 million in restitution.

November 2025 Patch Tuesday: One Zero-Day, Five Criticals

🔒 Microsoft’s November 2025 Patch Tuesday addresses 63 CVEs, including one actively exploited zero‑day and five Critical vulnerabilities that span Windows, Office, Developer Tools and third‑party products. This release is the first Extended Security Update (ESU) roll‑out for Windows 10 after its October 14 end‑of‑life; ESU enrollment and upgrade to 22H2 are required to receive fixes. CrowdStrike notes elevation of privilege, remote code execution and information disclosure are the leading exploitation techniques this month. Administrators should prioritize the zero‑day and Critical fixes (notably GDI+ and Nuance PowerScribe) and adopt mitigations where patching is delayed.

DanaBot Malware Returns Targeting Windows After Disruption

🔁 Zscaler ThreatLabz has observed a new DanaBot variant (v669) returning to Windows systems after a six-month disruption caused by Operation Endgame. The rebuilt command-and-control infrastructure uses Tor .onion domains and 'backconnect' nodes, and operators are collecting stolen funds via multiple cryptocurrency addresses (BTC, ETH, LTC, TRX). Organizations should add Zscaler's IoCs to blocklists, update detection tools, and harden email and web defenses against malspam, SEO poisoning, and malvertising.

GlobalLogic Confirmed as Victim of Cl0p Oracle EBS Exploit

🔒 GlobalLogic has notified 10,471 current and former employees that their data was exposed after a zero-day in Oracle E-Business Suite (EBS) was exploited in early October 2025. The company says it patched the vulnerability after confirming data exfiltration on 9 October. Stolen records reportedly include HR and payroll details such as names, dates of birth, passport numbers, salary, bank account and routing numbers, creating a high risk of follow-on phishing and identity fraud. GlobalLogic did not confirm contact by the extortion group, while security firms link the incident to Cl0p, which has targeted dozens of organizations including Harvard and Envoy Air.

Miniatur Wunderland Hamburg warns of credit card breach

🔒 Miniatur Wunderland Hamburg has notified visitors of a data protection incident after detecting a compromise of its online ticket order page. The museum warns unauthorized parties may have accessed full credit card details, including cardholder name, card number, expiration date and CVV, for purchases between 6 June and 29 October 2025. The implicated server was isolated immediately and the museum says investigations are ongoing, but it has not disclosed further technical details or attacker identity.

AWS ALB Adds JWT Verification for Service-to-Service Auth

🔐 Amazon Web Services added JWT Verification to the Application Load Balancer (ALB), enabling ALB to validate token signatures, expirations, and claims in request headers. The capability supports OAuth 2.0 flows including Client Credentials, letting teams offload M2M/S2S token validation to the ALB without changing application code. The feature is available in all ALB-supported AWS Regions.

Windows 11 Adds Native Support for Third-Party Passkeys

🔐 Microsoft has added native Windows 11 support for third-party passkey managers, beginning with 1Password and Bitwarden. Introduced in the November 2025 security update, the platform-level passkey API lets Windows generate a cryptographic key pair while storing the private key in the chosen manager, and uses Windows Hello (PIN or biometric) to verify logins. Microsoft also integrated its Microsoft Password Manager from Edge into Windows so users can pick their preferred manager. The change aims to improve portability, phishing resistance, and ease of passwordless authentication across devices.

Amazon EC2 F2 FPGA Instances Expand to Four Regions

🚀 Starting today, Amazon EC2 F2 instances — the second-generation FPGA-powered instances featuring an FPGA with 16 GB of high-bandwidth memory (HBM) — are available in four additional regions: Europe (Frankfurt), Asia Pacific (Tokyo and Seoul), and Canada (Central). F2 delivers substantial hardware upgrades over F1, including up to 192 vCPUs, 2 TB system memory, 7.6 TiB SSD, and 100 Gbps networking. These instances target genomics, multimedia processing, big data, and network acceleration workloads and can be purchased On-Demand or via Savings Plans.

Rhadamanthys infostealer disrupted after server access loss

🔒 The Rhadamanthys infostealer operation has reportedly been disrupted, with multiple customers saying they no longer have SSH access to their web panels. Affected users report servers now require certificate-based logins instead of root passwords, prompting some to wipe and power down infrastructure. Researchers g0njxa and Gi7w0rm observed the outage and noted Tor onion sites for the operation are also offline. The developer and several customers suspect German law enforcement, and some analysts link the event to the broader Operation Endgame disruptions.

