AWS Tightens AI and Access Controls as Google Tests Interactive Search

Google Search Tests AI-Generated Interactive UI Answers

🔎 Google is testing AI-powered, interactive UI answers within AI Mode, integrating Gemini 3 to generate on-the-fly interfaces tailored to queries. Instead of relying solely on text and a couple of links, Search can produce dynamic tools—such as an RNA polymerase simulator—to demonstrate concepts in action. This change could improve comprehension but may also reduce traffic to original sites and reshape the web economy.

Amazon Bedrock Guardrails Expand Code-Related Protections

🔒 Amazon Web Services expanded Amazon Bedrock Guardrails to cover code-related use cases, enabling detection and prevention of harmful content embedded in code. The update applies content filters, denied topics, and sensitive information filters to code elements such as comments, variable and function names, and string literals. The enhancements also include prompt leakage detection in the standard tier and are available in all supported AWS Regions via the console and APIs.

Amazon Bedrock Adds Support for OpenAI GPT OSS Models

🚀 Amazon Bedrock now supports importing custom weights for gpt-oss-120b and gpt-oss-20b, allowing customers to bring tuned OpenAI GPT OSS models into a fully managed, serverless environment. This capability eliminates the need to manage infrastructure or model serving while enabling deployment of text-to-text models for reasoning, agentic, and developer tasks. gpt-oss-120b is optimized for production and high-reasoning use cases; gpt-oss-20b targets lower-latency or specialized scenarios. The feature is generally available in US‑East (N. Virginia).

Enhanced Cost Management in Amazon Q Developer Chat

💡 Amazon Q Developer now includes enhanced cost management features that let users analyze costs across broader Cloud Financial Management domains with advanced analytics. Users can ask open-ended questions about historical and forecasted costs, optimization recommendations, commitment utilization, anomalies, budgets, free tier usage, and product attributes. Q explores data, forms hypotheses, performs calculations, and shows the API calls and console links used for transparency.

Amazon API Gateway Adds Enhanced TLS Security Policies

🔐 Amazon API Gateway now supports enhanced TLS security policies for REST APIs and custom domain names, giving customers more granular control over encryption, cipher selection, and endpoint access. Policy options include TLS 1.3-only, Perfect Forward Secrecy, FIPS-compliant cipher suites, and Post Quantum Cryptography choices. The update, available in many AWS commercial Regions, aims to simplify compliance with stricter regulations and strengthen cryptographic posture.

Amazon Connect: Conversational Analytics for Self-Service

🔍 Amazon Connect now provides conversational analytics for end-customer self-service across voice and digital channels, including PSTN/telephony, in-app and web calling, chat, SMS, WhatsApp Business, and Apple Messages for Business. The capability analyzes sentiment, redacts sensitive data, surfaces top contact drivers and themes, flags compliance risks, and supports semantic matching rules to categorize interactions. Administrators can use easy-to-customize dashboards to proactively identify areas for improvement and align automated flows with customer needs.

Cloudflare Outage Caused by Database Permission Change

⚠️ Cloudflare suffered its worst outage in six years after a database permissions change caused its Bot Management system to generate an oversized configuration feature file containing duplicate entries. The file exceeded a hardcoded 200-feature limit, triggering a Rust panic that crashed core proxy software and produced widespread 5xx errors. Engineers restored service by replacing the problematic file, and full recovery was achieved several hours later.

Amazon API Gateway Enables Progressive Response Streaming

⚡ Amazon API Gateway now progressively streams response payloads to clients as data becomes available, removing the need to buffer complete responses before transmission. The capability works with streaming-capable backends including Lambda functions, HTTP proxy integrations, and private integrations. Benefits include improved time-to-first-byte, integration timeouts extended to 15 minutes, and support for payloads larger than 10 MB. Generative AI and media-serving applications will particularly benefit, and the feature is available across all AWS Regions including GovCloud.

AWS introduces aws login for secure developer access

🔐 The new aws login CLI command lets developers obtain temporary programmatic credentials using the same sign-in method as the AWS Management Console, eliminating the need to create and manage long-term access keys. The command opens a browser-based OAuth2 flow and supports root/IAM user sign-in as well as federated identity providers. Issued credentials auto-rotate every 15 minutes and remain valid up to the IAM session duration (maximum 12 hours). Aws login integrates with profiles, remote development workflows, AWS SDKs, AWS Tools for PowerShell, and legacy SDKs via credential_process.

AWS Network Firewall — Managed Rule Groups from Marketplace

🔒 AWS Network Firewall now supports managed rule groups from AWS Marketplace partners, enabling customers to deploy partner-curated threat intelligence directly from the console. These managed rules are continuously updated by vendors and integrate with existing firewall architectures without routing changes. They reduce operational overhead across multiple VPCs and help maintain compliance and security posture. Customers should evaluate partner offerings against their requirements.

Fortinet Adds AI-Driven Managed IPS Rules for AWS Cloud

🔒 Fortinet is an official launch partner for third-party rules on AWS Network Firewall, introducing Fortinet Managed IPS Rules powered by FortiGuard AI-Powered Security Services. The managed service uses AI/ML from FortiGuard Labs to automatically translate global threat telemetry into continuously updated IPS rules, removing manual tuning and improving detection timeliness. Deployment is fast via AWS Marketplace and integrates natively with AWS Network Firewall, helping teams scale protection across cloud workloads while supporting compliance objectives.

Google's Gemini 3 Pro Impresses with One‑Shot Game Creation

🎮 Google has released Gemini 3 Pro, a multimodal model that posts strong benchmark results and produces notable real-world demos. Early tests show top-tier scores (LMArena 1501 Elo, high marks on MMMU-Pro and Video-MMMU) and PhD-level reasoning in targeted exams. Designers reported one-shot generation of a 3D LEGO editor and a full recreation of Ridiculous Fishing. Adherence remains imperfect, so the author suggests Claude Sonnet 4.5 for routine tasks and Gemini 3 Pro for more complex queries.

Amazon Bedrock Expands Availability to New Regions

🚀 Amazon Bedrock is now available in Africa (Cape Town), Canada West (Calgary), Mexico (Central), and Middle East (Bahrain). The managed service provides access to multiple foundation models and tools to build, deploy, and operate secure, scalable generative AI applications and agents. Customers in these Regions can expect lower latency, improved regional data options, and an easier path from experimentation to production.

Amazon Bedrock Expands Availability to Four New Regions

🚀 Beginning today, Amazon has made Amazon Bedrock available in Africa (Cape Town), Canada West (Calgary), Mexico (Central), and Middle East (Bahrain). The managed service provides secure access to a variety of foundation models and tools for building and operating generative AI applications and agents. With regional endpoints, customers can reduce latency and address data residency and compliance needs. To get started, customers can consult the Bedrock documentation and regional resources.

