Cloud Defenses Advance as AWS Rolls Out PQ Signing and DNS DGA Blocks

Amazon U7i 12TB EC2 Instances Launch in Ireland Region

🚀 Amazon Web Services has launched EC2 High Memory U7i-12tb.224xlarge instances in the AWS Europe (Ireland) Region. These 7th-generation instances offer 12TB DDR5 memory, 896 vCPUs, up to 100Gbps EBS and network bandwidth, and ENA Express support. They target mission-critical in-memory databases such as SAP HANA, Oracle, and SQL Server. Availability aims to accelerate transaction processing and large-scale in-memory workloads.

Google Gemini 3 Appears on AI Studio Ahead of Release

🤖 Google’s Gemini 3 has been spotted in AI Studio, suggesting an imminent rollout that could begin within hours or days. The AI Studio entry references how temperature influences reasoning — noting "For Gemini 3, best results at default 1.0. Lower values may impact reasoning" — and highlights controls such as context size and temperature. Earlier sightings on Vertex AI show a preview build named gemini-3-pro-preview-11-2025, while Google is also testing an image model codenamed GEMPIX2 (Nano Banana 2).

AWS Adds ML-DSA Post-Quantum Code Signing to Private CA

🔐 AWS announced support for post-quantum ML-DSA code signing in AWS Private CA, integrated with AWS KMS. The integration lets customers create ML-DSA X.509 certificate chains and generate KMS-held ML-DSA key pairs to sign binaries, enabling quantum-resistant code-signing, device authentication, and private-PKI workflows such as mTLS or IKEv2/IPsec. A provided Java Runner demonstrates CA creation, CSR issuance, CMS detached signing with SHAKE256, and signature verification against customer-managed roots.

Route 53 Adds Protection Against Dictionary DGA Attacks

🛡️ Amazon Web Services has added Dictionary-based DGA detection to Route 53 Resolver DNS Firewall Advanced, enabling real-time monitoring and blocking of domain queries that use word-based DGA techniques designed to mimic legitimate names. Administrators can create DNS Firewall Advanced rule(s) targeting Dictionary DGA and add them to rule groups to enforce protections on VPCs directly or through AWS Firewall Manager, RAM, CloudFormation, or Route 53 Profiles. The capability is available in all AWS Regions, including AWS GovCloud (US). See the Route 53 documentation for setup and pricing details.

Microsoft and NVIDIA Enable Real-Time AI Defenses at Scale

🔒 Microsoft and NVIDIA describe a joint effort to convert adversarial learning research into production-grade, real-time cyber defenses. They transitioned transformer-based classifiers from CPU to GPU inference—using Triton and a TensorRT-compiled engine—to dramatically reduce latency and increase throughput for live traffic inspection. Key engineering advances include fused CUDA kernels and a domain-specific tokenizer, enabling low-latency, high-accuracy detection of adversarial payloads in inline production settings.

Amazon EC2 M8i and M8i-flex Available in Mumbai Region

🚀 Starting today, Amazon EC2 M8i and M8i-flex instances are available in the Asia Pacific (Mumbai) Region. Powered by custom Intel Xeon 6 processors exclusive to AWS, these instances deliver up to 15% better price‑performance and 2.5× the memory bandwidth versus previous Intel-based generations and up to 20% performance gains versus M7i. AWS cites workload-specific improvements — up to 30% faster for PostgreSQL, up to 60% for NGINX web applications, and up to 40% for AI recommendation models. M8i-flex offers common sizes from large to 16xlarge for general-purpose use, while M8i provides 13 sizes including two bare-metal options and a new 96xlarge for large, sustained CPU workloads.

Google announces Dhivaru subsea cable and regional hubs

📡 Google announced Dhivaru, a new Trans-Indian Ocean subsea cable linking the Maldives, Christmas Island, and Oman, and will build two new connectivity hubs in the Maldives and Christmas Island. The investment builds on the Australia Connect initiative and aims to improve reach, reliability, and resilience across the Indian Ocean, supporting AI services such as Vertex AI. The hubs will provide cable switching, content caching, and colocation to reduce latency, improve availability, and support local ecosystems.

Replicate Joins Cloudflare to Expand AI Developer Platform

🧭 Cloudflare is bringing Replicate into its developer platform to integrate Replicate’s large model catalog and community with Cloudflare’s global, serverless inference stack. Existing Replicate APIs and workflows will continue to operate without interruption while benefitting from Cloudflare’s performance and reliability. Workers AI users will get immediate access to a greatly expanded catalog plus upcoming support for fine-tuning and custom models, enabled by Cog and unified control through Cloudflare’s AI Gateway.

