Cloud Controls Tighten as AI Platforms Add Guardrails

Nano Banana Pro: Gemini 3 Pro Image for Enterprise Use

🎨 Google is unveiling Nano Banana Pro (Gemini 3 Pro Image), a high-fidelity image generation and editing model available today in Vertex AI and Google Workspace, with a rollout to Gemini Enterprise coming soon. The model supports multi-language text rendering and on-image translation, connects to Google Search for context-aware outputs, and accepts up to 14 reference images and 4K inputs for production-grade assets. Built-in SynthID watermarking and planned copyright indemnification address commercial use and responsible deployment.

Google Cloud to Launch New Cloud Region in Türkiye

🚀 Google Cloud announced plans to open a new cloud region in Türkiye in partnership with Turkcell, forming part of a 10-year, $2 billion investment in the country. The region will deliver low-latency, high-performance services and advanced AI, data analytics, and cybersecurity capabilities while providing data residency and strong protection controls. Local enterprises, public sector organizations, and partners will gain enhanced scalability, compliance, and the ability to deploy AI-driven solutions closer to end users.

OpenAI's GPT-5.1 Codex-Max Can Code Independently for Hours

🛠️OpenAI has rolled out GPT-5.1-Codex-Max, a Codex variant optimized for long-running programming tasks and improved token efficiency. Unlike the general-purpose GPT-5.1, Codex is tailored to operate inside terminals and integrate with GitHub, and OpenAI says the model can work independently for hours. It is faster, more capable on real-world engineering tasks, uses roughly 30% fewer "thinking" tokens, and adds Windows and PowerShell capabilities. GPT-5.1-Codex-Max is available in the Codex CLI, IDE extensions, cloud, and code review.

AWS Cloud WAN Routing Policy for Traffic Control, Flexibility

🌐 AWS has announced the general availability of AWS Cloud WAN Routing Policy, delivering fine-grained controls to optimize route management and traffic behavior across global wide-area networks. The feature supports route filtering, summarization, and advanced BGP attribute configuration to limit unnecessary route propagation, prevent asymmetric or sub‑optimal paths, and contain reachability blast radius. It also exposes enhanced routing database visibility for faster troubleshooting in complex multi‑path hybrid environments. Routing Policy is available in all Regions where Cloud WAN is offered and can be enabled via the Management Console, CLI, or SDK at no additional charge.

Amazon S3 Adds Attribute-Based Access Control (ABAC)

🏷️ Amazon S3 now supports attribute-based access control (ABAC) for general purpose buckets, allowing organizations to use bucket tags to automatically manage permissions. Instead of constantly editing IAM or bucket policies, administrators can create policies that reference bucket tags and grant access by adding or modifying tags. Enable ABAC with the S3 PutBucketAbac API and manage tags via TagResource/UntagResource; you can also require tags at bucket creation to enforce standards. The feature is available in all AWS Regions at no additional cost via the Console, REST API, CLI, SDK, and CloudFormation.

BigQuery Agent Analytics: Stream and Analyze Agent Data

📊 Google introduces BigQuery Agent Analytics, an ADK plugin that streams agent interaction events into BigQuery to capture, analyze, and visualize performance, usage, and cost. The plugin provides a predefined schema and uses the BigQuery Storage Write API for low-latency, high-throughput streaming of requests, responses, and tool calls. Developers can filter and preprocess events (for example, redaction) and build dashboards in Looker Studio or Grafana while leveraging vector search and generative AI functions for deeper analysis.

Android Quick Share Interoperability with AirDrop Security

🔒 Google announced cross-platform file sharing between Android and iOS by making Quick Share interoperable with AirDrop, beginning with the Pixel 10 Family. The company emphasizes a "secure by design" approach that included threat modeling, internal security and privacy reviews, and in-house penetration testing. The interoperability layer is implemented in Rust to reduce memory-safety risks in parsing wireless data, and transfers are direct peer‑to‑peer without routing content through servers. Google also engaged third‑party testers and experts who validated the implementation and found no information leakage.

AWS CloudTrail Insights Adds Data-Event Anomaly Detection

🔍 AWS CloudTrail Insights now analyzes data events as well as management events, automatically detecting anomalies in data access patterns such as unexpected surges in S3 delete calls or increased Lambda error rates. When unusual activity is found, CloudTrail generates an Insights event that includes the relevant data events and can trigger alerts for rapid investigation. The capability is available in all regions where CloudTrail is offered; additional charges apply for data-event Insights.

CrowdStrike Extends DSPM to Runtime for Cloud Data

🔒 CrowdStrike Falcon Data Protection for Cloud is now generally available, extending traditional DSPM into runtime to provide continuous visibility and protection for sensitive data in motion. Leveraging eBPF-powered monitoring, it detects unauthorized or risky data transfers across APIs, SaaS, containers, databases, and cloud storage without proxies or added infrastructure. The solution combines unified classification with integrated investigation and automated response, plus SIEM streaming and a lightweight Linux sensor for rapid deployment.

AWS Step Functions Adds Local TestState API for Workflows

🔧 AWS Step Functions' TestState API now supports local unit testing of complete workflows, including advanced constructs like Map and Parallel states, without deploying state machines to AWS. Developers can mock AWS service integrations and opt into API contract validation so mocked responses align with actual service outputs, improving test fidelity. TestState calls integrate with frameworks such as Jest and pytest and can be used in CI/CD pipelines; the feature is available via the AWS SDK and CLI in all Regions where Step Functions is offered.

AWS Landing Zone Accelerator: Universal Configuration

🔒 AWS has released the Landing Zone Accelerator on AWS sample security baseline called the Universal Configuration, designed to deploy a secure, multi-account environment rapidly. It encodes AWS Well‑Architected security best practices and automates hundreds of controls to accelerate compliance for regulated workloads. The release is paired with the LZA Compliance Workbook on AWS Artifact, which maps technical controls to frameworks such as NIST, ISO, HIPAA, and CMMC.

BigQuery Data Transfer Service Enhancements and Compliance

🔔 The BigQuery Data Transfer Service expands its connector ecosystem with new GA integrations (Oracle, Salesforce, ServiceNow, SFMC, Facebook Ads, and GA4) and preview connectors like Stripe, PayPal, Snowflake, and Hive. Platform improvements include event-driven transfers, incremental ingestion, GAQL-based custom Google Ads reports, and enhanced Oracle scale. Security and compliance gains—EU Data Boundary GA, FedRAMP High, CJIS, access transparency, regional endpoints, and key usage tracking—support regulated workloads. A new consumption-based pricing model applies to third-party connectors once they reach GA.

