Cloud Platforms Add Encryption, Agentic IR, and AI-Ready Scale

BigQuery AI: Unified ML, Generative AI, and Agents

🤖 BigQuery AI consolidates BigQuery’s built-in ML, generative AI functions, vector search, and agent tools into a unified platform. It enables users to apply generative models and embeddings directly via SQL, perform semantic vector search, and run end-to-end ML workflows without moving data. Role-specific data agents and assistive features like a data canvas and code completion accelerate work for engineers, data scientists, and business users.

Agentic AI Framework for Life Sciences R&D on Google Cloud

🔬 Google Cloud outlines an agentic AI framework to accelerate life sciences R&D by orchestrating specialized, fine-tunable models into modular workflows. It describes four agents—MedGemma for deep literature and data synthesis, TxGemma for in-silico preclinical prediction, Gemini 2.5 Pro as the cognitive orchestrator, and AlphaFold-2 plus docking tools for molecular design. The architecture maps data flows, tooling, and cloud services (Vertex AI, HPC, search) to move from target discovery through iterative Design→Dock→Predict→Refine cycles toward lab-ready lead nomination while preserving version control and compliance.

AWS Security Incident Response Adds Agentic AI Investigator

🔍 AWS Security Incident Response now offers an agentic AI investigative capability that automatically gathers, correlates, and summarizes evidence across AWS data sources. The investigative agent assesses new cases, asks submitters clarifying questions for missing indicators or timeframes, and collects logs from AWS CloudTrail, AWS Identity and Access Management (IAM), Amazon EC2, and AWS Cost Explorer. Findings are presented as clear, actionable summaries, and the feature is enabled automatically at no extra cost in supported Regions.

AWS preview: Fully managed MCP servers for EKS and ECS

🔔 Amazon EKS and ECS now offer fully managed MCP servers in preview, providing a cloud-hosted Model Context Protocol endpoint to enrich AI-powered development and operations. These servers remove local installation and maintenance, and deliver enterprise features such as automatic updates and patching, centralized security via AWS IAM, and audit logging through AWS CloudTrail. Developers can connect AI coding assistants like Kiro CLI, Cursor, or Cline for context-aware code generation and debugging, while operators gain access to a knowledge base of best practices and troubleshooting guidance.

AWS VPC Encryption Controls: Audit and Enforce AES-256

🔒 AWS launched VPC Encryption Controls to simplify auditing and enforcement of encryption in transit within and across Amazon Virtual Private Clouds. You can enable it on existing VPCs to monitor encryption status of traffic flows, identify resources that permit plaintext, and generate audit logs for compliance. The feature can also transparently enable hardware-based AES-256 encryption on traffic between supported resources such as AWS Fargate, Network Load Balancers and Application Load Balancers.

Amazon SageMaker notebooks with built-in AI agent experience

🤖 Amazon SageMaker introduces a serverless notebook experience that consolidates SQL, Python, and natural-language workflows into a single interactive workspace for analytics and ML. The environment is backed by Amazon Athena for Apache Spark to scale from interactive queries to petabyte-scale processing without pre-provisioned infrastructure. A built-in AI agent generates code and SQL from natural-language prompts to accelerate development, and the feature is available via SageMaker Unified Studio's one-click onboarding in multiple AWS Regions.

Amazon SageMaker HyperPod Adds IDE and Notebook Support

🚀 Amazon SageMaker HyperPod now supports running IDEs and Notebooks on persistent EKS-based HyperPod clusters, allowing developers to run JupyterLab, Code Editor, or connect local IDEs directly to GPU-backed compute. Developers can share data across interactive sessions and training jobs via mounted file systems such as FSx and EFS, and use familiar tools including the HyperPod CLI. Administrators gain unified governance through HyperPod Task Governance and visibility into CPU, GPU, and memory consumption via HyperPod Observability, helping optimize cluster utilization. The feature is available in all AWS Regions that support HyperPod, excluding China and GovCloud (US).

AWS Security Incident Response: AI Investigative Agent

🔎 The new AI-powered investigative agent in AWS Security Incident Response automates evidence collection, correlation, and timeline building to speed incident investigations from hours to minutes. It interactively asks clarifying questions, queries CloudTrail, IAM, EC2, and cost data, and summarizes critical findings and timelines. The capability is available now across commercial AWS Regions and is included with the service’s metered pricing.

Agentic AI Security Scoping Matrix for Autonomous Systems

🤖 AWS introduces the Agentic AI Security Scoping Matrix to help organizations secure autonomous, tool-enabled AI agents. The framework defines four architectural scopes—from no agency to full agency—and maps escalating security controls across six dimensions, including identity, data/memory, auditability, agent controls, policy perimeters, and orchestration. It advocates progressive deployment, layered defenses, continuous monitoring, and retained human oversight to mitigate risks as autonomy increases.