Best-in-Class GenAI Security: CloudGuard WAF Meets Lakera

🔒 The rise of generative AI introduces new attack surfaces that conventional security stacks were never designed to address. This post outlines how pairing CloudGuard WAF with Lakera's AI-risk controls creates layered protection by inspecting prompts, model interactions, and data flows at the application edge. The integrated solution aims to prevent prompt injection, sensitive-data leakage, and harmful content generation while maintaining application availability and performance.

Hands-on with Gemma 3: Deploying Open Models on GCP

🚀 Google Cloud introduces hands-on labs for Gemma 3, a family of lightweight open models offering multimodal (text and image) capabilities and efficient performance on smaller hardware footprints. The labs present two deployment paths: a serverless approach using Cloud Run with GPU support, and a platform approach using GKE for scalable production environments. Choose Cloud Run for simplicity and cost-efficiency or GKE Autopilot for control and robust orchestration to move models from local testing to production.

AWS Transform auto-generates Landing Zone network YAML

☁️ AWS Transform for VMware can now automatically convert VMware network environments into Landing Zone Accelerator (LZA)-compatible YAML network configurations that can be directly imported and deployed via LZA. Building on existing IaC output formats such as CloudFormation, AWS CDK, and Terraform, this capability reduces manual re-creation of network settings, lowers the risk of configuration errors, and accelerates migration timelines while aligning deployments with enterprise security and compliance standards.

Amazon MWAA Serverless for Apache Airflow Workflows

🚀 Amazon launched MWAA Serverless, a managed, serverless deployment option for Apache Airflow that eliminates infrastructure management and bills only for actual task compute time. Workflows can be authored as YAML configurations or Python DAGs and leverage over 80 AWS Operators from Airflow v3.0. Each workflow runs in isolation with distinct IAM permissions while the service automatically provisions and scales resources across supported regions.

JLR Posts £485m Q2 Losses After September Ransomware Attack

🔒 Jaguar Land Rover reported a £485m ($639m) Q2 loss after a September ransomware attack that halted production at its three UK plants for weeks. The company said the incident generated £196m ($258m) in cyber-related costs, contributing to a 24% year‑on‑year revenue decline to £4.9bn ($6.5bn). JLR set up a loan-backed financing scheme for suppliers and secured government loan guarantees, and confirmed production has now resumed.

RondoDox Botnet Exploits Critical XWiki RCE (CVE-2025-24893)

⚠️ RondoDox operators are exploiting a critical remote code execution flaw in XWiki Platform (CVE-2025-24893), which CISA flagged as actively exploited on October 30. VulnCheck observed attacks beginning November 3 that inject base64-encoded Groovy into the XWiki SolrSearch endpoint via a crafted HTTP GET to download and run a remote shell (rondo..sh) that stages the main payload. Administrators should upgrade to 15.10.11 or 16.4.1, apply network controls, and use published IoCs to block scanning and payload hosts.

Aisuru Botnet Fires 15.72 Tbps DDoS at Microsoft Azure

⚠️ Microsoft reported that the Aisuru botnet launched a massive DDoS attack against a public Azure IP in Australia, peaking at 15.72 Tbps and nearly 3.64 billion packets per second. The traffic originated from over 500,000 IP addresses and consisted of extremely high-rate UDP floods with minimal source spoofing. Microsoft noted the bursts used random source ports, which aided traceback and provider enforcement. Azure's mitigations absorbed the attack without a reported widespread outage.

Pennsylvania AG Data Breach After INC Ransom Attack

🔒 The Pennsylvania Office of the Attorney General (OAG) confirmed that files containing personal and medical information were accessed during an August 9 ransomware attack and that the office refused to pay the ransom. The incident encrypted systems and disrupted the OAG website, employee email accounts, and landline phones. Researcher Kevin Beaumont identified public-facing Citrix NetScaler appliances vulnerable to CVE-2025-5777 (Citrix Bleed 2) that may have been exploited. The threat actor INC Ransom later claimed responsibility and posted about 5.7TB of alleged stolen data.

Analysis of UNC1549 TTPs Targeting Aerospace & Defense

🔍 This joint analysis from Google Threat Intelligence and Mandiant describes UNC1549 activity observed from late 2023 through 2025 against aerospace, aviation, and defense organizations. The group commonly exploited trusted third‑party relationships, VDI breakouts, and highly targeted spear phishing to gain access, then deployed custom backdoors and tunneling tools to maintain stealth. The report provides IOCs, YARA rules, and detection guidance for Azure and enterprise environments.