UK bill tightens cybersecurity for critical infrastructure

🛡️ The UK’s Cyber Security and Resilience Bill would impose mandatory security standards and a 24-hour reporting requirement on operators in healthcare, energy, water, transport and digital services. It updates the NIS 2018 framework and for the first time brings medium and large MSPs and data centres under direct regulatory oversight. Regulators would gain powers to levy turnover-linked penalties and the technology secretary would be able to order emergency mitigations during major cyber incidents.

New UK Cyber Security and Resilience Bill protects services

🔒 The UK introduced the Cyber Security and Resilience Bill on November 12, updating the NIS Regulations 2018 to strengthen protections for hospitals, energy, water and transport. The bill mandates security standards for medium and large managed service providers, requires incident notification to the NCSC and regulators within 24 hours (full reports in 72), and empowers regulators to designate and enforce controls on critical suppliers. It also creates turnover-based penalties and extends coverage to data centers and smart energy systems.

AWS FIS Adds Partial-Failure Test Scenarios for AZs

🧪 AWS Fault Injection Service (FIS) introduces two new pre-built experiment scenarios to simulate partial, cross- and single-AZ disruptions. The AZ: Application Slowdown scenario simulates increased latency and degraded performance within a single Availability Zone to validate observability, alarms, and AZ evacuation playbooks. The Cross-AZ: Traffic Slowdown scenario simulates degraded traffic between AZs and lets you target subsets of traffic for realistic gray-failure testing. These scenarios are available in all Regions where AWS FIS is offered, including AWS GovCloud (US).

Amazon Connect Cases Adds Conditional Field Visibility

🔧 Amazon Connect Cases now supports conditional field visibility and dependent field options to streamline case layouts and reduce data-entry errors. Administrators can show fields only when relevant (for example, display a Return Reason field for return cases) and restrict choice lists based on other selections (e.g., limit Issue Type to hardware options when Issue Category is Hardware). The feature is available in multiple AWS regions.

Microsoft fixes false Windows 10 end-of-support alerts

🔧 Microsoft resolved a bug that caused incorrect end-of-support warnings to appear in Windows Update settings after the October 2025 updates. The cosmetic issue affected Windows 10 22H2 devices enrolled in the Extended Security Updates (ESU) program as well as LTSC 2021 editions that remain supported, but affected systems continued to receive security updates. Microsoft issued a cloud configuration fix and on Nov 11, 2025 released KB5068781; admins can also apply a Known Issue Rollback policy if immediate deployment is required.

Amazon DCV Adds Support for EC2 Mac Apple silicon instances

🖥️ AWS announced Amazon DCV support for EC2 Mac instances powered by Apple silicon, enabling high-performance remote desktop access to macOS workloads in the cloud. Users can connect from Windows, Linux, macOS, or web clients and benefit from 4K resolution, multi-monitor support, and smooth 60 FPS streaming. Productivity features include time zone redirection and audio output, and the offering is available in all Regions that provide EC2 Mac instances.

Amazon CloudWatch Adds Network Load Balancer Access Logs

🔍 Amazon CloudWatch Logs now ingests Network Load Balancer (NLB) access logs as vended logs, enabling direct analysis within CloudWatch. You can run CloudWatch Logs Insights queries, create metric filters, and use Live Tail for real‑time traffic review to accelerate troubleshooting. NLB access logs are configurable from the NLB integrations tab, AWS CLI, or SDKs, and can also be delivered to Amazon Data Firehose or S3 with optional Apache Parquet conversion. Delivery to CloudWatch and Firehose is billed as vended logs; S3 delivery is free while Parquet conversion carries a per‑GB charge.

Secure AI by Design: A Policy Roadmap for Organizations

🛡️ In just a few years, AI has shifted from futuristic innovation to core business infrastructure, yet security practices have not kept pace. Palo Alto Networks presents a Secure AI by Design Policy Roadmap that defines the AI attack surface and prescribes actionable measures across external tools, agents, applications, and infrastructure. The Roadmap aligns with recent U.S. policy moves — including the June 2025 Executive Order and the July 2025 White House AI Action Plan — and calls for purpose-built defenses rather than retrofitting legacy controls.