Amazon EKS Provisioned Control Plane for High Performance

🚀 Amazon EKS introduced Provisioned Control Plane, letting customers select pre-defined control plane capacity tiers for new or existing clusters via APIs, the AWS Console, or infrastructure-as-code. The feature pre-provisions capacity to deliver predictable, low-latency control plane performance during traffic spikes and unpredictable bursts. It unlocks higher cluster scalability for ultra-scale workloads such as AI training, high-performance computing, and large data processing, and helps align development, staging, production, and disaster recovery behavior.

AWS Announces Amazon ECS Express Mode for Fast Deploys

🚀 Amazon Web Services today introduced Amazon ECS Express Mode, a managed deployment option that helps developers rapidly launch containerized web applications and APIs with minimal configuration. Every Express Mode service is assigned an AWS‑provided domain and supports public or private HTTPS, autoscaling, and ALB-based traffic distribution. The feature can consolidate up to 25 Express Mode services behind a single Application Load Balancer while preserving isolation through intelligent rule-based routing. All provisioned resources remain in your AWS account and are fully accessible; Express Mode is available now in all AWS Regions at no additional service charge — you pay only for the underlying AWS resources used.

Amazon Bedrock Data Automation: Synchronous Image Processing

🚀 Amazon Bedrock Data Automation (BDA) now supports synchronous image processing, enabling low-latency extraction of structured insights from visual content. Synchronous APIs complement existing asynchronous workflows, removing the need for polling or callbacks and simplifying application architecture. BDA supports Standard Output for common analyses and Custom Output via Blueprints for industry-specific field extraction.

Amazon EC2 Image Builder Enables Flexible AMI Distribution

🚀 Amazon has expanded EC2 Image Builder with flexible AMI distribution features that let you distribute existing AMIs, retry failed distributions, and create custom distribution workflows. Distribution workflows introduce sequential steps—such as AMI copies, wait-for-action checkpoints, and attribute modifications—to support staged rollouts and approval gates with the same step-level visibility as build and test workflows. These capabilities work across regions and accounts and are available at no extra cost.

Amazon ECS and EKS Add AI-Powered Troubleshooting in Console

🔍 The AWS Management Console now integrates Amazon Q Developer AI-assisted troubleshooting directly into Amazon ECS and Amazon EKS. Contextual 'Inspect with Amazon Q' controls appear alongside error and status messages to gather relevant logs and metrics, analyze root causes, and present one-click mitigation suggestions. The experience covers failed tasks, container health checks, deployment rollbacks, cluster and node health, and Kubernetes pod events, and is available in all AWS commercial regions.

Bedrock Guardrails: Natural-Language Test Generation

🧪 Amazon Web Services has added natural-language test Q&A generation to Automated Reasoning checks in Amazon Bedrock Guardrails. The capability generates up to N test Q&As from input documents to accelerate creating and validating formal verification policies. Automated Reasoning checks apply formal methods to detect correct model outputs and report up to 99% accuracy in identifying correct responses and reducing hallucinations. The feature is available in multiple US and EU Regions and accessible via the Bedrock console and Python SDK.

Amazon EMR 7.12 Adds Apache Iceberg v3 Table Format

🆕 Amazon EMR 7.12 now supports the Apache Iceberg v3 table format (Iceberg 1.10) and includes Apache Spark 3.5.6. This update reduces storage and pipeline costs by marking deleted rows instead of rewriting files, while adding automatic row-level history for stronger governance and change-data capture. It also introduces table-level encryption and integrates with AWS Lake Formation. Apache Trino 476 is included, and EMR 7.12 is available in all Regions that support EMR.

Building the Largest Known GKE Cluster: 130,000 Nodes

🚀 Google Cloud engineers demonstrated an experimental GKE cluster running 130,000 nodes to validate extreme scalability for AI/ML workloads. The test sustained control-plane throughput near 1,000 operations per second, supported over one million datastore objects, and achieved a baseline of 130,000 Pods launching in 3 minutes 40 seconds. The project combined API-server caching KEPs, a Spanner-backed key-value storage backend, and job-level orchestration via Kueue to enable predictable admission, rapid preemption, and efficient utilization at massive scale.

Amazon SageMaker Data Agent for Analytics and ML Development

🤖 Amazon SageMaker Data Agent is a built-in AI agent in the new notebook experience that accelerates analytics and ML development. It translates natural-language prompts into detailed execution plans and generates SQL and Python code, while staying aware of notebook context and data catalog metadata. Available in multiple AWS regions, it speeds common tasks like data transformation, statistical analysis, and model prototyping.

AWS Organizations adds upgrade rollout policy for RDS

🔔 AWS Organizations now supports an upgrade rollout policy for Amazon Aurora and Amazon RDS, enabling staggered automatic minor version upgrades across accounts and resources. Administrators can define simple sequences (first, second, last) via account-level policies or resource tags so upgrades begin in development and progress to production only after validation. AWS Health notifications between phases, built-in validation periods, and the ability to pause progression provide control and observability. The feature is available in all commercial Regions and AWS GovCloud (US); RDS for Oracle support applies to engine versions released after January 2026.