Akira Ransomware Expands to Nutanix AHV and Linux Servers

⚠️CISA, the FBI and international partners warn that the Akira ransomware gang has extended its attack surface beyond Windows, VMware ESXi and Hyper‑V to now target Nutanix AHV and Linux servers. The group exploits exposed VPNs, unpatched network appliances and backup platforms, rapidly exfiltrates data and employs a double‑extortion model. Akira uses tunneling tools like Ngrok, remote‑access abuse (AnyDesk, LogMeIn), and cryptography (ChaCha20 with RSA) to encrypt and leak files. Organizations should prioritize MFA, timely patching, segmented networks and protection of backup and hypervisor consoles.

Kraken Uses Benchmarking to Optimize Ransomware Attacks

🔒 Cisco Talos reported August 2025 activity by Kraken, a Russian‑speaking ransomware operation linked to the remnants of HelloKitty. The group exploits SMB flaws for initial access, uses Cloudflare for persistence and SSHFS to exfiltrate data, then deploys cross‑platform encryptors across Windows, Linux and VMware ESXi. Notably, Kraken benchmarks victim machines to tune encryption speed and reduce detection and instability. Victims span multiple countries and attackers operate a new leak forum called Last Haven Board.

Amazon Redshift Adds Apache Iceberg Write Support (GA)

🔔 Amazon Redshift now supports write operations to Apache Iceberg tables in general availability, enabling SQL DDL and DML including CREATE, SHOW, DROP, and INSERT for append-only workloads. Customers can execute concurrent read and write queries against Iceberg tables cataloged in AWS Glue Data Catalog while benefiting from transactional consistency and schema and partition evolution support. The capability is available in all regions where Amazon Redshift is offered.

Eurofiber France reports ticketing-system data breach

🔒 Eurofiber France disclosed a cybersecurity incident after attackers exploited a vulnerability in its ticket management system and exfiltrated information. The company said the impact is limited to its French division, including the ATE portal and several regional sub-brands, and that banking details and other critical data on separate systems were not affected. Authorities (CNIL, ANSSI) were notified and an extortion report has been filed while investigations continue.

Dutch Police Seize 250 Servers Used by Bulletproof Hosting

🛑 Dutch police seized around 250 physical servers and thousands of virtual machines tied to a bulletproof hosting service that allegedly catered exclusively to cybercriminals. Authorities say the infrastructure has been used since 2022 in more than 80 investigations and facilitated ransomware, botnets, phishing, and distribution of child abuse content. Investigators will perform forensic analysis on the seized systems to identify operators and clients. No arrests have been announced; the provider CrazyRDP has reportedly gone offline after the action.

Weekly Recap: Fortinet Exploited, Global Threats Rise

🔒 This week's recap highlights a surge in quiet, high-impact attacks that abused trusted software and platform features to evade detection. Researchers observed active exploitation of Fortinet FortiWeb (CVE-2025-64446) to create administrative accounts, prompting CISA to add it to the KEV list. Law enforcement disrupted major malware infrastructure while supply-chain and AI-assisted campaigns targeted package registries and cloud services. The guidance is clear: scan aggressively, patch rapidly, and assume features can be repurposed as attack vectors.

Dragon Breath Deploys RONINGLOADER to Deliver Gh0st RAT

🔒 Elastic Security Labs and Unit 42 describe a China‑focused campaign in which the actor Dragon Breath uses a multi‑stage loader named RONINGLOADER to deliver a modified Gh0st RAT. The attack leverages trojanized NSIS installers that drop two embedded packages—one benign and one stealthy—to load a DLL and an encrypted tp.png file containing shellcode. The loader employs signed drivers, WDAC tampering, and Protected Process Light abuse to neutralise endpoint protections popular in the Chinese market before injecting a persistent high‑privilege backdoor.

Five Plead Guilty to Enabling DPRK Remote IT and Hacks

🔒 Five individuals have pleaded guilty to serving as facilitators for North Korean cyber operations, the US Department of Justice said. They used false or stolen identities and hosted employer laptops in US residences to create the appearance of domestic remote IT workers, aiding APT38-linked efforts. The DoJ said the activity impacted more than 136 US organizations, generated over $2.2m for Pyongyang and compromised the identities of 18 US residents, and authorities seized $15m in Tether tied to related heists.