Check Point Launches Managed Rules for AWS Network Firewall

🔒 Check Point and AWS have introduced Check Point Managed Rules for AWS Network Firewall to simplify scaling network security across complex cloud environments. The service provides centrally managed, preconfigured rule sets that reduce the time and effort required to deploy and maintain firewalls across multiple VPCs and subnets. By automating updates and delivering threat-informed rules, the offering aims to lower operational overhead, accelerate response to new attack vectors, and free scarce IT resources for higher-value tasks.

AWS IAM Adds Outbound Identity Federation with JWTs

🔐 AWS Identity and Access Management (IAM) now supports outbound identity federation, enabling customers to exchange AWS credentials for short‑lived, cryptographically signed JSON Web Tokens (JWTs) to authenticate workloads with third‑party clouds, SaaS providers, and self‑hosted applications. Tokens include workload context so external services can enforce fine‑grained access control. Administrators can restrict who can generate tokens and configure token properties such as lifetime, audience, and signing algorithm via IAM policies, and audit issuance and usage through CloudTrail. The capability is available in all AWS commercial Regions, AWS GovCloud (US) Regions, and China Regions.

W3 Total Cache Plugin Critical PHP Command Injection

⚠️ A critical unauthenticated command injection (CVE-2025-9501) in the W3 Total Cache WordPress plugin allows attackers to execute arbitrary PHP via a crafted comment that abuses the _parse_dynamic_mfunc() routine. The developer released 2.8.13 on October 20 to address the flaw, but WordPress.org data indicate hundreds of thousands of sites may still be vulnerable. WPScan has produced a proof-of-concept exploit and plans public release on November 24, increasing the immediate risk for unpatched installations.

BigLake Metastore Adds Iceberg REST Catalog Support

🔔 Google Cloud announced general availability of BigLake metastore support for the Iceberg REST Catalog, offering a serverless, standards-based runtime metastore that enables interoperability across Iceberg-compatible engines (Spark, Trino) and BigQuery. The service provides credential vending, integrated governance via Dataplex Universal Catalog for lineage and data quality, and a UX console for creating and managing Iceberg catalogs. By removing the need to run custom metastore deployments, BigLake metastore aims to reduce operational overhead while preserving enterprise scale and security.

AWS Secrets Manager: Managed External Secrets Launch

🔐 AWS Secrets Manager introduces managed external secrets, a default-enabled feature that automates rotation for third-party SaaS credentials using provider-supported rotation strategies. The service removes the need to build and maintain rotation Lambda functions by enforcing a vendor-prescribed secret format and offering multiple rotation approaches. An onboarding guide enables any SaaS provider to join as a partner and publish prescriptive rotation guidance. At launch, the feature lists Salesforce, BigID, and Snowflake, and is available in all Regions where Secrets Manager operates.

AWS CloudFormation Language Server Brings IDE Intelligence

🛠️ The new AWS CloudFormation Language Server brings context-aware authoring, validation, and drift-aware deployment views into supported IDEs through the AWS Toolkit. It provides auto-complete, schema validation, policy checks via CloudFormation Guard, and deployment validation directly within the editor. The Language Server flags invalid resource properties, missing IAM permission requirements, and configuration drift so developers can detect syntax, permission, and configuration issues before deployment and move safely from design to production.

AWS Site-to-Site VPN: New VPN Concentrator for Multi-site

🔒 AWS Site-to-Site VPN introduces VPN Concentrator, a managed feature that simplifies multi-site connectivity for distributed enterprises. It enables customers to aggregate up to 100 low-bandwidth remote sites (recommended for deployments of 25+ sites, each under 100 Mbps) behind a single attachment to AWS Transit Gateway. The concentrator reduces operational overhead, improves bandwidth utilization, and lowers per-site VPN costs.

AWS Elemental MediaConnect Router Now Generally Available

📺 AWS has announced the general availability of Elemental MediaConnect Router, a managed capability that dynamically routes live video between sources and destinations across the AWS network. The service reduces transport latency and improves packet delivery reliability compared with standard transport methods, and supports routing across regions as well as between private and public endpoints. It is accessible via the MediaConnect console, API, or AWS CDK, works alongside existing MediaConnect flows, and integrates with the broader AWS Elemental media services to simplify live-video operations and reduce unused capacity and reconfiguration overhead.

AWS Lambda Introduces Tenant Isolation Mode for Multi-Tenant

🔒 AWS announced a new tenant isolation mode for AWS Lambda, enabling customers to isolate request processing per tenant or end-user invoking the same function. By providing a unique tenant identifier on invocation, Lambda routes requests to execution environments dedicated to that tenant and ensures those environments are never used for other tenants. This simplifies building multi-tenant SaaS workloads and reduces the need for custom per-tenant function routing.

Amazon Connect: Instance-to-Instance Calls via AWS Backbone

📞 Amazon Connect now routes calls between instances in the same AWS account over the AWS global backbone, avoiding the Public Switched Telephony Network when both numbers are provisioned or ported into Amazon Connect. Calls between instances, whether within a region or across regions, gain improved audio quality, simplified billing, and preserved call context for transfers. This capability is available in all commercial regions where Amazon Connect is offered except Africa (Cape Town).

Amazon CloudWatch RUM Adds Mobile Support for iOS, Android

📱 Amazon CloudWatch RUM now supports iOS and Android apps, extending real user monitoring beyond web applications. Using the OpenTelemetry (OTEL) standard, it captures mobile spans such as application startup time, screen load time, and backend network calls, and records events including crashes and ANRs/AppHangs. Developers and SREs can perform impact analysis for errors or crashes, drill into correlated telemetry, and filter by location, device type, OS, and app version. Mobile telemetry integrates with application metrics, traces, logs, web RUM, and synthetic monitoring in CloudWatch Application Signals, and is available in all AWS Commercial Regions where web monitoring is provided.

AWS Network Load Balancer Adds Weighted Target Groups

🚀 AWS Network Load Balancer now supports weighted target groups, letting you distribute traffic across multiple target groups with configurable weights from 0 to 999. This enables progressive deployment strategies such as Blue-Green and Canary deployments, application migration, and A/B testing while supporting instance, IP address, and ALB targets. The capability is available across AWS commercial and GovCloud regions at no additional charge; standard NLB Capacity Unit (LCU) pricing applies.

Amazon SageMaker Catalog Enforces Glossary Metadata

📌 Amazon SageMaker Catalog now enforces glossary-term metadata during asset publishing. Administrators can require data producers to tag assets with approved business vocabulary from organizational glossaries, and enforcement rules will block publication if required terms are missing. This standardizes metadata, aligns technical schemas with business language, and improves discoverability and governance. Available in all regions where Amazon SageMaker Catalog operates; policies can be managed via the console, CLI, or SDKs.

AWS IAM Temporary Delegation for Partner Product Integration

🔐 AWS Identity and Access Management (IAM) introduces temporary delegation, enabling time-limited, delegated access to Amazon and AWS Partner products for tasks like initial deployments, ad-hoc maintenance, and feature upgrades. The capability eliminates the need for persistent IAM roles, improves auditability, and reduces setup and operational burden. It is available in all AWS commercial Regions and is being adopted by partners such as Archera, Aviatrix, Databricks, HashiCorp, Qumulo, Rapid7 and others.