AWS Load Balancers Add Post-Quantum TLS Key Exchange

🔐 AWS Application Load Balancers (ALB) and Network Load Balancers (NLB) now offer an opt-in post-quantum TLS (PQ-TLS) key exchange option. The new PQ-TLS security policies use hybrid key agreement that combines classical algorithms with post-quantum KEMs including the standardized ML-KEM, protecting against 'harvest now, decrypt later' attacks. Available at no extra cost across AWS Commercial, GovCloud (US), and China Regions, the feature requires explicit listener updates and supports monitoring via ALB connection logs and NLB access logs.

API Gateway Adds Private ALB Integration for REST APIs

🔗 Amazon API Gateway REST APIs now support private integration with Application Load Balancer (ALB), enabling direct inter‑VPC connectivity to internal ALBs. This removes the previously required Network Load Balancer hop, which can reduce latency and simplify deployments. The integration brings Layer 7 capabilities — such as HTTP/HTTPS health checks, advanced request‑based routing, and native container service alignment — while retaining NLB-based layer‑4 options.

Vertex AI Studio adds Gemini tools for faster builds

🚀 Vertex AI Studio now centers developer workflows around Gemini and introduces agents-as-tools to streamline prompt engineering and app creation. The Studio adds three core agent commands — /Prompt, /Evaluate, and /Build — to refine prompts, assess outputs with custom autoraters, and generate working code. Team features include cross-account prompt sharing, version history, and notes. Onboarding is simplified with one-click API keys, an /Ask helper, express mode, and loginless model trials.

Amazon EMR Serverless Adds Apache Spark 4.0.1 (Preview)

🚀 Amazon EMR Serverless now supports Apache Spark 4.0.1 (preview), enabling teams to build data pipelines using standard ANSI SQL and native VARIANT types for semi-structured data. The release adds Apache Iceberg v3 table format to provide transactional guarantees and audit-ready change tracking. Improved streaming controls make it easier to manage stateful, real-time applications and monitor streaming jobs.

Amazon Athena for Apache Spark Integrated with SageMaker

🚀 Amazon SageMaker now supports Amazon Athena for Apache Spark, combining a new notebook experience with a fast serverless Spark runtime in a single workspace. Data engineers, analysts, and data scientists can query data, run Python, develop jobs, train models, and visualize results with no infrastructure to manage and second-level billing. The service runs Spark 3.5.6, is optimized for Apache Iceberg and Delta Lake, and adds debugging, real-time Spark UI monitoring, and secure Spark Connect communication. Table-level access controls are enforced through AWS Lake Formation.

AWS Payments Cryptography Adds Hybrid Post-Quantum TLS

🔐 AWS Payments Cryptography now supports hybrid post-quantum TLS to protect API calls and long-lived data-in-transit using ML-KEM-based PQC. This helps enterprises mitigate “harvest now, decrypt later” risks by combining classical and post-quantum key establishment. Customers enable PQ-TLS by upgrading to a compatible AWS SDK or browser and can verify sessions via tlsDetails in CloudTrail. The capability is generally available across Regions at no added cost.

AWS Adds Second-Generation Outposts Racks in Tokyo

📣 Second-generation AWS Outposts racks are now supported in the AWS Asia Pacific (Tokyo) Region. Organizations in and outside Japan can order Outposts racks connected to this region to optimize latency and meet data residency requirements while running low-latency workloads on-premises. Outposts extends AWS infrastructure, services, APIs, and tools into customer data centers or colocation spaces and connects back to a home Region for centralized management.

Aurora DSQL Adds Python, Node.js, and JDBC Connectors

🔐 Aurora DSQL now provides Python, Node.js, and JDBC Connectors that transparently handle IAM token generation for standard PostgreSQL drivers. The connectors integrate with psycopg/psycopg2, node-postgres, Postgres.js, and the PostgreSQL JDBC driver and support common pooling libraries such as HikariCP and built-in pooling in Node.js and Python. By automatically generating IAM tokens via the AWS SDK for each connection, they remove the need for custom token code or manual token provisioning, reducing reliance on static database passwords while preserving existing driver features and workflows.

Google: Leader in 2025 Gartner Magic Quadrant for CDBMS

📈 Google announces it was named a Leader in the 2025 Gartner Magic Quadrant for Cloud Database Management Systems for the sixth consecutive year and positioned furthest in vision. The post presents the company's AI-native Data Cloud—a unified stack integrating BigQuery, Spanner, AlloyDB, Looker, and Dataplex—to support agentic AI. Google highlights embedded specialized agents, developer tooling (Data Agents API, ADK, Gemini CLI) and Agent Analytics in BigQuery to accelerate AI-driven applications while asserting cost and governance benefits on a single, open platform.