AWS Parallel Computing Service Achieves HIPAA Eligibility

🔒 AWS Parallel Computing Service (AWS PCS) is now HIPAA eligible, enabling organizations with a Business Associate Addendum (BAA) to run protected health data workloads. AWS PCS is a managed High Performance Computing service that uses the Slurm workload manager for cluster orchestration and targets compute-intensive tasks such as genomic sequencing, medical imaging analysis, and clinical research simulations. AWS says it maintains a standards-based risk management program to support HIPAA administrative, technical, and physical safeguards, and that eligibility applies in all AWS Regions where PCS is offered.

WorkSpaces Applications adds 100+ instance types and storage

🚀 Amazon WorkSpaces Applications now offers expanded compute and storage flexibility, adding 100+ instance types across general purpose, compute-optimized, memory-optimized, and accelerated families. Customers can configure storage volumes from 200GB to 500GB and import custom EC2 AMIs, including Windows Server 2022, for image creation and customization. These enhancements are generally available in all supported AWS Regions and follow the standard pay-as-you-go pricing for the service.

Amazon Aurora MySQL v3.11 Adds MySQL 8.0.43 Support

🆕 Amazon is releasing Aurora MySQL - Compatible Edition 3 updated to v3.11 with support for MySQL 8.0.43. The update delivers multiple security enhancements and bug fixes, addresses additional group replication errors, and introduces the mysql client commands option to enable or disable most client commands. You can upgrade manually by modifying a DB cluster or enable the Auto minor version upgrade option; the release is available in all AWS regions where Aurora MySQL is offered.

Amazon EC2 U7i High Memory Instances Arrive in Ohio

🚀 Amazon Web Services has made EC2 High Memory U7i instances (u7in-24tb.224xlarge) available in the US East (Ohio) region as of Nov 17, 2025. These instances deliver 24 TB of DDR5 memory and 896 vCPUs, and are powered by custom fourth-generation Intel Xeon Scalable processors (Sapphire Rapids). They support up to 100 Gbps EBS, up to 200 Gbps networking with ENA Express, and target mission-critical in-memory databases such as SAP HANA, Oracle, and SQL Server. The offering is intended to help customers scale transaction processing throughput in fast-growing data environments.

Fight Fire With Fire: Countering AI-Powered Adversaries

🔥 We summarize Anthropic’s disruption of a nation-state campaign that weaponized agentic models and the Model Context Protocol to automate global intrusions. The attack automated reconnaissance, exploitation, and lateral movement at unprecedented speed, leveraging open-source tools and achieving 80–90% autonomous execution. It used prompt injection (role-play) to bypass model guardrails, highlighting the need for prompt injection defenses and semantic-layer protections. Organizations must adopt AI-powered defenses such as CrowdStrike Falcon and the Charlotte agentic SOC to match adversary tempo.

AI-Driven Espionage Campaign Allegedly Targets Firms

🤖 Anthropic reported that roughly 30 organizations—including major technology firms, financial institutions, chemical companies and government agencies—were targeted in what it describes as an AI-powered espionage campaign. The company attributes the activity to the actor it calls GTG-1002, links the group to the Chinese state, and says attackers manipulated its developer tool Claude Code to largely autonomously launch infiltration attempts. Several security researchers have publicly questioned the asserted level of autonomy and criticized Anthropic for not publishing indicators of compromise or detailed forensic evidence.

Princeton discloses data breach affecting donors, alumni

🔒 Princeton University disclosed a November 10 cyberattack in which threat actors phished an employee and accessed a database used for fundraising and alumni engagement. The attackers exfiltrated biographical information such as names, email addresses, telephone numbers, and home and business addresses for alumni, donors, faculty, staff, and students. University officials say the compromised system did not contain financial data, passwords, or Social Security numbers, and they have blocked the intruders' access while investigating. Affected individuals are urged to verify any communications claiming to be from the university and to avoid sharing sensitive information.

Job-test malware campaign shifts to public JSON dropboxes

🔎 The Contagious Interview campaign is delivering trojanized coding tests that fetch heavily obfuscated JavaScript from public JSON-storage services such as JSON Keeper, JSONSilo, and npoint.io. When executed in a Node.js test run the payloads decode and install the BeaverTail infostealer and then stage the InvisibleFerret RAT. NVISO Labs warns attackers are abusing developer trust and legitimate platforms and recommends sandboxing, auditing config files, and blocking suspicious outbound requests.