AWS launches EC2 M7i instances in Europe (Zurich) region

🚀 Amazon Web Services has launched Amazon EC2 M7i instances in the Europe (Zurich) region, powered by custom 4th Gen Intel Xeon Scalable processors (Sapphire Rapids) available only on AWS. M7i delivers up to 15% better performance over comparable x86-based Intel processors and up to 15% improved price-performance versus M6i. Instances scale to 48xlarge and include two bare-metal sizes with built-in Intel accelerators that offload data operations and optimize CPU-bound workloads.

Amazon OpenSearch Service Adds Cluster Insights Dashboard

🔍 Amazon OpenSearch Service now includes Cluster Insights, a unified monitoring dashboard that consolidates logs and metrics to give operators comprehensive operational visibility across nodes, indices, and shards. The feature automates correlation of critical data, highlights performance metrics and top‑N query analysis, and surfaces targeted remediation steps to speed troubleshooting. Built into the OpenSearch UI, Cluster Insights retains monitoring resilience during cluster unavailability and provides account‑level summaries for managing multiple deployments. It is available at no additional cost for OpenSearch 2.17 or later in regions where the OpenSearch UI is offered.

Amazon CloudWatch Adds Scheduled Logs Insights Queries

🔁 Amazon CloudWatch Logs now supports scheduled Logs Insights queries that run automatically on a recurring cadence and deliver results to Amazon S3 or Amazon EventBridge. This capability lets teams automate log analysis, track trends, and detect anomalies without manually re-running queries. Administrators can configure schedules via the Console, AWS CLI, AWS CDK, or SDKs, and store results for reporting or trigger incident workflows. The feature is available in multiple AWS regions across the US, Europe, Asia Pacific, and South America.

Amazon S3 Adds Post-Quantum TLS Key Exchange Support

🔐 Amazon S3 now supports post-quantum TLS key exchange on regional S3, S3 Tables, and S3 Express One Zone endpoints using the NIST-standardized Module Lattice-Based Key Encapsulation Mechanism (ML-KEM). PQ-TLS key exchange is available at no additional cost across all AWS regions and will be negotiated automatically when clients are configured for ML-KEM. Combined with server-side AES-256 encryption by default, S3 offers quantum-resistant protection for data both in transit and at rest.

AWS Cost Explorer: 18-Month Forecasts and Explainable AI

📈 AWS Cost Explorer now extends forecasting to 18 months and uses upgraded machine learning that can analyze up to 36 months of historical data (previously 6 months) to surface seasonal patterns and long-term growth trends. Two of these improvements are generally available, while AI-powered, explainable forecasts are offered in public preview in the console. The 18-month horizon is also exposed via the GetCostForecast API, enabling finance and engineering teams to improve annual budgeting, surface optimization opportunities, and present forecasts with greater stakeholder confidence.

AWS Directory Service Adds PrivateLink VPC Connectivity

🔒 AWS Directory Service now supports AWS PrivateLink, enabling you to route all Directory Service API and Directory Service Data API traffic through private VPC endpoints. This removes the need for internet gateways or NAT devices and reduces latency by creating requester-managed ENIs in enabled subnets. The feature covers directory management and user operations and is available in all Regions where AWS Directory Service is supported.

AWS enables console sign-in credentials for CLI and SDK

🔐 AWS now permits developers to use their existing AWS Management Console sign-in credentials for programmatic access via the AWS CLI, AWS Tools for PowerShell, and AWS SDKs after a brief browser-based authentication flow. The aws login command in AWS CLI v2.32.0 and later obtains automatically rotated, short-lived credentials to reduce reliance on long-term access keys. This capability is available in all commercial AWS regions and aims to streamline local development setup while improving security posture.

Amazon: Nation-State Cyber-Enabled Kinetic Targeting

🔎 Amazon Threat Intelligence reports a rising trend in which nation-state actors use cyber operations to collect real-time intelligence that directly supports physical attacks. The team calls this behavior cyber-enabled kinetic targeting, documenting campaigns that compromised AIS platforms, CCTV feeds, and enterprise systems. Amazon highlights multi-source telemetry and partner collaboration, urging defenders to expand threat models to address digital activities that enable kinetic outcomes.

Amazon Inspector: Org-wide Management via AWS Organizations

🔒 Amazon Inspector can now be enabled, configured, and managed centrally across your AWS Organization using a new Inspector policy type in AWS Organizations. Administrators designate a delegated admin, enable the Inspector policies policy type, and create policies that specify scan types (Amazon EC2, ECR, Lambda standard, Code Scanning, Code Security) and Regions. Once attached to a root, OU, or account, the policy automatically enables Inspector for all covered accounts — including new accounts that join or move into covered OUs — ensuring consistent vulnerability scanning coverage and reducing operational overhead.

Iranian APTs Used Cyber Espionage to Guide Missile Strikes

🎯 Amazon’s threat intelligence linked Iran-associated APT activity to missile strikes in the Red Sea and Israel, concluding cyber espionage provided direct targeting intelligence. The group known as Imperial Kitten queried AIS ship-tracking data days before a Houthi missile attempt, while MuddyWater gained access to compromised CCTV streams ahead of strikes on Jerusalem. Amazon terms this trend cyber-enabled kinetic targeting and urges maritime, surveillance, and critical infrastructure operators to expand threat models and harden systems that could be repurposed for physical attacks.

Operation WrtHug Hijacks Thousands of ASUS WRT Routers

🔒 Security researchers have uncovered Operation WrtHug, a global campaign that has hijacked thousands of largely end-of-life ASUS WRT routers by chaining at least six known vulnerabilities. Over roughly six months analysts identified about 50,000 unique infected IPs, predominantly in Taiwan, using a distinctive malicious self-signed AiCloud certificate with a 100-year lifetime as an indicator of compromise. Owners are urged to apply ASUS firmware updates or replace unsupported models and disable remote-access features to mitigate risk.

California Man Pleads Guilty in $25M Crypto Laundering

🔒 Kunal Mehta, a 45-year-old from Irvine, has pleaded guilty to laundering at least $25 million connected to a wider $230 million cryptocurrency theft. Court documents say Mehta served as a money launderer for a transnational ring that used social engineering between October 2023 and March 2025 to access victims' crypto accounts. Prosecutors allege he created multiple shell companies in 2024, routed wire transfers into bank accounts designed to appear legitimate, and typically charged a 10% fee for converting stolen crypto to cash. Investigators say the group employed mixers, peel chains, pass-through wallets, VPNs, and conversions to Monero, though operational mistakes helped link laundered funds back to the theft.

China-linked WrtHug operation hits thousands of ASUS WRT

🔒 SecurityScorecard's STRIKE team warns that Operation “WrtHug” has already compromised thousands of ASUS WRT routers worldwide by chaining six primarily legacy vulnerabilities to gain elevated privileges and persistence. The campaign abuses the ASUS AiCloud service and OS injection flaws, deploying a common self-signed TLS certificate with a 100-year expiry. SecurityScorecard notes geographic clustering, with up to 50% of victims in Taiwan, and assesses a likely China-affiliated ORB-style operation.