Amazon EKS Independent Validation of Zero-Operator Access

🔒 AWS announced an independent affirmation of the Amazon EKS zero operator access design, validated by cybersecurity firm NCC Group. The review found no architectural gaps and confirmed that AWS personnel lack technical means to access or manipulate customer content in managed Kubernetes control planes or etcd backups. AWS highlights Nitro-based confidential compute, tightly scoped administrative APIs with multi-party change approval, mandatory logging and auditing, and envelope encryption for etcd as core protections. Customers retain visibility via cluster audit logs and remain responsible for securing worker node configurations outside managed modes.

UK introduces Cyber Security and Resilience Bill to Parliament

🔒 The UK government today introduced the Cyber Security and Resilience Bill, proposing a major overhaul of the NIS Regulations to align with updated EU standards. The draft would regulate managed service providers, expand scope to data centres and smart-appliance electricity flows, and mandate supply-chain risk management and NCSC Cyber Assessment Framework-based controls. Incident reporting windows would tighten to an initial 24 hours and full report within 72 hours, while the ICO and regulators gain stronger enforcement and fee powers.

Enterprise networks hit by legacy, unpatched systems

🔍 New research from Palo Alto Networks shows enterprise networks remain sprawling and poorly controlled: telemetry from 27 million devices across 1,800 enterprises found 26% of Linux and 8% of Windows systems running on end-of-life OS versions, 39% of directory-registered devices lack active endpoint protection, and 32.5% operate outside IT control. Poor segmentation — present in 77% of networks — and unmanaged edge devices increase attacker opportunities.

Amazon ElastiCache M7g and R7g Graviton3 in GovCloud

🚀 Amazon Web Services has added Graviton3-based M7g and R7g ElastiCache node families to AWS GovCloud (US-East and US-West). These Graviton3 nodes deliver improved price‑performance versus Graviton2 — for example, running ElastiCache for Redis OSS on an R7g.4xlarge can yield up to 28% higher throughput, up to 21% improved P99 latency, and up to 25% greater networking bandwidth. To adopt, create a new cluster or upgrade via the AWS Management Console; consult pricing and the node-type documentation for regional availability and details.

Amazon S3 Tables Gain Amazon CloudWatch Metrics Now

📊 Amazon CloudWatch metrics are now available for S3 Tables, providing visibility into storage, maintenance, and request activity. Metrics include daily storage and object counts, compaction bytes/objects processed, and minute‑level request measurements for operations, data transfer, errors, and latency. You can access these metrics via the CloudWatch console, AWS CLI, or CloudWatch API at the bucket, namespace, and individual table level; they are available in all Regions where S3 Tables is offered.

Active Directory Under Siege: Risks in Hybrid Environments

🔐 Active Directory remains the critical authentication backbone for most enterprises, and its growing complexity across on‑premises and cloud hybrids has expanded attackers' opportunities. The article highlights common AD techniques — Golden Ticket, DCSync, and Kerberoasting — and frequent vulnerabilities such as weak and reused passwords, lingering service accounts, and poor visibility. It recommends layered defenses: strong password hygiene, privileged access management, zero‑trust conditional access, continuous monitoring, and rapid patching. The piece stresses that AD security is continuous and highlights solutions that block compromised credentials in real time.

Extending Zero Trust to Autonomous AI Agents in Enterprises

🔐 As enterprises deploy AI assistants and autonomous agents, existing security frameworks must evolve to treat these agents as first-class identities rather than afterthoughts. The piece advocates applying Zero Trust principles—identity-first access, least-privilege, dynamic contextual enforcement, and continuous monitoring—to agentic identities to prevent misuse and reduce attack surface. Practical controls include scoped, short-lived tokens, tiered trust models, strict access boundaries, and assigning clear human ownership to each agent.

AWS Security Incident Response: Communication Preferences

🔔 AWS announced customizable communication preferences for Security Incident Response, letting teams select notification types such as case changes, membership updates, and organizational announcements. The update replaces a one-size-fits-all model so individuals receive only relevant updates and reduces notification noise. Settings include smart defaults and can be adjusted as roles evolve. The feature is available to all Security Incident Response customers at no additional cost via the console.

UK Cyber Insurance Payouts Surge 230% to £197m in 2024

🔍 The UK cyber insurance sector paid £197m to policyholders in 2024, a 230% increase on the previous year, driven largely by more damaging malware and ransomware incidents that now account for 51% of claims. The ABI says insurers issued 17% more policies over the period while higher payouts reflect growing threat sophistication and larger recovery costs. Insurers are tightening underwriting and requiring stronger resilience, offering services such as expert advice, threat monitoring and incident response support as part of coverage to reduce future losses.