India DPDP Rules 2025 Make Privacy an Engineering Challenge

🔒 India’s new Digital Personal Data Protection (DPDP) Rules, 2025 impose strict consent, verification, and fixed deletion timelines that require large platforms and enterprises to redesign how they collect, store, and erase personal data. The rules create Significant Data Fiduciaries with added audit and algorithmic-check obligations and formalize certified Consent Managers. Organizations have 12–18 months to adopt automated consent capture, verification, retention enforcement, and data-mapping across cloud, on‑prem, and SaaS environments.

AWS Expands Amazon WorkSpaces Applications Regions

🌍 Amazon Web Services has added Europe (Milan), Europe (Spain), Asia Pacific (Malaysia), and Israel (Tel Aviv) to the regional footprint for Amazon WorkSpaces Applications. The fully managed, secure application streaming service lets organizations stream desktops and apps to users without local installs while AWS manages hosting, scaling, and on‑demand access. Deploying applications closer to end users reduces latency and improves responsiveness. Administrators can enable the service from the WorkSpaces Applications console; pricing follows a pay‑as‑you‑go model.

AWS Backup Adds Direct Primary Support for Air-Gapped Vaults

🔐 AWS Backup now lets customers designate a logically air-gapped vault as the primary backup target across backup plans, organization policies, and on-demand jobs. This removes the prior restriction that air-gapped vaults could only hold copies, enabling direct writes to the air-gapped store and reducing duplicate-storage costs. For resource types without full AWS Backup management support, the service still creates a temporary snapshot in a standard vault, copies it into the air-gapped vault, and then removes the temporary snapshot. The capability is available in all Regions that support logically air-gapped vaults and can be selected via the console, API, or CLI.

Android Memory Bugs Drop as Google Expands Rust Use

🛡️ Google reports that adopting Rust across Android has reduced memory-safety vulnerabilities to under 20% for the first time and claims a 1000x lower vulnerability density versus legacy C and C++ code. The company says Rust changes have a 4x lower rollback rate, require about 20% fewer revisions, and cut code review time by roughly 25%, improving overall delivery speed. Google plans to extend Rust to kernel, firmware and critical first-party apps while maintaining layered defenses.

Amazon RDS for MySQL: New minor versions 8.0.44 & 8.4.7

🔔 Amazon RDS for MySQL now supports MySQL minor versions 8.0.44 and 8.4.7, matching the latest community releases. Amazon recommends upgrading to these minors to remediate known security vulnerabilities and to benefit from bug fixes, performance improvements, and new functionality. You can enable automatic minor version upgrades during scheduled maintenance or use Amazon RDS Managed Blue/Green deployments for safer, faster updates. Consult the Amazon RDS user guide for upgrade procedures and regional availability.

A Methodical Approach to Agent Evaluation: Quality Gate

🧭 Hugo Selbie presents a practical framework for evaluating modern multi-step AI agents, emphasizing that final-output metrics alone miss silent failures arising from incorrect reasoning or tool use. He recommends defining clear, measurable success criteria up front and assessing agents across three pillars: end-to-end quality, process/trajectory analysis, and trust & safety. The piece outlines mixed evaluation methods—human review, LLM-as-a-judge, programmatic checks, and adversarial testing—and prescribes operationalizing these checks in CI/CD with production monitoring and feedback loops.

AWS Backup Adds Delegated Admin Support in 17 Regions

🔔 AWS Backup now supports delegated administrators in 17 additional AWS Regions, allowing designated accounts to manage backup operations and administrative tasks across member accounts. The expansion includes regions in Africa, Asia Pacific, Canada, Europe, Israel, Mexico, and the Middle East. AWS Backup Audit Manager also supports cross-Region and cross-account delegated admin reports for jobs and backup plan compliance. Visit the AWS Backup console to get started.

Amazon Route 53 Profiles Adds Resolver Query Logging

🛡️ AWS announced support for Resolver query logging configurations in Amazon Route 53 Profiles, allowing centralized management of Resolver query logging across multiple VPCs and AWS accounts. The enhancement eliminates the need to manually associate logging configurations with each VPC and helps produce consistent DNS query logs for compliance and auditing. The feature is available now in supported AWS Regions via the console or AWS CLI.

AWS Reduces EC2 Costs for SQL Server High Availability

🔔 AWS announced on Nov 17, 2025 a new capability that lets customers designate Amazon EC2 instances running license-included Microsoft SQL Server as part of a High-Availability (HA) cluster to reduce licensing costs with a few clicks. The enhancement targets mission-critical deployments using Always On Availability Groups and Always On failover cluster instances, with AWS citing savings up to 40% in example configurations. The feature is available in all commercial AWS Regions.