Grafana fixes critical SCIM flaw enabling user impersonation

🔒 Grafana has released security updates to address a maximum-severity flaw (CVE-2025-41115) in its SCIM provisioning component that can enable user impersonation or privilege escalation under specific configurations. The issue allows a malicious or compromised SCIM client to provision a user with a numeric externalId that may be mapped to an internal user ID. It affects Grafana Enterprise 12.0.0–12.2.1 and was fixed in 12.0.6+security-01, 12.1.3+security-01, 12.2.1+security-01 and 12.3.0. Grafana discovered the bug during an audit on November 4, 2025 and urges immediate patching.

Amazon SageMaker One-Click Onboarding for Existing Data

✨ Amazon SageMaker now offers one-click onboarding of existing AWS datasets into Amazon SageMaker Unified Studio, letting customers begin data work in minutes while retaining their current IAM roles and permissions. The feature provisions a pre-configured serverless notebook with a built-in AI agent that supports SQL, Python, Spark, and natural language. Users can start from SageMaker, Amazon Athena, Amazon Redshift, or Amazon S3 Tables consoles and the setup imports permissions from AWS Glue Data Catalog, Lake Formation, and S3 to accelerate first use.

AWS License Manager: Organization-wide License Asset Groups

📦 AWS License Manager now offers license asset groups, a centralized capability to manage commercial software licenses across AWS regions and accounts in an organization. The enhancement delivers organization-wide visibility with customizable grouping and automated reporting so customers can track expiry dates, streamline audit responses, and take data-driven renewal actions. The feature is available in all commercial regions where License Manager is offered.

Amazon EKS add-on: AWS Secrets Store CSI Driver Provider

🔐 AWS has announced general availability of the Amazon EKS add-on for the AWS Secrets Store CSI Driver provider, enabling clusters to mount secrets from AWS Secrets Manager and parameters from AWS Systems Manager Parameter Store as files on Kubernetes workloads. The add-on installs and manages the AWS provider component and supports automated setup and lifecycle management for new and existing Amazon EKS clusters. It is available in all AWS commercial and AWS GovCloud (US) Regions.

AWS CloudFormation StackSets Adds Deployment Ordering

🧭 AWS CloudFormation StackSets now supports deployment ordering in auto-deployment mode, allowing you to define the sequence in which stack instances deploy across accounts and regions. You can specify up to 10 dependencies per stack instance using the new DependsOn parameter in AutoDeployment to orchestrate foundational and dependent stacks. StackSets performs cycle detection to prevent circular dependencies and returns clear error messages to aid troubleshooting. This capability is available in all Regions where StackSets is offered and can be configured via the CLI, SDK, or CloudFormation Console at no extra charge.

AI Agents Used in State-Sponsored Large-Scale Espionage

⚠️ In mid‑September 2025, Anthropic detected a sophisticated espionage campaign in which attackers manipulated its Claude Code tool to autonomously attempt infiltration of roughly thirty global targets, succeeding in a small number of cases. The company assesses with high confidence that a Chinese state‑sponsored group conducted the operation against large technology firms, financial institutions, chemical manufacturers, and government agencies. Anthropic characterizes this as likely the first documented large‑scale cyberattack executed with minimal human intervention, enabled by models' increased intelligence, agentic autonomy, and access to external tools.

CloudWatch Console Adds Automated Agent Management

⚙️ Amazon CloudWatch now provides an in-console experience for automated installation and configuration of the CloudWatch agent on EC2 instances. The new UI surfaces agent status across your EC2 fleet, automatically detects supported workloads, and uses CloudWatch observability solutions to recommend monitoring configurations. Customers can deploy agents with one-click installs or create tag-based policies for automated fleet-wide management, including for auto-scaled instances, reducing setup time from hours to minutes.

ECR Dual-Stack Endpoints Gain AWS PrivateLink Support

🔒 Amazon Elastic Container Registry (ECR) now supports AWS PrivateLink for its dual-stack endpoints. This enables customers to standardize on IPv6 while continuing to accept IPv4 traffic, and to keep API and Docker/OCI request traffic confined to the Amazon network. By routing dual-stack endpoint traffic over PrivateLink, organizations can reduce exposure to the public internet and improve their security posture. The feature is generally available in all AWS commercial and GovCloud (US) regions at no additional cost.

AWS Control Tower v4.0: Direct Access to Managed Controls

🔧 AWS Control Tower v4.0 introduces a controls-focused experience that gives customers direct access to more than 750 AWS managed controls without requiring a full Control Tower deployment. Customers can review the Control Catalog and deploy selected controls into their existing AWS Organization within minutes while retaining their current account structure. The release also separates S3 buckets and SNS notifications for cleaner operations and improved cost attribution.