Amazon SageMaker Studio Integrates EMR on EKS with SSO

🔒 Amazon SageMaker Unified Studio now supports EMR on EKS as a compute option for interactive Apache Spark sessions, bringing containerized, large-scale distributed compute with automatic scaling and cost optimizations directly into the Studio environment. The feature adds trusted identity propagation through AWS Identity Center, enabling single sign-on and end-to-end data access traceability for interactive analytics. Data practitioners can use corporate credentials to access Glue Data Catalog resources from SageMaker JupyterLab while administrators retain fine-grained access controls and audit trails. This capability is available in all existing SageMaker Unified Studio regions.

SageMaker Studio: Long‑Running Sessions with Corporate IDs

⏳ Amazon SageMaker Unified Studio now supports long-running background sessions using corporate identities via AWS IAM Identity Center's trusted identity propagation (TIP). Users can launch interactive notebooks and data processing on SageMaker, Amazon EMR, and AWS Glue that persist when they log off or experience network or credential interruptions. Sessions retain corporate permissions and can run up to 90 days (default 7 days), reducing the need for continuous monitoring and improving productivity for multi-hour or multi-day workloads.

AWS Expands R8i and R8i-flex Instances to Three Regions

⚡ Amazon EC2 R8i and R8i-flex instances are now available in Asia Pacific (Sydney), Canada (Central), and US West (N. California). Powered by AWS-exclusive custom Intel Xeon 6 processors, they offer up to 15% better price-performance and 2.5× the memory bandwidth versus prior Intel-based instances, and about 20% higher performance than R7i. R8i-flex provides common memory-optimized sizes from large to 16xlarge for workloads that underutilize CPU; R8i includes 13 sizes, two bare-metal options and a new 96xlarge, and is SAP-certified at 142,100 aSAPS. Available via Savings Plans, On-Demand, and Spot.

ShadowRay 2.0 Worm Uses Ray Flaw to Build Global Botnet

🪲 Oligo Security warns of an active campaign, codenamed ShadowRay 2.0, that exploits a two-year-old authentication flaw in the Ray AI framework (CVE-2023-48022, CVSS 9.8) to convert exposed clusters with NVIDIA GPUs into a self-replicating cryptomining botnet using XMRig. Operators submit malicious jobs to the unauthenticated Job Submission API (/api/jobs/), stage payloads on GitLab and GitHub, and abuse Ray’s orchestration to pivot laterally, establish persistence via cron jobs, and propagate to other dashboards. Oligo recommends restricting access, enabling authentication on the Ray Dashboard (default port 8265) and using Anyscale’s Ray Open Ports Checker plus firewall rules to reduce accidental exposure.

Emerson Appleton UPSMON-PRO Stack Overflow, RCE

⚠ Emerson's Appleton UPSMON-PRO contains a stack-based buffer overflow that can be triggered remotely via UDP port 2601. A crafted UDP packet can overwrite stack memory and enable arbitrary code execution with SYSTEM privileges if UPSMONProService traffic is not validated; the issue is tracked as CVE-2024-3871 and carries high severity (CVSS v3.1 9.8; CVSS v4 9.3). Affected versions are 2.6 and earlier; Emerson lists the product as End of Life, and CISA advises replacing unsupported units or applying mitigations such as blocking UDP 2601, isolating monitoring networks, filtering oversized packets, and monitoring for service crashes.

Aurora DSQL Adds Statement-Level DPU Cost Estimates

🔍 Amazon Aurora DSQL now surfaces statement-level cost estimates directly in query plans, providing developers immediate visibility into resource use per SQL statement. The EXPLAIN ANALYZE VERBOSE output is extended to append per-category (compute, read, write, and multi-Region write) and total estimated Distributed Processing Unit (DPU) usage. This enhancement offers fine-grained, real-time cost insight that complements CloudWatch metrics, enabling faster identification of cost drivers and more effective query tuning. The feature is available in all Regions where Aurora DSQL is supported.

APT24 Pivot to BADAUDIO Multi-Vector Attacks in Taiwan

🔍 Google Threat Intelligence Group (GTIG) details a three-year espionage campaign by APT24 deploying the obfuscated BADAUDIO downloader to deliver AES-encrypted payloads, including Cobalt Strike beacons. The actor evolved from broad strategic web compromises to targeted supply-chain abuse of a Taiwanese digital marketing firm and spear-phishing lures. BADAUDIO uses DLL search order hijacking, control-flow flattening, and cookie-based beaconing to retrieve decrypted payloads in memory. GTIG added related domains and files to Safe Browsing, issued victim notifications, and published IOCs and YARA rules to support detection and mitigation.

PlushDaemon uses EdgeStepper to hijack DNS and updates

🔒 PlushDaemon, a China-linked APT, has deployed a network implant called EdgeStepper to hijack DNS on compromised routers and redirect update traffic to attacker-controlled servers, according to ESET. The MIPS32 Go-built implant modifies iptables to forward UDP port 53 to a local proxy that substitutes legitimate update IPs with malicious ones. Using the hijacked channel, a downloader chain (LittleDaemon, DaemonicLogistics) delivers the espionage backdoor SlowStepper, enabling credential theft, document exfiltration and audio/video capture.

Fortinet Criticized for Silent Patching of Two Zero-Days

⚠️Fortinet has faced criticism for quietly patching two zero-day vulnerabilities in its FortiWeb WAFs before publicly disclosing them. The first, CVE-2025-64446, is rated critical (CVSS 9.4) and involves a GUI path-traversal plus an authentication-bypass flaw; the second, CVE-2025-58034 (CVSS 6.7), is an OS command injection that may allow authenticated code execution. Both fixes were included in the 8.0.2 update on October 28 and have been observed exploited in the wild, prompting calls for greater transparency and urgent patching.

Salesforce Probes Customer Data Theft via Gainsight Apps

🔒 Salesforce says it revoked active access and refresh tokens tied to Gainsight-published applications after detecting unusual activity that may have enabled unauthorized access to some customers' CRM data. The company says the issue stems from the app's external connection rather than a vulnerability in Salesforce itself and temporarily removed those apps from the AppExchange. Affected customers have been notified and can contact Salesforce Help for assistance.

Festo MSE6 Devices: Hidden Test-Mode Vulnerability

⚠️ Festo disclosed a hidden test‑mode vulnerability in the MSE6 product family that could be abused by a remote, authenticated low‑privileged attacker. The issue, tracked as CVE-2023-3634, carries a CVSS v3.1 score of 8.8 and may permit complete loss of confidentiality, integrity, and availability. Festo plans documentation updates in the next product release; CISA recommends isolating devices, minimizing network exposure, and using firewalls and secured VPNs as mitigations.