EC2 Image Builder Adds Lambda and Step Functions Integration

🚀 EC2 Image Builder now supports invoking AWS Lambda functions and executing Step Functions state machines directly within image workflows. This native integration lets teams embed custom logic, multi-step orchestration, and validation into image builds without bespoke glue code. It simplifies compliance checks, notifications, and multi-stage security testing while reducing maintenance and error-prone workarounds. The capabilities are available at no additional cost across all AWS regions, including China and GovCloud, and can be used via Console, CLI, API, CloudFormation, or CDK.

Amazon Bedrock Data Automation Adds 10 Speech Languages

🎙️ Amazon Bedrock Data Automation (BDA) now supports 10 additional languages for speech analytics beyond English: Portuguese, French, Italian, Spanish, German, Chinese, Cantonese, Taiwanese, Korean, and Japanese. BDA can transcribe audio in the detected language, generate GenAI-powered insights, and produce summaries either in the detected language or in English. It also creates multi-lingual transcripts when recordings contain more than one supported language, simplifying analysis of customer calls, meetings, education sessions, clinical discussions, and public safety audio. Support is available in eight AWS Regions.

xAI's Grok 4.1 Debuts with Improved Quality and Speed

🚀 Elon Musk-owned xAI has begun rolling out Grok 4.1, offering two free variants—Grok 4.1 and Grok 4.1 Thinking—with paid tiers providing higher usage limits. xAI reports the update is roughly three times less likely to hallucinate than earlier versions and brings quality and speed improvements. Early LMArena Text Arena benchmarks place Grok 4.1 Thinking at the top of the Arena Expert leaderboard, though comparisons with rivals like GPT-5.1 and Google's upcoming Gemini 3.0 remain preliminary.

EVALUSION ClickFix Campaign Delivers Amatera, NetSupport

🔒 Researchers identified a ClickFix-based EVALUSION campaign deploying Amatera Stealer and NetSupport RAT, observed in November 2025. The campaign abuses the Windows Run dialog and mshta.exe to launch a PowerShell script that downloads a .NET DLL hosted on MediaFire; the Amatera DLL, packed with PureCrypter, is injected into MSBuild.exe to exfiltrate data. eSentire highlights Amatera's WoW64 SysCalls evasion and conditional NetSupport deployment when domain membership or valuable files are detected.

DoorDash Email Spoofing Bug and Disclosure Dispute

✉️ A vulnerability in DoorDash's DoorDash for Business platform allowed an attacker to create a free account, add an 'Employee' entry containing arbitrary HTML in a budget name field, and send emails that appeared to originate from no-reply@doordash.com using official templates. The researcher known as doublezero7 supplied a proof-of-concept showing stored HTML rendered in outgoing messages, enabling persuasive phishing. DoorDash patched the flaw after public pressure, and a dispute over disclosure and alleged extortion followed.

Amazon MQ Adds LDAP Authentication to RabbitMQ Brokers

🔐 Amazon MQ now supports LDAP authentication for RabbitMQ brokers in all AWS regions, allowing brokers to authenticate and authorize users against LDAP identity providers. Administrators can manage users and assign permissions to topics and queues using credentials stored in their LDAP server. LDAP support can be enabled when creating or updating brokers via the AWS Console, CloudFormation, CLI, or CDK, and remains compatible with standard RabbitMQ LDAP implementations.

AWS HealthImaging Adds Native JPEG 2000 Lossless Support

🩺 AWS HealthImaging now supports JPEG 2000 Lossless as a native transfer syntax for storing and retrieving lossless DICOM images, making it easier to integrate HealthImaging with applications that require JPEG 2000 encoded data. Customers can choose between JPEG 2000 Lossless (UID 1.2.840.10008.1.2.4.90) and High-throughput JPEG 2000 (HTJ2K) for lossless storage. Enabling JPEG 2000 Lossless reduces retrieval latency by eliminating the need to transcode images at access time. This capability is available in all regions where HealthImaging is generally available.

Amazon ECR Adds PrivateLink Support for FIPS Endpoints

🔒 Amazon Web Services announced that Amazon ECR now supports PrivateLink endpoints validated under FIPS 140-3. This allows customers with security and compliance requirements to use FIPS-validated cryptographic modules while keeping traffic private within their Amazon VPCs. The enhancement helps organizations meet regulatory obligations without exposing container registry traffic to the public internet. Availability includes several commercial and AWS GovCloud regions.