EC2 Fleet Adds Encryption Attribute for ABIS Selection

🔐 Amazon EC2 Fleet now supports an encryption attribute for Attribute-Based Instance Type Selection (ABIS). You can set RequireEncryptionInTransit in InstanceRequirements to limit launches to instance types that support encryption-in-transit, addressing compliance with VPC Encryption Controls in enforced mode. The GetInstanceTypesFromInstanceRequirements (GITFIR) API previews eligible instance types. The feature is available in all AWS commercial and GovCloud (US) Regions. To start, set RequireEncryptionInTransit=true when calling CreateFleet or GITFIR.

AWS CloudWatch Application Signals adds GitHub Action

🔍 AWS announced general availability of a new Application Observability for AWS GitHub Action and enhancements to the CloudWatch Application Signals MCP server that embed observability into developer workflows. Developers can now request trace-aware diagnostics inside GitHub — for example by mentioning @awsapm in Issues — and receive intelligent, observability-based responses without switching consoles. The MCP server updates also let AI coding agents (such as Kiro) identify the exact file, function, and line causing latency or errors and provide or modify OTel-based instrumentation guidance for CDK or Terraform across ECS, EKS, Lambda, and EC2.

CloudWatch Container Insights Supports Neuron UltraServers

🔍 Amazon CloudWatch Container Insights now supports Neuron UltraServers on Amazon EKS, enabling aggregated observability for multi-instance ML servers. The update adds a new UltraServer ID filter that presents consolidated metrics across all instances in a logical UltraServer group while retaining per-instance visibility. Available in all commercial AWS Regions and AWS GovCloud (US), this simplifies monitoring and troubleshooting for Trainium and Inferentia workloads.

AWS WAF Adds Web Bot Auth to Verify AI and Bot Traffic

🔐 AWS WAF now supports Web Bot Auth, providing cryptographic verification for automated agents and crawlers that access web applications. The capability uses signed HTTP messages and a public key directory defined by active IETF drafts to authenticate bot identities. AWS WAF will automatically allow verified WBA bots by default, refining previous behavior where the AI category blocked unverified bots. This change helps operators distinguish trusted automated traffic from potentially harmful automation.

AWS Control Tower Adds 279 AWS Config Rules and Frameworks

🔒AWS Control Tower now supports 279 additional managed AWS Config rules and seven new compliance frameworks in the Control Catalog. You can search, discover, enable, and manage these rules directly from the AWS Control Tower console or via the ListControls, GetControl, and EnableControl APIs. The ListControlMappings API has been enhanced to show relationships between controls — complementary, alternative, or mutually exclusive — helping map detection (Config rules) to prevention (Service Control Policies). These features are available in Regions where Control Tower is offered, including AWS GovCloud (US).

Amazon Aurora DSQL Adds Integrated Console Query Editor

🔎 Amazon has added an integrated query editor to Aurora DSQL, enabling secure, browser-based SQL access from the AWS Management Console without requiring external client installation or configuration. The editor includes syntax highlighting, auto-completion, and intelligent code assistance, along with schema exploration and result viewing in a single interface. Available in all Regions where Aurora DSQL is offered, this feature shortens time-to-value and simplifies database interactions for developers, analysts, and data engineers.

Amazon Athena auto-scales Capacity Reservations with limits

🔁 Amazon Athena now provides an auto-scaling solution for Capacity Reservations that adjusts reserved DPUs automatically based on workload utilization. The solution uses AWS Step Functions to monitor Amazon CloudWatch metrics and add or remove DPUs when utilization crosses configured high and low thresholds. You can set measurement frequency, utilization thresholds, and capacity limits, and customize behavior via the provided CloudFormation template. The feature is available in Regions where Capacity Reservations is supported.

OAuth Token Compromise Hits Salesforce Ecosystem Again

🔐 Salesforce disclosed unauthorized access tied to Gainsight-published apps using OAuth integrations, saying it revoked all active access and refresh tokens and temporarily removed those apps from the AppExchange while investigators continue their work. Gainsight confirmed the incident, has engaged Mandiant for forensics, and revoked related connector access across other marketplaces. Google Threat Intelligence linked the activity to actors associated with ShinyHunters, echoing prior token-abuse campaigns against Salesloft and Drift. The incident highlights supply-chain risks in SaaS OAuth integrations and reinforces urgent recommendations to audit and revoke suspicious tokens.

Scattered Spider Teens Plead Not Guilty in TfL Hack

🔒 Two British teenagers, identified by authorities as suspected members of the Scattered Spider collective, have pleaded not guilty to computer misuse and fraud-related charges at Southwark Crown Court. The charges stem from an August 2024 breach of Transport for London (TfL) that disrupted online services, caused millions in losses, and later was found to have exposed customer names, addresses, and contact details. Arrested in September 2024 by the NCA and City of London Police, the defendants face additional alleged conspiracies involving US healthcare networks and separate counts tied to seized passwords.