Fake CAPTCHA Leads to 42-Day Akira Ransomware Compromise

🔒 An employee clicking a fake CAPTCHA (a ClickFix social-engineering lure) on a compromised car dealership site began a 42-day intrusion by Howling Scorpius that delivered the .NET remote access Trojan SectopRAT and ultimately Akira ransomware. Two enterprise EDRs recorded activity but produced few alerts, enabling lateral movement, privilege escalation and the exfiltration of roughly 1 TB. Unit 42 deployed Cortex XSIAM, rebuilt hardened infrastructure, tightened IAM controls and negotiated about a 68% reduction in the ransom demand.

WhatsApp flaw allowed discovery of 3.5B registered numbers

🔍 Researchers from the University of Vienna and SBA Research found a flaw in WhatsApp's contact discovery that let them enumerate valid numbers globally, confirming about 3.5 billion registered accounts. By abusing the lookup mechanism they could probe numbers across 245 countries at rates exceeding 100 million checks per hour from a single IP. The technique also exposed public (non-private) keys, timestamps, profile photos and About text, enabling inference of device OS, account age and linked secondary devices, prompting Meta to add rate limits and tighter visibility rules.

CISA Orders Rapid Patching for New FortiWeb Flaw Directive

🔒 CISA has ordered U.S. federal agencies to remediate a FortiWeb OS command injection vulnerability (CVE-2025-58034) within seven days after reports of active exploitation. Fortinet warns the flaw can allow an authenticated attacker to execute unauthorized code via crafted HTTP requests or CLI commands. The agency added the issue to its Known Exploited Vulnerabilities Catalog and set a November 25 deadline under BOD 22-01. CISA cited related zero-day activity (CVE-2025-64446) and recommended expedited fixes.

CISA Releases Guide to Combat Bulletproof Hosting Abuse

🔒 CISA, working with U.S. and international partners, published Bulletproof Defense: Mitigating Risks from Bulletproof Hosting Providers to provide ISPs and network defenders with practical guidance to identify, disrupt, and mitigate abuse of bulletproof hosting. Bulletproof hosting enables obfuscation, command-and-control, malware delivery, phishing, and hosting of illicit content that supports ransomware, extortion, and DoS campaigns. The guide recommends traffic analysis, curated high-confidence malicious resource lists with automated reviews, customer notifications and filters, and standards for ISP accountability to reduce BPH effectiveness and strengthen network resilience.

CISA Adds Chromium V8 Type Confusion Vulnerability

⚠️CISA has added CVE-2025-13223, a Google Chromium V8 type confusion vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog following evidence of active exploitation. This class of flaw is a frequent attack vector and poses significant risk to the federal enterprise and other organizations using Chromium-based engines. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by the required due date; CISA strongly urges all organizations to prioritize timely patching and vulnerability management to reduce exposure.

EdgeStepper Enables PlushDaemon Update Hijacking Attacks

🛡️ ESET researchers describe how the China-aligned actor PlushDaemon uses a previously undocumented network implant called EdgeStepper to perform adversary-in-the-middle hijacks of software update flows. EdgeStepper, a Go-based MIPS32 implant, redirects DNS traffic to malicious resolvers that reply with IPs of attacker-controlled hijacking nodes, causing legitimate updaters to fetch counterfeit components such as LittleDaemon. The analysis details the implant's AES-CBC encrypted configuration (notably using the GoFrame default key), iptables redirection of UDP/53 to a local port, and the downloader chain (LittleDaemon and DaemonicLogistics) that stages and deploys the SlowStepper backdoor on Windows hosts.

Anthropic Reports AI-Enabled Cyber Espionage Campaign

🔒 Anthropic says an AI-powered espionage campaign used its developer tool Claude Code to conduct largely autonomous infiltration attempts against about 30 organizations, discovered in mid-September 2025. A group identified as GTG-1002, linked to China, is blamed. Security researchers, however, question the level of autonomy and note Anthropic has not published indicators of compromise.

AWS Network Firewall Adds Managed Rules from AWS Partners

🔒 AWS Network Firewall now supports managed rule groups from AWS Partners, enabling customers to deploy partner-maintained, automatically updated security rules directly into firewall policies. You can subscribe and deploy these pre-configured rule groups via the AWS Network Firewall console or through AWS Marketplace, with consolidated billing and potential long-term pricing benefits. Available sellers include Check Point, Fortinet, Infoblox, Lumen, Rapid7, ThreatSTOP, and Trend Micro in all AWS commercial regions where the services are offered.

Cloudflare Outage Highlights Risks of Single-Vendor Reliance

🔍 An intermittent outage at Cloudflare on Nov. 18 briefly disrupted many major websites and forced some customers to pivot DNS and routing to preserve availability. Those provisional workarounds may have exposed origin infrastructure by bypassing edge protections such as WAFs and bot management. Security teams should review OWASP-related logs, emergency DNS changes, and any ad hoc services or devices introduced during the outage. The incident underscores single-vendor risk and the need for formal fallback plans.

Hidden Comet AI Browser API Spurs Enterprise Alarm

⚠️ SquareX disclosed an undocumented API in the Comet AI browser that allows embedded extensions to execute arbitrary commands and launch applications, effectively bypassing long-standing browser safeguards. The feature was discovered in Comet’s Analytics Extension under a non-standard chrome.perplexity namespace and can be invoked via perplexity.ai, creating a covert execution channel. The API is exploitable through low-bar techniques such as extension stomping, XSS, or MitM, and Comet hides its embedded Analytics and Agentic extensions from the extension dashboard so users cannot disable them.

Data Breach at Eurofiber France Affects Ticketing Systems

🔐 Eurofiber Group said its French subsidiary, Eurofiber France, experienced a breach after attackers exploited a software vulnerability to access its ticket management system and exfiltrate data. The company stated that sensitive bank details and other critical data were not affected. The incident impacted the ATE cloud portal and regional sub-brands (Eurafibre, FullSave, Netiwan, Avelia). Eurofiber says it closed the vulnerability, strengthened controls and engaged cybersecurity experts to support customers.

PlushDaemon Deploys EdgeStepper AitM Malware Globally

🛡️ A China-aligned group known as PlushDaemon has been observed deploying a previously undocumented network implant, codenamed EdgeStepper, to perform adversary-in-the-middle DNS attacks. ESET researchers found an ELF sample (internally called dns_cheat_v2) that forwards DNS traffic to attacker-controlled nodes, enabling update hijacking. Operators then deploy downloaders LittleDaemon and DaemonLogistics to install espionage backdoors.