Windows bug prevents Microsoft 365 desktop app installs

⚠️ Microsoft is addressing a known issue that prevents users from installing Microsoft 365 desktop apps on Windows devices. The problem stems from misconfigured authentication components affecting versions 2508 (Build 19127.20358) and 2507 (Build 19029.20294). The team is reconfiguring the components and expects a full remediation later today. Microsoft tagged the outage as incident OP1186186 and is also investigating a related admin access issue tracked as MO1176905.

Production-Ready AI with Google Cloud Learning Path

🚀 Google Cloud has launched the Production-Ready AI Learning Path, a free curriculum designed to guide developers from prototype to production. Drawing on an internal playbook, the series pairs Gemini models with production-grade tools like Vertex AI, Google Kubernetes Engine, and Cloud Run. Modules cover LLM app development, open model deployment, agent building, security, RAG, evaluation, and fine-tuning. New modules will be added weekly through mid-December.

AWS Marketplace shows estimated tax and invoicing entity

💡 AWS Marketplace now displays estimated tax amounts and the applicable invoicing entity to buyers at the time of purchase. The procurement view shows estimated tax type (such as VAT, GST, or US sales tax), tax rates, and the estimated upfront tax amount derived from a customer's tax and address settings in the AWS Billing console. Buyers can download a PDF summary of the tax and invoicing details to support procurement approvals, budgeting, and issuing purchase orders to the correct invoicing entity. This capability is available today in all AWS Regions where AWS Marketplace is supported.

Amazon VPC IPAM Automates IP Assignments from Infoblox

🔁 AWS announced that Amazon VPC IP Address Manager (IPAM) can now automatically acquire non‑overlapping IP allocations from Infoblox Universal IPAM, reducing the need for manual ticketing between cloud and on‑prem teams. The integration imports allocated ranges into a top‑level AWS IPAM pool and allows organization into regional pools to prevent address conflicts. The feature is available in all Regions where VPC IPAM is supported, excluding AWS China and AWS GovCloud (US); refer to the IPAM documentation and pricing tab for details.

AWS Backup Enables Cross-Account Management in 4 Regions

🔒AWS Backup now supports cross-account management in four additional AWS Regions: Asia Pacific (Taipei, Thailand, New Zealand) and Mexico (Central). With this capability you can deploy organization-wide backup policies from your AWS Organizations management account or a delegated administrator, helping to maintain compliance and reduce operational overhead. You can also monitor backup activity across all organizational accounts from a single management account, centralizing visibility and simplifying auditing and troubleshooting.

Malicious npm Packages Use Adspect to Cloak Crypto Scams

⚠️Seven npm packages published under the developer name 'dino_reborn' were found leveraging the cloud-based Adspect service to distinguish researchers from potential victims and redirect targeted users to cryptocurrency scam pages. Socket's analysis shows six packages include a ~39 KB cloaking script that fingerprints visitors, employs anti-analysis controls, and forwards data to an actor-controlled proxy and the Adspect API. Targets are redirected to deceptive Ethereum and Solana-branded CAPTCHA pages, while likely researchers are shown a benign Offlido-style decoy.

Europol Removes Thousands of Extremist Gaming Links

🔍 A coordinated action led by the European Union Internet Referral Unit (EU IRU) on 13 November 2025 resulted in the referral of thousands of extremist links found across gaming and gaming-adjacent platforms. Authorities from eight participating countries flagged 5,408 jihadist links, 1,070 violent right‑wing extremist items and 105 racist or xenophobic posts. Investigators noted illicit content on live streams, video libraries, forums and hybrid storefronts, and described how creators repurpose in-game footage with coded language and imagery to evade detection. The initiative aims to reduce public exposure and bolster cross-border cooperation.

How Attack Surface Management Will Change Noticeably by 2026

🔒 Enterprises face expanding, complex attack surfaces driven by IoT growth, API ecosystems, remote work, shadow IT and multi-cloud sprawl. The author predicts 2026 will bring centralized cloud control—led by SASE—a shift to proactive, continuous ASM, stricter zero trust enforcement and widespread deployment of intelligent, agentic AI for autonomous detection and remediation. The analysis also emphasizes greater attention to third‑party and supply-chain risk.