Google adds Pixel-to-iPhone file sharing via Quick Share

📱 Google has made Quick Share interoperable with Apple's AirDrop, enabling two-way file transfers between Pixel devices and iPhones starting with the Pixel 10 family. The implementation uses AirDrop's "Everyone for 10 minutes" direct, device-to-device mode with no server intermediaries. Google says it applied threat modeling, internal security and privacy reviews, Rust parsing to reduce memory risks, and independent NetSPI testing. Users must manually confirm recipients before sharing.

WhatsApp API Flaw Enabled Scraping of 3.5B Accounts

🔍 Researchers from the University of Vienna and SBA Research compiled a list of 3.5 billion active WhatsApp mobile numbers and associated personal details by abusing a contact-discovery API that lacked rate limiting. Running from a single server with five authenticated sessions, they queried more than 100 million numbers per hour and tested a generated space of 63 billion potential numbers. The team responsibly reported the issue and WhatsApp has since added rate-limiting protections. Although the researchers did not publish the dataset, their findings illustrate how unprotected APIs enable large-scale scraping and privacy exposure.

CISA Adds Oracle Identity Manager Flaw to KEV List

⚠️ CISA has added CVE-2025-61757 to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation targeting Oracle Identity Manager. The flaw, a missing-authentication issue with a CVSS score of 9.8, affects versions 12.2.1.4.0 and 14.1.2.1.0 and was addressed in Oracle's recent quarterly updates. Searchlight Cyber researchers demonstrated that an allow-list bypass using URI tricks such as ?WSDL or ;.wadl can expose protected API endpoints and enable pre-authenticated remote code execution via the groovyscriptstatus endpoint. Federal civilian agencies must apply the patch by December 12, 2025.

CISA Warns: Oracle Identity Manager RCE Actively Exploited

🚨 CISA has added CVE-2025-61757, a pre-authentication remote code execution vulnerability in Oracle Identity Manager, to its Known Exploited Vulnerabilities catalog and ordered federal agencies to patch by December 12 under BOD 22-01. The flaw, disclosed by Searchlight Cyber, abuses an authentication bypass in REST APIs by appending parameters such as ?WSDL or ;.wadl to URL paths, exposing a Groovy compilation endpoint. Researchers showed that Groovy's annotation-processing can execute code at compile time, enabling pre-auth RCE. Oracle released a fix on October 21, 2025; CISA warned the issue is being actively exploited.

Amazon ECR Adds Managed Container Image Signing Capability

🔐 Amazon ECR now offers managed container image signing to simplify and standardize container provenance. Using a few clicks in the ECR Console or a single API call, you create a signing rule that references an AWS Signer signing profile (signature validity, target repositories), and ECR automatically signs images when they are pushed using the pusher's identity. AWS Signer handles key and certificate lifecycle, and all signing operations are logged to CloudTrail. The feature is available in all Regions where AWS Signer is offered.

Google Adds AirDrop Compatibility to Quick Share on Pixel 10

📡 Google updated Quick Share to interoperate with Apple's AirDrop, enabling direct file transfers between Pixel 10 devices and iPhone, iPad, and macOS. Transfers require the Apple device to be discoverable to Everyone for 10 minutes, while Android users must set Quick Share visibility to Everyone or use Receive mode. Google said the implementation is built in memory-safe Rust, avoids routing data through servers, and was independently assessed and hardened after a low-severity information-disclosure issue was fixed.

Cox Enterprises Discloses Oracle E-Business Suite Breach

🔒 Cox Enterprises says hackers accessed its network after exploiting a zero-day in Oracle E‑Business Suite, with activity occurring between Aug. 9–14 and detected on Sept. 29, 2025. The company notified 9,479 impacted individuals and is offering 12 months of credit monitoring and identity protection through IDX. The Cl0p ransomware gang has claimed responsibility and posted stolen files after Oracle issued a patch on Oct. 5. Cox did not specify the types of data exposed in the notice.

AI-generated fake sites deliver malicious Syncro builds

⚠️ Kaspersky describes a campaign in which attackers used the AI-powered web builder Lovable to mass-generate convincing fake vendor pages that host malicious installers. Those pages distribute a custom, attacker-signed build of the legitimate remote administration tool Syncro, which installs silently and grants full remote access. Because the payload is a legitimate admin tool altered for abuse, detection is difficult and victims risk data theft and loss of cryptocurrency funds.

APT24 Deploys BADAUDIO in Multi-Year Espionage Campaign

🛡️ APT24 has deployed a previously undocumented downloader called BADAUDIO to maintain persistent remote access in a nearly three-year campaign beginning November 2022. The highly obfuscated C++ downloader uses control-flow flattening and DLL search-order hijacking to fetch AES-encrypted payloads from hard-coded C2s; analysts observed Cobalt Strike delivered in at least one case. Operators distributed BADAUDIO via watering holes, supply-chain compromises, typosquatted CDNs and targeted phishing, employing FingerprintJS and encrypted cloud-hosted archives to selectively target victims and evade detection.