Samourai Cryptomixer Founders Sent to Prison in U.S. Case

🔒 The founders of the Samourai Wallet crypto-mixing service, CEO Keonne Rodriguez and CTO William Lonergan Hill, were sentenced after pleading guilty to operating an unlicensed money-transmitting business and laundering funds. Rodriguez received five years and Hill four years in prison, plus fines and three years of supervised release. Authorities seized servers and domains, removed the mobile app, and secured forfeiture of $237,832,360.55 linked to illicit transactions.

Iran-Linked Hackers Mapped Ship AIS, Aided Kinetic Strikes

🔎 An Amazon Integrated Security report describes Iran-linked actors conducting digital reconnaissance to enable real-world attacks, a phenomenon the company terms cyber-enabled kinetic targeting. Researchers attribute AIS and CCTV intrusions to Imperial Kitten (aka Tortoiseshell) between December 2021 and January 2024 that preceded a missile attempt on a commercial vessel. Amazon also links MuddyWater activity in mid-2025 to live camera access in Jerusalem and notes the use of anonymizing VPNs to complicate attribution and refine target selection.

Google Details BadAudio Malware Used by China APT24

🔐 Google Threat Intelligence Group (GTIG) disclosed a previously undocumented loader, BadAudio, used by China-linked APT24 in a multi-year espionage campaign that employed spearphishing, watering-hole infections, and supply-chain compromises. The loader is heavily obfuscated, leverages DLL search-order hijacking and control-flow flattening, and exfiltrates encrypted system data to hard-coded C2 servers. In at least one observed case it delivered an Cobalt Strike Beacon, and many samples remained undetected by most antivirus engines.

Hacker Claims Theft of 2.3TB from Almaviva Affecting FS

🔓 A threat actor claims to have stolen 2.3 terabytes of data from IT services provider Almaviva and posted the material on a dark web forum. The leak reportedly includes confidential documents and sensitive information related to FS Italiane Group, such as internal shares, technical documentation, contracts, HR and accounting archives. D3Lab's Andrea Draghetti says the files are recent (Q3 2025) and not recycled from a 2022 Hive incident. Almaviva confirmed a breach, says affected systems were isolated, and that authorities have been notified while an investigation continues.

Hacker Claims 2.3TB Theft from Italian Rail IT Provider

🔒 A threat actor claims to have stolen 2.3 terabytes of data from Almaviva, the IT services provider linked to Italy's state-owned rail operator, FS Italiane Group. The actor posted the alleged dump on a dark web forum and described the contents as confidential documents, technical files, contracts, HR and accounting archives. Almaviva confirmed a cyberattack affecting corporate systems, said some data were taken, and reported it to national authorities while an investigation is ongoing.

AWS Recycle Bin Extends Support to EBS Volumes Now

♻️ Recycle Bin for Amazon EBS now supports EBS Volumes, allowing you to recover accidentally deleted volumes directly rather than restoring from snapshots. You can create retention rules to protect all volumes or target specific volumes with tags; recovered volumes retain tags, permissions, and encryption and are immediately available at full performance. Volumes in Recycle Bin are billed at standard EBS Volume rates and the capability is available via CLI, SDKs, and the AWS Console across commercial, China, and AWS GovCloud (US) Regions.

UNC2891 Money Mule Network Exposes ATM Fraud Scope

🔍 Group-IB researchers reveal a multi-year ATM fraud campaign by UNC2891 that targeted two Indonesian banks and extended well beyond a Raspberry Pi infiltration. The campaign combined sophisticated malware — including the CAKETAP rootkit — with an extensive money-mule operation that recruited via Google ads and Telegram. Cloned card equipment was shipped to mules, who withdrew cash with real-time TeamViewer support or phone coordination. Group-IB warns banks to reassess ATM security and monitoring.

Amazon MSK Serverless Now Available in São Paulo Region

🚀 Amazon Web Services has made Amazon MSK Serverless generally available in the South America (São Paulo) region, enabling customers to connect Apache Kafka applications without managing cluster capacity. MSK Serverless automatically provisions and scales compute and storage resources on demand, letting teams run Kafka with reduced operational overhead. This expansion aligns São Paulo with AWS's global GA regions.

Comet AI Browser's Embedded API Permits Device Access

⚠️ Security firm SquareX disclosed a previously undocumented MCP API inside the AI browser Comet that enables embedded extensions to execute arbitrary commands and launch applications — capabilities mainstream browsers normally block. The API can be triggered covertly from pages such as perplexity.ai, creating an execution channel exploitable via compromised extensions, XSS, MITM, or phishing. SquareX highlights that the analytics and agentic extensions are hidden and cannot be uninstalled, leaving devices exposed by default.

Opto 22 GRV-EPIC and groov RIO: Remote RCE Vulnerability

⚠️ A remotely exploitable OS command injection in the Opto 22 Groov Manage REST API allows attackers with administrative credentials to inject shell commands that execute as root on affected GRV-EPIC and groov RIO devices. The issue is tracked as CVE-2025-13087 and carries a CVSS v4 base score of 7.5. Opto 22 has released firmware 4.0.3 to address the flaw; users should apply the update promptly. CISA also recommends isolating control networks, minimizing Internet exposure, and monitoring API and system logs for suspicious activity.

UK, US and Allies Sanction Russian Bulletproof Hosters

🔒 Western allies have announced coordinated sanctions targeting three bulletproof hosting providers — Media Land, ML.Cloud and Aeza Group — and four associated Russian executives, including Alexander Volosovik (aka Yalishanda). The measures, backed by the UK, US and Australia, also named UK-registered front Hypercore and aim to seize assets and cut access to legitimate banking channels. Authorities say the hosts supported numerous ransomware and infostealer operations, and Five Eyes nations published guidance to help ISPs and defenders mitigate malicious activity enabled by such services.

EC2 Auto Scaling adds ReplaceRootVolume for live root swaps

🔁 Amazon EC2 Auto Scaling introduces the ReplaceRootVolume strategy for instance refresh, allowing replacement of an instance's root Amazon EBS volume without stopping or terminating the instance. The feature preserves attachments and metadata (network interfaces, elastic IPs) and reduces operational complexity for OS-level updates, patching, and recovery from corrupted root volumes. It is particularly valuable for specialized instance types such as Mac and GPU instances and for stateful applications where data and attachments must be preserved. ReplaceRootVolume is available in select regions at no additional cost beyond standard EC2 and EBS usage.

Amazon EC2 C7i Instances Now in Melbourne Region, Australia

🚀 Amazon EC2 C7i instances are now available in the Asia Pacific (Melbourne) Region, powered by custom 4th Gen Intel Xeon Scalable processors (Sapphire Rapids) exclusive to AWS. They deliver up to 15% better performance over comparable Intel-based offerings and up to 15% better price-performance versus C6i. C7i offers larger sizes up to 48xlarge, two bare-metal sizes (metal-24xl, metal-48xl) with built-in Intel accelerators and supports AMX and up to 128 EBS volumes to scale data-intensive workloads.