AWS Builder Center launches Spaces for builder collaboration

💬 The AWS Builder Center introduces Spaces, a community collaboration feature that lets builders create and join topic-focused groups to share knowledge and collaborate on AWS solutions. Spaces supports three visibility modes — Public, Private, and Invite-Only — with membership controls, approval workflows, and invite capabilities. Members can post text and images, comment, react, and search discussions, while owners and admins self-moderate content. The feature includes moderation tools and multi-language support across 16 languages to keep conversations focused and accessible.

Microsoft fixes Windows Task Manager bug hurting performance

⚠️ Microsoft released a fix for a Windows 11 Task Manager issue introduced by the optional preview update KB5067036 that could leave multiple taskmgr.exe processes running after the window was closed. The defect, blamed for stuttering and CPU hangs on affected systems, is resolved in the November cumulative security update KB5068861. Microsoft recommends installing KB5068861, and users who cannot immediately update can temporarily terminate lingering Task Manager processes by running an elevated Command Prompt and executing taskkill.exe /im taskmgr.exe /f.

Legal Boundaries and Risks of Private Hackback Operations

🔒 Former DoJ attorney John Carlin examines hackbacks, defining them as proactive counterattacks that go beyond passive defense. He argues that purely defensive measures that only affect a victim’s systems are generally lawful, while offensive actions that damage or access an attacker’s systems are likely prohibited without government authorization. Carlin recommends oversight and legal clarification to the CFAA and CISA, and urges private actors to proceed with caution.

Webinar: Reduce Attack Surface Exposure with DASR

🔒 Join a free webinar from The Hacker News and Bitdefender to learn how Dynamic Attack Surface Reduction (DASR) proactively closes exposures and reduces risk without adding operational burden. Experts will explain why traditional scans fall short, how automation and context reduce risks in real time, and how to safely test DASR in your environment. Register to save your seat.

Moving Beyond Frameworks: Real-Time Risk Assessments

🔍 Organizations are shifting from annual, checklist-driven compliance to targeted, frequent risk assessments that address emerging threats in real time. The article contrasts gap analyses — which measure adherence to frameworks like NIST or ISO — with tailored risk reviews focused on specific threat paths (for example, access control, ransomware, AI or cloud misconfigurations). It recommends small, repeatable questionnaires, a simple scoring model and executive-ready outputs to prioritize remediation and integrate risk into governance.

Security Leaders Who Built Companies from Frustration

🔒 Four former CISOs — Paul Hadjy, Joe Silva, Chris Pierson, and Michael Coates — turned recurring operational frustrations into startups that address enduring enterprise security gaps. Hadjy founded Horangi to tackle cloud security in Asia, Silva launched Spektion to reframe vulnerability management as an engineering problem, Pierson created BlackCloak to protect executives’ personal digital lives, and Coates built Altitude to secure cloud collaboration. Their founder journeys emphasize ruthless prioritization, accountability, and treating security as a trust and revenue enabler.

Understanding Differences Between NDR, EDR and XDR

🛡️This article compares three related threat-detection approaches: Endpoint Detection and Response (EDR), Network Detection and Response (NDR) and Extended Detection and Response (XDR). It explains that EDR focuses on endpoint agents and can leave visibility gaps, while NDR analyzes packet-level network traffic for real-time detection, forensic review and retrospective analysis. XDR is described as a strategy that unifies telemetry from multiple sources to accelerate response; when combined, these capabilities offer complementary coverage and reduced operational risk.

Fortinet Earns Gartner Customers’ Choice for SSE — 3rd Year

🏆 Fortinet has been named a Gartner Peer Insights Customers’ Choice for Security Service Edge (SSE) for the third consecutive year and is the only cybersecurity vendor to receive this recognition in the SSE market. Based on 195 verified end-user reviews as of August 2025, Fortinet achieved a 4.9/5 overall rating, 90% five-star reviews and 100% willingness to recommend. FortiSASE is highlighted for delivering unified, AI-powered cloud security backed by 170+ POPs, a single unified agent and deployment flexibility that aims to reduce operational overhead. Fortinet frames the recognition as validation of customer trust and its focus on simplifying secure hybrid work.