Gainsight Supply-Chain Hack Disrupts Salesforce Apps

⚠️ On November 20, customer support platform provider Gainsight reported connection failures after Salesforce revoked active access for the Gainsight SFDC Connector following detection of unusual activity. Salesforce temporarily removed all Gainsight-published apps from its AppExchange, citing potential unauthorized access via the app's external connection rather than a Salesforce platform vulnerability. Gainsight also disabled integrations with HubSpot and Zendesk, and engaged Mandiant to support forensic work. A criminal collective claiming affiliation with Lapsus$/Scattered Spider said it was responsible and threatened wider data leaks and a RaaS offering.

Salesforce Flags Unauthorized Access via Gainsight OAuth

🔒 Salesforce reported detected 'unusual activity' involving Gainsight-published applications that used OAuth connections to its platform and said the activity may have enabled unauthorized access to some customers' Salesforce data. The company revoked all active access and refresh tokens for affected apps and temporarily removed those listings from the AppExchange while it investigates. Gainsight also pulled its app from the HubSpot Marketplace as a precaution. Security analysts have linked the activity to the ShinyHunters (UNC6240) group and are urging customers to review and revoke suspicious third-party integrations.

China-linked APT31 Targets Russian IT with Stealth

🛡️ Positive Technologies links a prolonged 2024–2025 intrusion campaign in the Russian IT sector to China-linked APT31, reporting extended dwell times and stealthy command-and-control. The group relied on legitimate cloud platforms — notably Yandex Cloud and Microsoft OneDrive — and concealed encrypted payloads in social media profiles to blend with normal traffic. Observed techniques include spear-phishing RAR attachments containing LNK loaders that deploy the Cobalt Strike-based CloudyLoader, DLL side-loading, scheduled tasks that mimic legitimate apps, and a broad mix of public and custom tools to harvest credentials and exfiltrate data.

FCC Reversal Removes Telecom Cybersecurity Mandates

⚠ The FCC has reversed its January 2025 Declaratory Ruling that required US telecom providers to adopt and annually certify stricter cybersecurity controls under CALEA. The agency said the earlier order was misconstrued and unlawful, citing recent engagements with carriers and targeted actions instead of prescriptive mandates. Critics, including FCC Commissioner Anna Gomez and security experts, warn the rollback could leave critical infrastructure more exposed after the Salt Typhoon attacks.

Grafana warns of critical admin-spoofing flaw in Enterprise

⚠️ Grafana Labs has disclosed a maximum-severity vulnerability (CVE-2025-41115) in Grafana Enterprise that can allow new SCIM-provisioned users to be treated as administrators or used for privilege escalation. The flaw is only exploitable when SCIM provisioning is enabled and both the 'enableSCIM' feature flag and 'user_sync_enabled' option are true, because numeric SCIM externalId values were mapped directly to internal user.uid values. Affected self-managed Enterprise releases include 12.0.0 through 12.2.1; administrators should upgrade to a patched release (12.3.0, 12.2.1, 12.1.3, or 12.0.6) or disable SCIM. Grafana Cloud and managed services have already received patches.

Amazon OpenSearch Adds OR2 and OM2 Instances in Regions

🚀 Amazon Web Services has expanded OR2 and OM2 OpenSearch Optimized instances into additional global regions, delivering higher indexing throughput and S3-based managed storage for indexing-heavy workloads. In AWS internal benchmarks OR2 showed up to 26% higher indexing throughput vs OR1 (70% vs R7g) and OM2 up to 15% vs OR1 (66% vs M7g). Both families include local instance caching, S3-managed storage, pay-as-you-go and reserved pricing, and a range of sizes to fit different compute and memory needs.

CISA Adds Oracle Fusion Middleware CVE to KEV Catalog

🔒 CISA added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-61757, a Missing Authentication for Critical Function issue affecting Oracle Fusion Middleware. The entry was added based on evidence of active exploitation and is identified as a common attack vector that poses significant risk to the federal enterprise. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by the specified due date; CISA strongly urges all organizations to prioritize timely remediation and other risk-reduction measures.

Amazon ECS Managed Instances Now in GovCloud Regions

🚀 Amazon ECS Managed Instances is now available in the AWS GovCloud (US-East) and GovCloud (US-West) Regions, bringing a fully managed EC2 compute option to government-focused accounts. Managed Instances dynamically scales and optimizes EC2 capacity, supports task-level requirements (vCPU, memory, CPU architecture), and lets you select instance families including GPU, network-optimized, and burstable types. AWS initiates security patching every 14 days; management fees apply in addition to EC2 costs.