EdgeStepper Backdoor Reroutes DNS to Hijack Updates

🔒 ESET researchers disclosed a Go-based network backdoor dubbed EdgeStepper, used by the China-aligned actor PlushDaemon to reroute DNS queries and enable adversary-in-the-middle (AitM) attacks. EdgeStepper forces update-related DNS lookups to attacker-controlled nodes, delivering a malicious DLL that stages additional components. The chain targets update mechanisms for Chinese applications including Sogou Pinyin and ultimately fetches the SlowStepper backdoor to exfiltrate data.

PlushDaemon Hijacks Software Updates in Supply-Chain Attacks

🔒 PlushDaemon operators are hijacking software-update traffic using a new network implant named EdgeStepper, ESET researchers report. Attackers compromise routers via known vulnerabilities or weak credentials, intercept DNS queries, and redirect update requests to malicious infrastructure. Trojanized updates deliver a DLL downloader (LittleDaemon), which stages DaemonicLogistics and ultimately loads the SlowStepper backdoor on Windows systems, targeting manufacturers, universities, and industrial sites across multiple countries.

AWS PrivateLink Adds Cross-Region Connectivity for Services

🔒 AWS now enables native cross-region connectivity for AWS PrivateLink, allowing Interface VPC endpoints to reach supported AWS services hosted in other Regions within the same partition. Service consumers can access S3, Route 53, ECR and more via private IPs in their VPCs without cross-region peering or traversing the public internet. This simplifies global private networking and supports data residency and security requirements.

Active Exploitation of 7-Zip Symbolic Link Flaw Now

⚠️A high-severity vulnerability (CVE-2025-11001, CVSS 7.0) in 7-Zip that mishandles symbolic links in ZIP archives is being actively exploited in the wild, NHS England Digital warns. The flaw can trigger directory traversal and enable remote code execution and was addressed in 7-Zip 25.00 released in July 2025. A related issue, CVE-2025-11002, was also fixed in that release. Proof-of-concept exploits are public, and exploitation requires an elevated Windows user or service account or developer mode enabled, so users should apply the update immediately.

Amazon EKS Adds Enhanced Container Network Observability

🔍 Amazon EKS now delivers enhanced container network observability with granular, network-related metrics and integrated console visualizations to help teams monitor and troubleshoot Kubernetes networking on AWS. Powered by Amazon CloudWatch Network Flow Monitor, the capabilities reveal cross-AZ flows, top-talkers, retransmissions, and retransmission timeouts for faster root cause analysis. Teams can ingest metrics into their preferred observability stacks and use the console views to eliminate blind spots during incidents. These features are available in all commercial Regions where CloudWatch Network Flow Monitor is offered.

Python WhatsApp Worm Spreads Eternidade Stealer Across Brazil

📲 Trustwave SpiderLabs describes a Python-based WhatsApp worm that propagates a Delphi credential stealer named Eternidade Stealer across Brazilian devices. The campaign begins with an obfuscated Visual Basic Script dropper that installs both a Python WPPConnect-based propagator and an MSI/AutoIt installer which injects the stealer into svchost.exe. Operators use IMAP to fetch dynamic C2 addresses and apply Brazilian Portuguese geofencing to limit infections to the target region.

Eternidade Stealer: WhatsApp Worm Targets Brazil's Ecosystem

🔒 Trustwave SpiderLabs has identified Eternidade Stealer, a multi-component banking Trojan that combines a Python-based WhatsApp-propagating worm, a Delphi stealer and an MSI dropper to harvest financial credentials and spread laterally. The campaign uses an obfuscated VBScript to deliver two payloads, dynamically retrieves command-and-control via IMAP and activates only on systems using Brazilian Portuguese. Defenders should watch for unexpected MSI or script executions, suspicious WhatsApp messages and indicators linked to the campaign.

AWS CloudTrail Data Event Aggregation for Monitoring

🔍 AWS announced aggregated CloudTrail data events to help teams monitor high-volume API activity without processing every individual event. Aggregations consolidate data events into 5-minute summaries that surface trends such as access frequency, error rates, and top actions while preserving access to detailed events when required. You can enable aggregation via the console or CLI and choose from pre-built templates for API activity, resource access, and user activity. Aggregations are billed based on the number of data events analyzed and are available in all commercial Regions.

US, UK, Australia Sanction Russian Bulletproof Hosts

🔒 The US, UK, and Australia have sanctioned Russian bulletproof hosting provider Media Land and related companies for supporting ransomware gangs such as LockBit, BlackSuit, and Play. Three executives were also designated and assets frozen, while clients and facilitators face secondary sanctions. Five Eyes agencies issued guidance for ISPs to detect and block BPH-enabled abuse.

Fortinet Warns: FortiWeb Command Injection CVE-2025-58034

🔔 Fortinet has issued an advisory about a newly discovered FortiWeb vulnerability, CVE-2025-58034, rated CVSS 6.7 and reported as being exploited in the wild. The flaw is an OS command injection that allows an authenticated attacker, who has gained access by other means, to execute arbitrary commands via crafted HTTP requests or CLI input. Fortinet provides version-based upgrade guidance to remediate the issue and credited a Trend Micro researcher for reporting the bug.

Sneaky2FA PhaaS Adds Browser-in-the-Browser Deception

🔒 Sneaky2FA has integrated a Browser-in-the-Browser (BitB) pop-up that impersonates Microsoft sign-in windows and adapts to the victim’s OS and browser. Used alongside its existing SVG-based and attacker-in-the-middle (AitM) proxying, the BitB layer renders a fake URL bar and loads a reverse-proxy Microsoft login to capture credentials and active session tokens, enabling access even when 2FA is active. The kit also employs heavy obfuscation and conditional loading to evade analysis.

AWS NAT Gateway Adds Regional Availability Mode Across AZs

📢 Amazon Web Services (AWS) has introduced a regional availability mode for NAT Gateways, enabling a single NAT Gateway to automatically expand and contract across Availability Zones within your VPC. A regional NAT Gateway does not require a public subnet and removes the need to create or delete AZ-specific NATs or edit route tables when workloads shift. The feature supports Amazon-provided IPs and bring your own IP (BYOIP) and is available in all commercial AWS Regions except AWS GovCloud (US) and the China Regions.

Amazon GuardDuty Malware Protection for AWS Backup

🔒 Amazon announced GuardDuty Malware Protection for AWS Backup, extending malware detection to backups of Amazon EC2 instances, Amazon EBS volumes, and Amazon S3 objects. The capability automatically scans new backups, supports on-demand scans of existing backups, and can identify the last known clean backup to reduce recovery impact. It offers incremental scanning to analyze only changed data between backups, lowering costs versus full rescans, and can be enabled even if GuardDuty foundational data sources are not active. The feature is available in supported Regions and accessible via the AWS Backup console, API, or CLI.

AWS API Gateway Portals: Managed Developer Portals

🔧 Amazon API Gateway now offers Portals, a fully managed, AWS-native developer portal for discovering, documenting, governing, and monetizing REST APIs across accounts. Portals automatically discover existing APIs, generate documentation with a "Try It" experience, and support custom content, branding, access controls, and analytics via CloudWatch RUM. This reduces onboarding time and keeps API configurations within AWS boundaries to reduce third-party security risks.