CrowdStrike: Political Triggers Reduce AI Code Security

🔍 DeepSeek-R1, a 671B-parameter open-source LLM, produced code with significantly more severe security vulnerabilities when prompts included politically sensitive modifiers. CrowdStrike found baseline vulnerable outputs at 19%, rising to 27.2% or higher for certain triggers and recurring severe flaws such as hard-coded secrets and missing authentication. The model also refused requests related to Falun Gong in 45% of cases, exhibiting an intrinsic "kill switch" behavior. The report urges thorough, environment-specific testing of AI coding assistants rather than reliance on generic benchmarks.

Amazon CloudFront Adds CBOR Web Tokens and CAT Support

🔐 Amazon CloudFront now supports CWT (CBOR Web Tokens) and CAT (Common Access Tokens), providing a compact, binary alternative to JWTs using CBOR and protected with COSE. Developers can validate, generate, and refresh tokens directly in CloudFront Functions with sub-millisecond execution and seamless integration with the CloudFront Functions KeyValueStore for secure key management. CAT extends CWT with fine-grained access controls such as URL patterns, IP restrictions, and HTTP method limits, enabling edge-enforced authorization without additional charge.

Amazon CloudFront Adds TLS 1.3 Support for Origins

🔒 Amazon CloudFront now supports TLS 1.3 for connections to origins, automatically enabled across custom origins, Amazon S3, and Application Load Balancers with no configuration changes required. The upgrade provides stronger encryption and reduced handshake latency, delivering up to 30% faster connection establishment when an origin supports TLS 1.3. CloudFront will negotiate TLS 1.3 where supported while maintaining backward compatibility with older TLS versions. This support is available at no additional charge in all CloudFront edge locations and benefits sensitive workloads such as financial services, healthcare, and e-commerce.

Amazon OpenSearch Serverless Adds PrivateLink for Management

🔒 Amazon OpenSearch Serverless now supports AWS PrivateLink for management console access, enabling private connectivity between your VPC and OpenSearch Serverless without traversing the public internet. This allows administrators to create, manage, and configure serverless resources via a private interface endpoint, reducing reliance on public IPs and firewall-only controls. Data ingestion and query operations continue to require OpenSearch Serverless VPC endpoint configuration. PrivateLink is available in regions where the service is offered and will incur additional VPC endpoint charges.

D-Link Warns of Remote Code Flaws in DIR-878 Routers

⚠️ D-Link has issued an advisory for remotely exploitable command-execution vulnerabilities in its end-of-life DIR-878 router. A researcher using the name Yangyifan (GitHub: yifan20020708) published technical details and proof-of-concept code demonstrating the issues. Four CVEs are listed—three allow unauthenticated remote command execution and one is a USB/physical-access overflow. D-Link recommends replacing EOL units and disabling WAN/remote management until devices are replaced.

CISA Issues Six New Industrial Control Systems Advisories

⚠️ CISA released six Industrial Control Systems (ICS) Advisories on 20 November 2025 to inform operators and administrators about current security issues, vulnerabilities, and potential exploits affecting ICS products. The advisories cover affected products including Automated Logic WebCTRL Premium Server, ICAM365 CCTV camera models, Opto 22 GRV‑EPIC/GRV‑RIO, Festo MSE6 and Festo Didactic lines, and Emerson Appleton UPSMON‑PRO. Administrators are encouraged to review each advisory for technical details and mitigations and to apply vendor guidance promptly to reduce operational and safety risk.

AWS Site-to-Site VPN Partners with eero for Remote Sites

🔒 AWS Site-to-Site VPN is partnering with eero to simplify secure connectivity from remote sites to AWS. Using eero Wi‑Fi access points and gateway appliances, customers can automatically establish VPN tunnels to AWS in a few clicks. The integration is intended to accelerate scaling across hundreds of locations and reduce the need for onsite networking expertise. Available in the US geography.

ThreatsDay: 0-Days, LinkedIn Spying, IoT Flaws, Crypto

🛡️ This week's ThreatsDay Bulletin highlights a surge in espionage, zero-day exploits, and organized crypto laundering across multiple countries. MI5 warned that Chinese operatives are using LinkedIn profiles and fake recruiters to target lawmakers and staff, while researchers disclosed critical flaws like a pre-auth RCE in Oracle Identity Manager and a resource-exhaustion bug in the Shelly Pro 4PM relay. The bulletin also details malicious browser extensions, new macOS stealer NovaStealer, high-profile arrests and sanctions, and continued pressure on crypto-mixing services. Patch, update, and verify identities to reduce exposure.

TamperedChef Malware Uses Fake Installers in Global Campaign

⚠️ Acronis Threat Research Unit (TRU) reports an ongoing global malvertising campaign, dubbed TamperedChef, that employs counterfeit installers masquerading as popular utilities and product manuals to deploy an information-stealer and obfuscated JavaScript backdoors. Operators use SEO poisoning, malicious ads, and abused code-signing certificates from shell companies in the U.S., Panama, and Malaysia to increase trust and evade detection. Installers drop an XML file to create a scheduled task that launches the JavaScript backdoor, which exfiltrates encrypted, Base64-encoded JSON over HTTPS. Infections concentrate in the U.S. and have also been observed in Israel, Spain, Germany, India, and Ireland, with healthcare, construction, and manufacturing among the most affected sectors.

AWS Tag Policies: Validate and Enforce Required Tags

🔒 AWS Organizations Tag Policies introduces Reporting for Required Tags, a validation check that ensures IaC deployments include mandatory tags. You define a tag policy specifying required keys and enable validation for CloudFormation, Terraform, or Pulumi workflows. Validation is implemented by activating the AWS::TagPolicies::TaggingComplianceValidator Hook in CloudFormation, adding plan-time checks in Terraform, or enabling the aws-organizations-tag-policies policy pack in Pulumi. The feature is available via the AWS Management Console, AWS CLI, and AWS SDK in supported Regions.

Tsundere Botnet Expands Using Game Lures and Node.js

🛡️ Kaspersky researcher Lisandro Ubiedo details an expanding Windows-focused botnet named Tsundere that retrieves and executes arbitrary JavaScript from remote command-and-control servers. The threat, active since mid‑2025, has been distributed via fake MSI installers and PowerShell scripts that deploy Node.js, install dependencies (ws, ethers, and pm2) and establish persistence. Operators fetch WebSocket C2 addresses from an Ethereum smart contract to rotate infrastructure, while a control panel enables artifact building, bot management, proxying, and an on-platform marketplace.