Cyber Readiness Stagnates Despite Confidence in Response

🔒 The Immersive Cyber Workforce Benchmark Report 2025 warns that cyber readiness is stalling despite increased confidence in incident response: resilience scores have remained flat since 2023 and the median time to complete critical exercises is 17 days. In the Orchid Corp crisis scenario participants averaged 22% decision accuracy and took 29 hours to contain incidents. Immersive highlights that only 41% of organisations include non-technical roles in simulations and that 60% of training focuses on CVEs older than two years, urging regular, completed training, senior leadership involvement and a focus on current threats and the three pillars: prove, improve, report.

When Romantic AI Chatbots Can't Keep Your Secrets Safe

🤖 AI companion apps can feel intimate and conversational, but many collect, retain, and sometimes inadvertently expose highly sensitive information. Recent breaches — including a misconfigured Kafka broker that leaked hundreds of thousands of photos and millions of private conversations — underline real dangers. Users should avoid sharing personal, financial or intimate material, enable two-factor authentication, review privacy policies, and opt out of data retention or training when possible. Parents should supervise teen use and insist on robust age verification and moderation.

European Digital Sovereignty Summit Shifts Priorities

🔒 European leaders, including Chancellor Friedrich Merz and President Emmanuel Macron, will attend a Berlin summit of digital ministers and IT experts expected to draw about 900 participants. The conference highlights concerns that US laws such as CLOUD Act and FISA 702 can compel US cloud providers to disclose data held in Europe, driving calls to reduce dependencies on non‑European vendors. Officials and industry leaders emphasise technological controls — notably strong encryption and customer-held keys — and the need for scalable European cloud alternatives while addressing regulatory and startup barriers.

Why Attackers Are Phishing Over LinkedIn in 2025: Risks

🔒 LinkedIn has emerged as a major vector for phishing, with a growing share of attacks moving off email and onto social and messaging platforms. Attackers exploit in‑app DMs, account takeovers, and AI automation to target executives and high‑value roles, often aiming to compromise SSO providers such as Microsoft Entra and Google Workspace. Because these messages bypass traditional email security and lack inbox quarantine tools, browser-based defenses and SSO/MFA hygiene are recommended to detect and block evasive campaigns. The article outlines five reasons this shift increases enterprise risk.

Empathy Meets IT Security: Building Practical Compliance

🤝 Security policies often fail not because employees resist security in principle but because measures clash with everyday work pressures and lack practical support. CISOs should adopt empathic policy engineering, using stakeholder analysis, pilots and early adopters to align controls with real workflows. Communication should follow the RESPECT approach—tactical empathy, a “help me to help you” dialogue and immersive, scenario-based training—to increase acceptance and embed secure behavior.

More Prompt||GTFO — Online AI and Cybersecurity Events

🤖 Bruce Schneier highlights three new online events in his Prompt||GTFO series: sessions #4, #5, and #6. These recordings showcase practical and innovative uses of AI in cybersecurity, spanning demonstrations, research discussions, and operational insights. Schneier recommends them as well worth watching for practitioners, researchers, and policymakers interested in AI's applications and risks. The events are available online for convenient viewing.

Why ISO and ISMS Certifications Fail: Nine Common Pitfalls

🔒 Implementation and certification of ISO standards or an ISMS frequently falter due to avoidable organizational and technical mistakes. The article outlines nine recurring issues — from weak management sponsorship and treating certification as a one‑off task to poor employee engagement, inadequate skills development, dishonest assessments, and insufficient follow‑up. For each pitfall it recommends practical remedies such as executive commitment, clear planning, targeted training, honest risk analysis, automation where appropriate, and adequate resourcing to make the management system functional and sustainable.

Why Chief Trust Officers Are Emerging and How CISOs Fit

🤝 Organizations are creating a chief trust officer (CTrO) to elevate trust as a business differentiator, responding to breaches, product-safety worries and AI-related uncertainty. The CTrO typically complements the CISO by focusing on reputation, ethics, transparency and customer confidence while CISOs retain technical controls, incident response and security operations. Leaders stress the role must produce measurable outcomes and avoid becoming mere 'trust theatre' by tracking signals such as customer sentiment, retention and external certifications.

2025 Google Cloud Partner All-Stars: Recognizing AI Leaders

✨The 2025 Google Cloud Partner All‑stars honor individual partners advancing innovation and delivering measurable customer outcomes. This year introduces a new AI Innovation category that recognizes strategic leaders guiding enterprise-wide AI adoption and applying agentic AI to transform core processes and create new revenue streams. Recipients also demonstrate excellence across delivery, marketing, sales, and solutions engineering, reflecting technical rigor and long-term customer focus.