AWS S3 bucket-level setting to standardize encryption

🔒 Amazon S3 now provides a bucket-level default encryption configuration to enforce SSE-S3 or SSE-KMS for all write requests, allowing organizations to standardize server-side encryption types across buckets. The PutBucketEncryption API update lets you disable SSE-C on specific buckets or in CloudFormation templates. This capability is available in all AWS Regions and configurable via Console, SDK, API, or CLI. It helps simplify compliance and reduce misconfiguration risk.

Amazon FSx Adds File Server Resource Manager Support

🗂️ Amazon FSx for Windows File Server now supports File Server Resource Manager (FSRM), enabling file classification, file screening, folder-level quotas, and storage reporting for managed Windows file systems. FSRM events can be published to Amazon CloudWatch Logs or streamed to Amazon Kinesis Data Firehose and used to trigger AWS Lambda for automated responses and workflows. The capability is available today at no additional cost for new file systems across all Regions where FSx is offered; existing file systems will gain support during a scheduled maintenance window.

ShinySp1d3r RaaS Emerges - New Encryptor by ShinyHunters

🕷️ An in-development build of the ShinySp1d3r ransomware-as-a-service has surfaced, revealing a Windows encryptor developed by threat actors linked to ShinyHunters and affiliates. The sample shows ChaCha20 file encryption with RSA-2048 key protection, per-file headers beginning with "SPDR" and ending with "ENDS", and automated propagation methods via SCM, WMI, and GPO. The build includes process-killing, EtwEventWrite hooking, free-space overwriting, shadow-copy deletion, anti-analysis measures, and deploys a ransom note (R3ADME_1Vks5fYe.txt) plus a wallpaper; Linux and ESXi versions are reportedly in progress.

Amazon OpenSearch Serverless: Console Backup & Restore

🗄️ Amazon OpenSearch Serverless now supports backup and restore via the AWS Management Console, giving administrators a graphical option to manage snapshots. The service automatically creates backups for all collections and indexes every hour and retains them for 14 days; this behavior is enabled by default and requires no configuration. Restores can be initiated from either the Console or the API, simplifying recovery and operational workflows for serverless search deployments.

AWS launches RISP Group Sharing for org-level cost control

💼 AWS announced general availability of Reserved Instances and Savings Plans (RISP) Group Sharing, a Billing and Cost Management feature that gives organizations granular control over how commitments are distributed across accounts and business units. Administrators create groups using AWS Cost Categories and choose Prioritized or Restricted sharing to align savings or enforce isolation. The feature is available in all Regions except AWS GovCloud (US) and China and can be enabled from Billing preferences.

Amazon DynamoDB Adds Multi-Attribute Composite Keys to GSIs

🆕 Amazon DynamoDB now supports composite primary keys composed of up to eight attributes in global secondary indexes. Partition and sort keys can each include up to four attributes, removing the need to create synthetic concatenated keys and perform backfills. Multi-attribute keys improve data distribution and uniqueness while enabling left-to-right filtering on sort key attributes. The capability is available at no extra cost across all AWS Regions and can be created via the Console, CLI, SDKs, or API.

CIO: Embed Security into AI from Day One at Scale

🔐 Meerah Rajavel, CIO at Palo Alto Networks, argues that security must be integrated into AI from the outset rather than tacked on later. She frames AI value around three pillars — velocity, efficiency and experience — and describes how Panda AI transformed employee support, automating 72% of IT requests. Rajavel warns that models and data are primary attack surfaces and urges supply-chain, runtime and prompt protections, noting the company embeds these controls in Cortex XDR.

CISA Guide: Mitigating Risks from Bulletproof Hosting

🛡️ CISA, with NSA, DoD CyCC, FBI and international partners, released Bulletproof Defense: Mitigating Risks from Bulletproof Hosting Providers to help ISPs and network defenders disrupt abuse by bulletproof hosting (BPH) providers. The guide defines BPH as providers who knowingly lease infrastructure to cybercriminals and outlines practical measures — including curated malicious resource lists, targeted filters, traffic analysis, ASN/IP logging, and intelligence sharing — to reduce malicious activity while minimizing disruption to legitimate users.

CISA Releases Guides to Safeguard Infrastructure from UAS

🛡️ CISA released three new Be Air Aware™ guides to help critical infrastructure owners and operators identify and mitigate risks posed by unmanned aircraft systems (UAS). The publications include Unmanned Aircraft System Detection Technology Guidance for Critical Infrastructure, Suspicious Unmanned Aircraft System Activity Guidance for Critical Infrastructure Owners and Operators, and Safe Handling Considerations for Downed Unmanned Aircraft Systems. Developed with government and industry partners, the guides provide practical options to integrate UAS threats into existing security and emergency response plans. CISA encourages organizations to adopt the recommendations to strengthen resilience and align with related directives.

AWS launches Billing Transfer for multi-organization billing

🔁 AWS introduces Billing Transfer, enabling a single management account to centrally collect invoices, process payments, and run detailed cost analysis across multiple AWS Organizations while preserving each management account’s security autonomy. The feature integrates with AWS Billing Conductor to protect proprietary pricing and support advanced cost allocation strategies. AWS offers a free trial through May 31, 2026; starting June 1, 2026 organizations using a Customer managed pricing plan will incur a $50 per-organization fee. Billing Transfer is available in all public AWS Regions except GovCloud and China (Beijing, Ningxia).

Amazon Route 53 Adds AWS PrivateLink for API Access

🔒 Amazon Route 53 now supports AWS PrivateLink for the route53.amazonaws.com API, enabling private, regional connectivity from VPCs to the Route 53 API without traversing the public internet. This allows workloads to manage hosted zones, records, and health checks over the AWS backbone and simplifies networking by removing the need for complex private connectivity. Support is global except in AWS GovCloud and China, and cross-region interface VPC endpoints enable native multi-region access.

AWS Marketplace Adds A2A Server Support for AgentCore

🛠️ AWS Marketplace now supports Agent-to-Agent (A2A) servers and streamlined deployment for third-party AI agents built for Amazon Bedrock AgentCore Runtime. The update pre-populates required environment variables in the AgentCore console and adds AWS CLI instructions within Marketplace listings so customers can procure and deploy A2A servers directly. AWS Partners can list A2A and MCP servers and containerized AgentCore Runtime products, define vendor launch configurations, and enable flexible pricing (including free API-based SaaS) to accelerate onboarding. These capabilities reduce deployment complexity and add protocol flexibility to meet diverse customer needs.

AWS Designated Critical Third-Party Provider under DORA

🔐 Amazon Web Services has been designated a critical third-party provider (CTPP) by the European Supervisory Authorities under the EU’s DORA regulation, which took effect in January 2025. The designation establishes a formal oversight relationship between AWS and the ESAs and signals heightened regulatory engagement for financial services customers operating in the EU. AWS says it will continue investing in compliance, operational resilience, risk management, and transparency, and will support customers with documentation, whitepapers, and a dedicated security and compliance team to help meet DORA obligations.