Amazon MQ Adds RabbitMQ 4.2 with AMQP 1.0 Support Now

🚀 Amazon MQ now supports RabbitMQ 4.2, bringing native AMQP 1.0 support, a Raft-based metadata store (Khepri), local shovels, and message priorities for quorum queues. The release also includes throughput and memory management improvements and a range of bug fixes. Brokers can be created on m7g instance types via the Console, CLI, or SDKs, with automatic patch-version management and configurable resource limits. Note that mirroring of classic queues is no longer supported; quorum queues remain the sole replicated, durable queue type.

CloudWatch Application Map Adds Un‑instrumented Discovery

🔍 Amazon CloudWatch Application Map now detects and visualizes services that are not instrumented with Application Signals, providing out-of-the-box observability coverage across distributed environments. It also offers cross-account, unified views and retains a history of recent changes so teams can correlate configuration modifications with performance shifts. These enhancements aim to reduce MTTR and are available at no additional cost in most AWS commercial regions.

AWS PCS Adds Slurm REST API for Programmatic Job Control

🔁 The AWS Parallel Computing Service (AWS PCS) now supports the Slurm REST API, enabling programmatic job submission, resource management, and cluster monitoring over HTTP. This removes reliance on CLI-only workflows and lets teams integrate HPC operations into web portals, CI/CD pipelines, and data processing frameworks. The feature is available in all AWS Regions with AWS PCS and has no additional charge.

CTM360 Reveals Global WhatsApp Account-Hacking Campaign

🔒 CTM360 reports a large-scale campaign, dubbed HackOnChat, that deploys deceptive web portals and impersonation pages to compromise WhatsApp accounts worldwide. Attackers rapidly create thousands of malicious URLs on inexpensive domains and web-building platforms, luring users with fake security alerts and lookalike login pages. Once accounts are taken, they are abused to defraud contacts, harvest sensitive data, and expand the scam.

Sturnus Android Trojan Steals Messages and Controls Devices

🔒Sturnus is a new Android banking trojan discovered by ThreatFabric that can capture decrypted messages from end-to-end encrypted apps like Signal, WhatsApp, and Telegram. It abuses Accessibility services and on-screen capture to read message content and deploys HTML overlays to harvest banking credentials. The malware also supports real-time, AES-encrypted VNC remote control and obtains Android Device Administrator privileges to resist removal while targeting European financial customers with region-specific overlays.

Transfer Data Across AWS Partitions with Roles Anywhere

🔐 AWS outlines replacing cross-partition IAM user keys with IAM Roles Anywhere to securely transfer data between AWS partitions. The post explains partition isolation (Commercial, GovCloud, China), why long-lived access keys are discouraged, and how IAM Roles Anywhere uses X.509 certificates and temporary credentials. It also covers using an external CA or AWS Private CA to issue and manage certificates for workloads.

AWS DMS Schema Conversion Adds SAP ASE to PostgreSQL

🤖 AWS Database Migration Service (DMS) Schema Conversion now supports conversions from SAP Adaptive Server Enterprise (ASE) to both Amazon RDS for PostgreSQL and Amazon Aurora PostgreSQL. The integrated generative AI capability helps automatically translate complex database code such as stored procedures, functions, triggers, cursors, and other ASE-specific constructs that traditionally require manual conversion. Schema Conversion also provides detailed assessment reports to help migration teams plan, estimate effort, and reduce risk when executing migrations to PostgreSQL-compatible managed databases on AWS.

Amazon RDS Adds Multi-AZ for SQL Server Web Edition

🔔 Amazon RDS for SQL Server Web Edition now supports Multi‑AZ deployments, providing web‑focused workloads with built‑in high availability and automated failover to a standby replica in a separate Availability Zone. Customers enable the feature by selecting the Multi‑AZ option when configuring their RDS instance; RDS synchronously replicates data and handles failover automatically. This removes the need to move to more expensive SQL Server editions for HA—check pricing and regional availability in the RDS documentation.

Updating CRLs Privately with AWS Private CA and VPC Delivery

🔒 This AWS Security post explains two approaches to make certificate revocation lists (CRLs) available only to internal systems without exposing the S3 CRL bucket to the public internet. The first approach relocates CRLs by using a custom CDP CNAME and an EventBridge‑triggered Lambda that copies generated CRLs from the ACM Private CA S3 bucket to an internal store, with SNS notifications and example Python code. The second approach confines CRL retrieval inside AWS by using a VPC Gateway S3 endpoint, tightly scoped S3 bucket policies, and private Route 53 DNS so CRLs are resolvable and retrievable only from within the VPC.

AWS Offers Microsoft SQL Server 2025 License-Included AMIs

🚀 Amazon EC2 now provides License-Included (LI) AMIs for Microsoft SQL Server 2025, enabling fast deployment of the latest SQL Server release on Windows EC2 instances. These managed images are created and maintained by AWS and default to TLS 1.3 for improved security and performance. AMIs include preinstalled management tools such as AWS Tools for Windows PowerShell, AWS Systems Manager, and AWS CloudFormation, plus network and storage drivers. The images are available in all commercial AWS Regions and AWS GovCloud (US), simplifying provisioning and lifecycle management for enterprise workloads.

Amazon EC2 macOS Tahoe Now Available on Mac Instances

🖥️ Amazon Web Services now publishes Apple macOS Tahoe (v26) as Amazon Machine Images (AMIs) for EC2 Mac instances, enabling developers to build and test with Xcode 26 and the latest Apple platform SDKs. These AMIs run on Apple silicon EC2 Mac instances and are backed by Amazon Elastic Block Store (EBS) for stable, high-performance storage. Images include the AWS CLI, Command Line Tools for Xcode, Amazon SSM Agent, and Homebrew with the AWS Homebrew Tap. macOS Tahoe AMIs are available in all AWS regions that offer Apple silicon Mac instances and can be launched via the Console, CLI, or API.

AWS EC2 High Memory U7i Instances Expand Regions and Sizes

🚀 Amazon Web Services has expanded availability of its EC2 High Memory U7i instances: the u7in-16tb.224xlarge (16TiB) is now in AWS Europe (Ireland); u7i-12tb.224xlarge (12TiB) is available in Asia Pacific (Hyderabad); and u7i-8tb.112xlarge (8TiB) is available in Asia Pacific (Mumbai) and AWS GovCloud (US-West). Powered by custom 4th-gen Intel Xeon Scalable processors (Sapphire Rapids) and DDR5 memory, these instances provide high vCPU counts (up to 896), ENA Express support, up to 100Gbps EBS performance and up to 200Gbps networking on the 16TiB size, making them suited for mission-critical in-memory databases like SAP HANA, Oracle, and SQL Server.