AWS Introduces E-Invoice Delivery for Ariba, Coupa

📥 AWS announced general availability of its new E-Invoice delivery capability that lets customers connect their SAP Ariba and Coupa procurement portals to AWS to retrieve purchase orders and deliver PO-matched invoices back on the same day. Customers can onboard via the AWS Billing and Cost Management console and track invoice delivery status in both systems. The feature is available in all AWS Regions except GovCloud (US) and the China regions. This streamlines invoice processing and reduces manual reconciliation.

ServiceNow Now Assist agents vulnerable by default settings

🔒 AppOmni disclosed a second-order prompt injection that abuses ServiceNow's Now Assist agent discovery and agent-to-agent collaboration to perform unauthorized actions. A benign agent parsing attacker-crafted prompts can recruit other agents to read or modify records, exfiltrate data, or escalate privileges — all enabled by default configuration choices. AppOmni recommends supervised execution, disabling autonomous overrides, agent segmentation, and active monitoring to reduce risk.

Hijacked VPN Credentials Drive Half of Ransomware Access

🔐 Beazley's Q3 2025 analysis shows ransomware activity rose, with three groups — Akira, Qilin and INC Ransomware — responsible for 65% of leak posts and an 11% increase in leaks versus the prior quarter. Initial access increasingly relied on valid VPN credentials (48% of incidents, up from 38%), with external service exploits accounting for 23%. The report highlights an Akira campaign abusing SonicWall SSLVPNs via credential stuffing where MFA and lockout controls were absent, and warns that stolen credentials and new infostealer variants like Rhadamanthys are fuelling the underground market. Beazley urges adoption of comprehensive MFA, conditional access and continuous vulnerability management to mitigate risk.

Amazon ECR adds Archive storage class and lifecycle rules

📦 Amazon Web Services announced a new Amazon ECR Archive storage class to lower costs for large volumes of rarely accessed container images. Lifecycle policies can now archive images by last pull time, age, or count, and archived images are excluded from repository image limits. Archived images are inaccessible for pulls but can be restored via Console, CLI, or API within about 20 minutes, and all operations are logged to CloudTrail; the feature is available in AWS Commercial and GovCloud (US) Regions.

AWS IAM Adds aws:SourceVpcArn for Region Controls Support

🔒 AWS Identity and Access Management (IAM) introduces the global condition key aws:SourceVpcArn, which returns the ARN of the VPC where a VPC endpoint is attached. Administrators can apply this key in IAM policies to enforce region-based controls for resources accessed via AWS PrivateLink, restricting access to VPC endpoints in specified regions. The new condition key helps meet data residency and compliance requirements and is available in all commercial AWS Regions.

AWS VPC IPAM Policies Enforce Public IPv4 Allocation

🛡️ AWS now lets administrators enforce a centralized IP allocation strategy using VPC IPAM policies, ensuring public IPv4 addresses for resources like NAT Gateways and Elastic IPs are allocated from specified IPAM pools. The centrally defined policy cannot be overridden by individual teams, improving compliance and simplifying network and security management. Available in all AWS commercial and GovCloud (US) Regions, this feature works with both Free and Advanced IPAM tiers and enables cross-account, cross-region policy control when using the Advanced tier.

AWS Cost Anomaly Detection Adds Managed Monitors for Tags

📈 AWS Cost Anomaly Detection now supports managed monitors that can track all linked accounts, cost allocation tags, or cost categories with a single configuration. Previously limited to AWS service scopes, the new capability automatically separates monitoring for each tag or account value and adapts as organizational tags or accounts change. The feature is available today in all commercial AWS Regions at no additional charge.

Europol Disrupts $55M in Crypto Linked to Piracy Ring

🔎 A coordinated Europol-led operation, Intellectual Property Crime Cyber-Patrol Week, targeted online piracy and IP infringement across Europe. Thirty investigators using advanced OSINT methods identified 69 suspect sites, of which 25 illicit IPTV services were referred to crypto service providers and 44 were added to ongoing probes. Authorities traced roughly $55m in cryptocurrency flows tied to those services. The exercise also tested new technologies and reinforced cross-border collaboration among more than 15 countries and private partners.

CISA Urges Critical Infrastructure to Be Air Aware

🛡️ CISA urges critical infrastructure owners and operators to adopt a year‑round approach to managing risks from unmanned aircraft systems (UAS) and highlights its Be Air Aware(TM) campaign. The agency released three new guidance products including Suspicious Unmanned Aircraft System Activity Guidance, Safe Handling Considerations for Downed UAS, and UAS Detection Technology Guidance. CISA also offers regional assessments, exercise design, temporary flight restriction coordination for high‑risk events, and bombing prevention assistance to help organizations detect, mitigate, and respond to UAS incidents.

AWS Data Exports Adopt FOCUS 1.2 Schema for Cost Management

🔔 AWS announced general availability of AWS Data Exports supporting the FOCUS 1.2 schema, enabling customers to export standardized cost and usage data to Amazon S3. The release preserves the four-cost-column structure (ListCost, ContractedCost, BilledCost, EffectiveCost) from FOCUS 1.0 while adding fields for broader enterprise use cases. Key capabilities include invoice reconciliation, capacity reservation tracking to find unused reservations, and virtual currency support for multi-cloud and SaaS cost scenarios. The export is available in US East (N. Virginia) and covers all AWS Regions except AWS GovCloud (US) and AWS China Regions.

AWS Organizations Enables Direct Account Transfers

🔁 AWS Organizations now supports direct transfers of accounts between organizations, removing the prior need to convert an account to a standalone entity during moves. The simplified transfer preserves governance controls, consolidated billing, and account settings and uses the same console and APIs (invite and accept). This capability is available in all commercial AWS Regions and the AWS GovCloud (US) Regions.

AWS Get Invoice PDF API Generally Available in US East

📄 AWS has made the Get Invoice PDF API generally available, enabling customers to programmatically download invoice PDF artifacts via SDK or API calls. Callers submit an AWS Invoice ID and receive pre-signed Amazon S3 URLs for immediate download of invoice and supplemental PDF documents. For bulk retrieval, customers can call List Invoice Summaries to obtain Invoice IDs for a billing period and then invoke Get Invoice PDF for each artifact. The API is deployed in US East (N. Virginia) and is accessible to customers in commercial regions except China.

AWS Cost Optimization Hub Adds Cost Efficiency Metric

📈 AWS has introduced a Cost Efficiency metric in the AWS Cost Optimization Hub to help organizations measure the percentage of cloud spend that can be optimized. The metric divides aggregated estimated monthly savings from rightsizing, idle, and commitment recommendations by optimizable spend and refreshes daily. It surfaces trend data so teams can benchmark performance, set cost-savings goals, and observe improvements or regressions as resources are changed. Cost Efficiency is available in all Regions where the hub is supported and setup guidance is provided in the user guide and accompanying blog.

Google Named Leader in Gartner MQ for AI Platforms

🚀 Google has been named a Leader in the inaugural 2025 Gartner Magic Quadrant for AI Application Development Platforms and ranked highest for Ability to Execute. The announcement highlights Vertex AI as a unified, governed platform that delivers model choice, customization, and production-grade agent capabilities across an enterprise. Key capabilities cited include the Vertex AI Model Garden and Gemini 3, Vertex AI Training, Agent Builder and Agent Engine for multi-agent systems, and operational controls for observability, security, and predictable cost.

AWS Channel Partner Billing Transfer for Reselling Services

🧾 AWS Channel Partners in the Solution Provider and Distribution programs can now resell AWS services using Billing Transfer. This capability allows partners to assume financial responsibility for customer AWS Organizations while customers retain full control of their management accounts. Partners centrally manage billing and payments, receive eligible program benefits on partner-delivered bills, and can use new Partner Central APIs for channel reporting and incentive qualification.

Amazon Connect: Configure Ring Time for Outbound Campaigns

📞 Amazon Connect outbound campaigns now let campaign managers set ring duration from 15 to 60 seconds before a call is marked no answer and the dialer moves on. Each contact logs ring start and end timestamps for detailed, per-call reporting and traceability. The change enables tuning dialing behavior to audience patterns to improve contact rates and agent productivity. The feature is available in multiple AWS regions and follows the platform’s pay-as-you-go billing model.

Amazon SageMaker Catalog Adds Column-Level Metadata

📣 Amazon SageMaker Catalog now supports custom column-level metadata forms and markdown-enabled rich text descriptions so data stewards can attach business-specific key-value metadata and formatted documentation directly to individual columns. Form values and rich text are indexed in real time and become immediately searchable alongside column names, descriptions, and glossary terms. This capability is available in all AWS Regions where SageMaker is supported.

Amazon MSK Console and Public APIs for Kafka Topics

🔍 Amazon Managed Streaming for Apache Kafka (Amazon MSK) now exposes topic listings and detailed topic views directly in the MSK console and via three new public APIs. You can browse and search topics within a cluster, quickly review replication settings and partition counts, and drill into per-topic configuration and partition-level metrics without installing Kafka admin clients. The new ListTopics, DescribeTopic, and DescribeTopicPartitions APIs are available through the AWS CLI and SDKs; these features require MSK Provisioned clusters running Kafka 3.6+ and appropriate IAM permissions.

Phil Venables on CISO 2.0 and Building CISO Factories

🔒 In this Cloud CISO Perspectives installment, Phil Venables explains how AI is reshaping the chief information security officer role and urges a shift from reactive “fire station” operations to a self-sustaining “flywheel.” He defines CISO 2.0 as business-first, technically empathetic, and focused on long-term strategic outcomes, and introduces CISO Factories—organizations that reliably develop great security leaders. Venables emphasizes clear strategy, stronger board engagement, and using procurement influence to drive safer supplier behavior.

Amazon ECS Managed Instances: Configurable Scale-In Delay

🚀 Amazon ECS Managed Instances now lets you configure a scale-in delay so you can better align instance terminations with workload patterns and business requirements. You can set the scaleInAfter parameter to any value up to 60 minutes, or set it to -1 to disable automatic infrastructure optimization and allow instances to remain until they are patched after 14 days. Configure scaleInAfter when creating or updating an ECS Managed Instances capacity provider via the ECS API, console, SDKs, CDK, or CloudFormation. This capability is available in all commercial AWS Regions and helps teams balance cost optimization against availability.

Hidden Risks in DevOps Stacks and Data Protection Strategies

🔒 DevOps platforms like GitHub, GitLab, Bitbucket, and Azure DevOps accelerate development but also introduce data risks from misconfigurations, exposed credentials, and service outages. Under the SaaS shared responsibility model, customers retain liability for protecting repository data and must enforce MFA, RBAC, and tested backups. Third-party immutable backups and left-shifted security practices are recommended to mitigate ransomware, insider threats, and accidental deletions.

Vulnerability-Informed Hunting: Nexus of Risk and Intel

🔎 Vulnerability-informed hunting transforms static vulnerability scans into dynamic intelligence by enriching CVE data with asset context, exploit activity and threat feeds. The article shows how mapping vulnerabilities to adversary behaviors (for example, Log4Shell, ProxyShell and Zerologon) lets teams run focused hunts that detect exploitation or reveal telemetry gaps. It advocates a continuous loop where hunts inform detection engineering, improving logging, SIEM content and overall resilience.

Legal Limits on Vulnerability Disclosure and Research Rights

🔒 Kendra Albert's USENIX talk, highlighted by Bruce Schneier, argues that modern managed bug bounty programs often impose contractual confidentiality that prevents researchers from publicly sharing vulnerabilities. These restrictions can flip the original bargain of coordinated vulnerability disclosure, silencing researchers while allowing vendors to delay or avoid fixes. Schneier urges platforms and companies to prohibit mandatory non‑disclosure terms and restore the balance between researcher reporting and vendor remediation.

Application Containment and Ringfencing for Zero Trust

🔒 Ringfencing, or granular application containment, enforces least privilege for authorized software by restricting file, registry, network, and interprocess access. It complements allowlisting by preventing misuse of trusted tools that attackers commonly weaponize, such as scripting engines and archivers. Effective rollout uses a monitoring agent, simulated denies, and phased enforcement to minimize operational disruption. Properly applied, containment reduces lateral movement, blocks mass exfiltration and ransomware encryption while preserving business workflows.

Addressing Password Management Challenges to Protect Data

🔒 Enterprises and SMBs have invested heavily in authentication and IAM, but those controls are only as strong as password management. Compromised credentials remain a leading cause of breaches while the average employee manages over 100 accounts, creating operational and compliance burdens. Dedicated password managers can cut support costs by up to 80% and lower incident rates, but success requires strong user adoption and integration with SSO, MFA, LDAP/AD and privileged access systems.

Behind the Firewall: Cyber Professionals with Disabilities

🔒 Surveys and first‑person accounts reveal persistent inclusion gaps for cyber professionals with disabilities and neurodivergence. UK research (Decrypting Diversity 2021) and Deloitte’s Disability Inclusion @ Work 2024 show many report barriers to progression and frequent denial of accommodations. Three practitioners — a security awareness leader, a former cyber risk analyst and a commercial sales manager — describe bias, resilience and concrete steps for leaders: ask rather than assume, build empathy, offer flexibility and provide structural supports.

Using AI to Avoid Black Friday Price Manipulation and Scams

🛍️ Black Friday shopping is increasingly fraught with staged discounts and manipulated prices, but large language models (LLMs) can help shoppers cut through the noise. Use AI like ChatGPT, Claude, or Gemini to build a wish list, track historical prices, compare alternatives, and vet sellers quickly. The article provides step-by-step prompts for price analysis, seller verification, local-market queries, and model-specific requests, and recommends security measures such as using a separate card and installing Kaspersky Premium to reduce fraud risk.