Amazon EC2 Adds AMI Ancestry for Complete Lineage Visibility

🔍 Amazon EC2 now publishes AMI ancestry, enabling you to trace an AMI’s full lineage from its immediate parent back to the root across regions. This built‑in visibility replaces manual tagging and cross‑region record‑keeping, simplifying compliance audits and incident response. AMI ancestry is accessible via the AWS CLI, SDKs, and Console at no additional cost. It helps quickly identify all derived AMIs when a vulnerability is discovered in an ancestor, improving remediation speed and reducing operational risk.

Amazon CloudFront Adds Three Functions Enhancements

🔧 Amazon announced three new CloudFront Functions capabilities: edge location and Regional Edge Cache (REC) metadata, raw query string retrieval, and advanced origin overrides. CloudFront Functions runs lightweight JavaScript at edge locations with sub-millisecond execution, and these additions give developers direct visibility into serving edges and expected RECs. The raw query string preserves exact viewer input for precise parsing and compliance, while advanced origin overrides let teams customize SSL/TLS handshake behavior, including SNI, to support multi-tenant and complex backend configurations.

Amazon Redshift Serverless Lowers Minimum to 4 RPUs

🚀 Amazon Redshift Serverless now offers a lower base capacity of 4 RPUs, reducing the prior minimum from 8 RPUs and enabling entry-level analytics at roughly $1.50 per hour. Each RPU provides 16 GB of memory, so the 4‑RPU configuration supplies up to 64 GB of memory and supports up to 32 TB of Redshift managed storage with limits such as 100 columns per table. The configuration is available in multiple Asia Pacific, European, Middle East, African and Mexico regions and is suited for both development and lightweight production workloads. You continue to pay per-second for active RPU-hours, helping lower cost for sporadic or small-scale analytics.

New SonicWall SonicOS Flaw Lets Attackers Crash Firewalls

⚠️ SonicWall has released patches for a high-severity SonicOS SSLVPN vulnerability (CVE-2025-40601) that can trigger a stack-based buffer overflow and remotely crash Gen7 and Gen8 firewalls. The company says the flaw allows a remote unauthenticated attacker to cause a DoS but reports no active exploitation or public PoC. Fixed versions are 7.3.1-7013+ for Gen7 and 8.0.3-8011+ for Gen8; admins unable to patch should disable SSLVPN or restrict access.

ALB Target Optimizer: Per-Target Concurrency Control

🔧 Application Load Balancer now includes Target Optimizer, which enforces a maximum number of concurrent requests per target to align load with processing capacity. You enable it by creating a target group with a target control port and running an AWS-provided agent on each target. The feature can be configured per target group and is available in AWS Commercial, GovCloud (US), and China Regions. Note that enabled target groups consume additional LCUs and may increase costs.

CISA Issues Guidance to Combat Bulletproof Hosting Abuse

🔒 CISA, together with US and international partners, has published a joint guide addressing bulletproof hosting (BPH) services that enable ransomware, phishing, malware delivery and other attacks. The guidance explains how BPH providers lease or resell infrastructure to criminals, enabling fast-flux operations, command-and-control activity and data extortion while evading takedowns. It recommends concrete defensive actions — including curating a high confidence list of malicious internet resources, continuous traffic analysis, automated blocklist reviews, network-edge filters, threat intelligence sharing and feedback processes — to help ISPs and network defenders reduce abuse while limiting collateral impact.

97% of Companies Hit by Supply Chain Breaches, BlueVoyant

🛡️ A BlueVoyant survey finds 97% of organizations were negatively impacted by a supply chain breach, up sharply from 81% in 2024. The State of Supply Chain Defense: Annual Global Insights Report 2025, published 20 November, shows many firms are maturing TPRM programs and shifting oversight into cyber or IT teams. Despite increased maturity, respondents report persistent issues such as lack of executive buy-in, compliance-first approaches, limited integration with enterprise risk frameworks, and a trend of adding vendors faster than they add visibility or remediation capacity.

Festo Didactic: TIA Portal Path Traversal Vulnerability

🔒 Festo reported a path traversal vulnerability in Siemens TIA Portal (V15–V18) as deployed on Festo Didactic hardware. Tracked as CVE-2023-26293 with a CVSS v3.1 base score of 7.8, the flaw can allow creation or overwriting of arbitrary files and could lead to arbitrary code execution if a user opens a crafted project file. The issue requires user interaction and is not remotely exploitable; Festo and CISA recommend applying Siemens updates and following standard protections against malicious files and social engineering.

iCam365 P201/QC021 Camera: Unauthenticated ONVIF/RTSP Access

🔒 CISA reports that iCam365 ROBOT PT Camera P201 and Night Vision Camera QC021 (versions 43.4.0.0 and prior) allow unauthenticated access to ONVIF and RTSP services. Successful exploitation could expose live video streams and camera configuration data. Two CVEs were assigned (CVE-2025-64770 and CVE-2025-62674), with CISA-calculated CVSS v4 base scores of 7.0 and CVSS v3.1 scores of 6.8. iCam365 did not respond to CISA; recommended mitigations include network isolation, firewalling, and use of secure remote access methods.

Automated Logic WebCTRL: Open Redirect and XSS Fix

🔒 Automated Logic's WebCTRL servers and related products are affected by an open redirect (CVE-2024-8527) and a reflected XSS vulnerability (CVE-2024-8528) impacting versions 6.1, 7.0, 8.0, and 8.5. The open redirect carries high severity (CVSS v3.1 9.3; v4 8.6) while the XSS stems from an unsanitized "wbs" GET parameter (CVSS v3.1 7.5; v4 5.4). Automated Logic reports remediation in WebCTRL 9.0 and advises upgrades; CISA recommends minimizing device exposure, using firewalls and secure remote access, and following anti-phishing best practices. CISA notes no known public exploitation and states the vulnerabilities are not remotely exploitable as described.

Amazon Braket Adds AQT IBEX Q1 Trapped-Ion QPU in Europe

🔬 Amazon Braket now offers access to IBEX Q1, a 12-qubit trapped-ion QPU from Alpine Quantum Technologies (AQT) featuring full all-to-all connectivity that eliminates the need for intermediate SWAP gates. The device is available on-demand and via Hybrid Jobs, and customers can reserve dedicated capacity through Braket Direct with hourly pricing and no upfront commitments. IBEX Q1 runs in the Europe (Stockholm) Region with launch access Tuesdays and Wednesdays 09:00–16:00 UTC. Accredited researchers may apply for AWS Cloud Credits for Research to support experiments.

Amazon Connect Adds Persistent Agent Connection Feature

📞 Amazon Connect now supports a persistent agent connection that keeps an open channel between agents and the service after a call ends. Administrators can enable the feature per agent profile to reduce customer connect time and help meet telemarketing compliance such as the U.S. Telephone Consumer Protection Act (TCPA) for outbound campaigns. The capability is available in all Amazon Connect regions and carries no additional charge beyond standard Amazon Connect usage and telephony fees.

Agentic AI Reshapes Cybercrime and Defensive Options

🤖Agentic AI gives autonomous agents the ability to access external systems, gather information, and take actions within defined workflows, making routine multi-system tasks far more efficient for human operators. Cisco Talos warns this efficiency is already being mirrored in the cyber crime economy, including the first observed AI-orchestrated campaign in early 2025. While AI lowers barriers to entry and speeds operations for attackers, it is imperfect and still requires skilled instruction and human oversight. Defenders can respond by building their own agentic tools, deploying honeypots to engage malicious agents, and refining detection to stay ahead.

AWS Glue Adds Zero-ETL Support for More SAP Entities

🔄 AWS Glue now provides full snapshot and incremental zero-ETL ingestion for additional SAP entities. The update adds snapshot ingestion for entities without deletion tracking and timestamp-based incremental loads for non-ODP systems, extending existing ODP support. Organizations can ingest SAP data directly into Amazon Redshift or the lakehouse architecture used by Amazon SageMaker, reducing engineering effort and operational complexity. This feature is available in all Regions where AWS Glue zero-ETL is offered.

EC2 Auto Scaling adds instance lifecycle retention policy

🛡️ EC2 Auto Scaling introduces an instance lifecycle policy that lets you retain instances when lifecycle hooks fail or time out, enabling manual intervention for graceful shutdowns. Previously, the default continue or abandon outcomes both resulted in instance termination after a timeout; the new policy adds configurable retention triggers to keep instances in a retained state. This is particularly helpful for stateful applications that need to save local data, close database connections, deregister from discovery, or remove sensitive credentials before termination. The feature is available in US East (N. Virginia), US West (Oregon), Europe (Ireland), and Asia Pacific (Singapore).

AWS Site-to-Site VPN Adds BGP Logging for Tunnels Now

🔍 AWS Site-to-Site VPN now publishes Border Gateway Protocol (BGP) logs from VPN tunnels to Amazon CloudWatch, providing deeper visibility into routing and session behavior. Previously, customers only had access to IKE/IPSec tunnel activity logs; the new BGP logs show session status, transitions, routing updates, and detailed error states. With both tunnel and BGP logs in CloudWatch, teams can correlate events, speed troubleshooting, and identify configuration mismatches between AWS endpoints and customer gateways across commercial Regions and AWS GovCloud (US).

Black Friday Cybercrime Surge: Rise in Fraudulent Domains

🔒 Check Point Research reports a significant increase in Black Friday–themed domain registrations, with about 1 in 11 newly registered domains classified as malicious. Brand impersonation is a primary tactic: roughly 1 in 25 new domains referencing marketplaces like Amazon, AliExpress, and Alibaba are flagged. Attackers create convincing fake storefronts that copy logos, layouts, and imagery to harvest credentials and payment data, with recent campaigns impersonating HOKA and AliExpress demonstrating active phishing tied to seasonal promotions.

Amazon QuickSight Adds Advanced Dashboard Theme Controls

🎨 Amazon QuickSight now provides expanded dashboard theming to help organizations maintain consistent brand identity across analytics dashboards and embedded experiences. Authors can customize interactive sheet backgrounds with gradients and angles, implement sophisticated card styling with configurable borders and opacity, and control typography for titles and subtitles at the theme level. These theme-level controls help ensure visual consistency across departments and enable embedded dashboards to match host application styling so analytics appear native. The enhancements address enterprise needs for professional, brand-aligned presentation and are available in all supported QuickSight regions.

AI Risk Guide: Assessing GenAI, Vendors and Threats

⚠️ This guide outlines the principal risks generative AI (GenAI) poses to organizations, categorizing concerns into internal projects, third‑party solutions and malicious external use. It urges inventories of AI use, application of risk and deployment frameworks (including ISO, NIST and emerging EU standards), and continuous vendor due diligence. Practical steps include governance, scoring, staff training, basic cyber hygiene and incident readiness to protect data and trust.

Massive Scan Campaign Targets GlobalProtect VPN Portals

🔎 GreyNoise reports a roughly 40x surge in malicious scans against Palo Alto Networks GlobalProtect VPN login portals beginning November 14, with about 2.3 million sessions hitting the /global-protect/login.esp endpoint between Nov 14–19. Activity focused on the United States, Mexico, and Pakistan and is linked to recurring TCP/JA4t fingerprints and ASN reuse, notably AS200373 and AS208885. GreyNoise recommends treating these probes as active reconnaissance — block and monitor attempts rather than dismissing them.

Google Says Chinese Group Sells Phishing 'Lighthouse' Kits

🔍 Google filed a court complaint alleging a "cybercriminal group in China" sold branded "Lighthouse" phishing kits that let unsophisticated fraudsters run large-scale SMS and e-commerce scams. The kits bundle hundreds of fake-website templates, domain setup tools, and subscription licenses offered weekly, monthly, seasonal, annual, or permanent. Campaigns often begin with texts about overdue tolls or package redelivery and sometimes appear as ads (including ads that persisted until Google suspended accounts). Victims who click are redirected to fraudulent sites that solicit passwords, credit card numbers, or payments purportedly accepted via wallets such as Google Pay.

Gartner: Shadow AI to Cause Major Incidents by 2030

🛡️ Gartner warns that by 2030 more than 40% of organizations will experience security and compliance incidents caused by employees using unauthorized AI tools. A survey of security leaders found 69% have evidence or suspect public generative AI use at work, increasing risks such as IP loss and data exposure. Gartner urges CIOs to set enterprise-wide AI policies, audit for shadow AI activity and incorporate GenAI risk evaluation into SaaS assessments.

Smashing Security Ep 444: Honest Breach and Hotel Phish

📰 In episode 444 of the Smashing Security podcast Graham Cluley and guest Tricia Howard examine a refreshingly candid breach response where a company apologised and redirected a ransom payment to cybersecurity research, illustrating how legacy systems can still magnify risk. They unpack a sophisticated hotel-booking malware campaign that abuses trust in apps and CAPTCHAs to deliver PureRAT. The hosts also discuss the rise of autonomous pen testing, AI-turbocharged cybercrime, and practical questions CISOs should be asking on Monday morning, with a featured interview featuring Snehal Antani from Horizon3.ai.

Photocall IPTV Piracy Platform with 26M Users Shut Down

🛑 Photocall, a major illicit TV streaming platform serving over 26 million annual visitors, has ceased operations following a joint investigation and settlement with ACE and DAZN. The site provided unauthorized access to 1,127 channels across 60 countries, including live sports such as MotoGP and Formula 1, as well as Serie A, NFL, NHL and club channels. Operators agreed to transfer all domains to ACE, which now redirects them to its Watch Legally portal. Visitor data showed nearly 30% of traffic from Spain, with significant audiences in Mexico, Germany, Italy and the United States.

Kinesis Data Streams: 50 Enhanced Fan-Out Consumers

🚀 Amazon Kinesis Data Streams now supports up to 50 enhanced fan-out consumers for accounts using On-demand Advantage. The higher consumer limit enables many independent, low-latency, high-throughput applications—such as parallel analytics, machine learning pipelines, and compliance workflows—to attach to the same stream without creating extra streams or causing throughput contention. On-demand Advantage is an account-level setting that changes pricing and capabilities, offering data ingest at $0.032/GB and data retrieval and enhanced fan-out retrieval at $0.016/GB, making high fan-out workloads more cost effective. Existing RegisterStreamConsumer API calls continue to register enhanced fan-out consumers up to the 50-consumer limit.

Sturnus Android Banking Trojan Targets Southern Europe

🛡️ ThreatFabric has detailed a new Android banking trojan named Sturnus that combines screen-capture, accessibility abuse, and overlays to steal credentials and enable full device takeover. The malware captures decrypted messages from WhatsApp, Telegram, and Signal by recording the device screen, serves region-specific fake banking login screens, and contacts operator servers via WebSocket/HTTP to receive encrypted payloads and enable remote VNC-style control. It resists cleanup by blocking uninstallation and leveraging administrator privileges.

Amazon Braket Adds Per-Device Spending Limits for QPUs

🔒 Amazon Braket now lets customers set per-device spending limits for quantum processing units (QPUs), enabling tighter cost controls and automated validation of task submissions. Tasks that would exceed remaining budgets are rejected at submission, and limits apply only to on-demand QPU tasks—not to simulators, notebook instances, hybrid jobs, or Braket Direct reservation tasks. Available now in all supported AWS Regions at no additional charge, limits can be updated or deleted any time; researchers may also apply for AWS Cloud Credits for Research to offset experiments.

Mozilla Ends Partnership with Onerep After Investigation

🛡️ Mozilla announced it will end its partnership with Onerep and discontinue Monitor Plus on Dec. 17, 2025. Current subscribers will retain access through the wind-down period and receive prorated refunds for any unused portion of their subscriptions. Mozilla said it will continue to offer its free Monitor breach service integrated with Firefox’s credential manager and is focusing on integrating more privacy and security features, including its VPN. The company cited high vendor standards and the realities of the data broker ecosystem as reasons for ending the collaboration after reporting revealed Onerep’s founder maintained ties to other people-search services.

Technician Sentenced Over Secret Crypto Mining at Wind Farms

🔒 A technical manager at Dutch wind operator Nordex was sentenced to 120 hours of community service after installing three cryptocurrency mining rigs and two Helium network nodes on the company's internal network between August and November 2022. The rigs were plugged into a substation router and hotspots placed inside turbines at two sites while the firm was recovering from a Conti ransomware attack. He must pay €4,155.65 to Nordex and an equal sum to the state, highlighting the risks of privileged insider access.

Attack Surface Management: 12 Tools to Harden Perimeter

🔒 Regular network scans are no longer sufficient to secure modern environments. This article reviews a dozen Attack Surface Management solutions—covering both CAASM and EASM approaches—that automate asset discovery, continuous monitoring, and risk prioritization. Vendors highlighted include Axonius, CrowdStrike, Microsoft Defender, Palo Alto Xpanse, and others that integrate with existing SOC tooling and often leverage agentic AI to assist detection and remediation. It concludes with seven practical questions to evaluate ASM needs, automation, remediation paths, and pricing models.

AWS India Adds UPI AutoPay for New Account Sign‑Up

🔔 AWS now lets customers in India sign up using UPI AutoPay as the default payment method, replacing the prior card-only requirement. Users add and verify a UPI ID in the AWS console, confirm their billing address, and approve an authorization request in their UPI app to enable recurring payments up to INR 15,000. After verification, future invoices up to that limit are charged automatically from the next billing cycle, reducing manual payment steps and the risk of missed payments.

Turn Windows 11 Migration into a Security Opportunity

🔒 Organizations should treat the Windows 11 migration as a strategic security opportunity rather than a routine OS update. While some users resist moving from Windows 10 or explore alternatives like Linux or legacy releases, those choices can introduce operational headaches and security gaps, especially as Microsoft phases out support. Use the transition to validate backups, recovery objectives, and patch posture to reduce exposure to unpatched vulnerabilities that increasingly target MSPs and their clients.

3 Ways CISOs Can Win Over Their Boards This Budget Season

🔒 As CISOs finalize next year’s cybersecurity budgets, winning board approval requires translating technical needs into business value. First, quantify risk in financial terms—estimate value at risk across worst-, best- and most‑likely scenarios, using industry reports, internal experts and vendor assessments to model direct losses, business interruption and reputational impact. Second, go beyond compliance: reserve budget for emerging threats (generative AI, quantum, third‑party risk) and repurpose existing line items such as Data Security Posture Management, SASE and GRC hours to limit net new spend. Third, know thy board and tailor your message—use dollars-and-cents for finance‑focused directors and vivid attack narratives for others, while maintaining regular engagement year-round.

OSINT Playbook: Identifying and Mitigating Public Exposures

🔍 OSINT is the disciplined practice of collecting and analysing publicly available information to produce actionable intelligence for security teams, journalists and researchers. The article outlines how practitioners use OSINT to discover exposed assets, support penetration testing, track threat actor activity and monitor reputational issues. It highlights common tools such as Shodan, Maltego and SpiderFoot, describes techniques like Google Dorking and metadata analysis, and stresses responsible, lawful investigation and rigorous sourcing to reduce error and privacy risk.

An Open Letter to Cybersecurity Vendors and Investors

🔊 The cybersecurity market is awash in noise: vendors and investors chase flashy pitches while the long-standing vulnerabilities that cause real breaches remain neglected. The author argues CISOs don’t buy technology so much as they buy reduced risk and confidence, so purchases must fit roadmaps, integrate cleanly, and be sustainable. He prioritizes visibility, identity, automation that empowers people, and tools that reinforce fundamentals like patching and segmentation. Hype, overlapping products, and complexity are rejected in favor of practical reliability.