Browser Push Notifications Exploited by Matrix Push C2

🔔 BlackFrog has identified a new command-and-control platform, Matrix Push C2, that abuses browser push notifications to deliver phishing and malware. The campaign social-engineers users into allowing notifications and then issues realistic system-style alerts that redirect victims to malicious sites. Described as fileless, the technique leverages the browser notification channel rather than an initial executable. The platform includes a web dashboard with real-time client visibility, analytics and templates impersonating services like MetaMask, Netflix and PayPal.

Avast Makes AI-Driven Scam Defense Free for Users Worldwide

🛡️ Avast has integrated its new AI-powered Scam Guardian into Avast Free Antivirus, offering free, continuous protection against increasingly sophisticated, AI-enhanced scams worldwide. The feature analyzes website content, code, links, SMS and email context to flag deceptive intent and neutralize hidden threats. A premium Scam Guardian Pro in Avast Premium Security adds an Email Guard for contextual email scanning across devices. The rollout aims to democratize AI-based scam defense and give users clear, actionable guidance.

FCC Reverses Telco Cybersecurity Mandate After Salt Typhoon

🔒 The FCC has rescinded a January 2025 declaratory ruling under CALEA that would have required telecom carriers to adopt formal cybersecurity risk-management plans, submit annual certifications, and treat network cybersecurity as a legal obligation after the Salt Typhoon intrusions. The agency, now led by new commissioners, also withdrew the accompanying NPRM, calling the prior approach inflexible and legally flawed. Carriers say they have strengthened defenses and agreed to continued coordination, while critics warn that relying on voluntary measures risks leaving national communications infrastructure exposed.

Music Store's Google Ads Account Hijacked, €4M Loss

🔒 The Google Ads account for Cologne-based retailer Music Store was reportedly taken over by attackers on 19 October 2025. Criminals have linked more than 2,500 foreign advertising accounts to the company’s payment profile and are running persistent campaigns promoting online casinos and crypto exchanges that administrators cannot remove. The assigned Google account manager has reportedly been unable to stop the activity, and formal attempts to get intervention via official channels have so far failed. Police cybercrime investigators and consumer protection authorities have been notified, and reported losses exceed €4 million.

Qilin Ransomware Investigation: Huntress Forensics Analysis

🔍 Huntress Labs detailed a Qilin ransomware investigation in which visibility was constrained because their agent was installed after the compromise and only on a single endpoint. Analysts correlated managed antivirus alerts, Windows Event Logs, AmCache, PCA logs, and VirusTotal to reconstruct a timeline showing a rogue ScreenConnect RMM deployment, attempts to run infostealer binaries, tampering with Windows Defender, and likely ransomware execution from another host. The report stresses validating artifacts across multiple sources to avoid false assumptions and inform accurate remediation.

Microsoft Named Leader in Gartner Access Management

🔒 Microsoft has been recognized as a Leader in the 2025 Gartner Magic Quadrant for Access Management for the ninth consecutive year. The post highlights Microsoft Entra as a unified IAM and CIAM solution that consolidates controls, telemetry, and administration while integrating generative AI in the Entra admin center to streamline workflows and threat response. Microsoft calls out rising threats—nation-state actors and organized cybercrime using generative AI—and stresses that multifactor authentication and agent identity controls are essential to protect both human and non-human identities.

CloudWatch Database Insights: Cross-Account, Cross-Region

🔍 Amazon CloudWatch Database Insights now supports cross-account and cross-region monitoring, enabling teams to observe and manage database fleets across multiple AWS accounts and regions from a single console. The feature centralizes performance metrics and troubleshooting workflows so teams can correlate incidents across distributed environments. It is intended to reduce operational overhead and improve mean time to resolution by enforcing consistent monitoring standards.

AWS Backup Adds Support for FSx Intelligent-Tiering

🔒 AWS Backup now supports Amazon FSx Intelligent-Tiering, enabling centralized protection for FSx for Lustre and FSx for OpenZFS file systems. The Intelligent-Tiering storage class delivers fully elastic file storage that automatically scales with workloads while optimizing costs through pay-for-what-you-use elasticity. Existing Amazon FSx backup plans continue to run without modification. Support is available in all Regions where FSx Intelligent-Tiering is offered, and you can manage protections from the AWS Backup console.

Iberia Notifies Customers of Vendor-Related Data Leak

🔔 Iberia has informed customers of a security incident after unauthorized access to a supplier's systems exposed limited customer information. The airline says affected fields may include full name, email address, and Iberia Club loyalty identification numbers, while login credentials and payment card data were not accessed. Iberia says it activated its security protocol, added verification codes for email changes, is monitoring systems, and has notified authorities as it works with the third-party vendor. Customers are urged to watch for suspicious messages and report anomalies to the airline.

Matrix Push C2 Uses Browser Notifications for Phishing

🔔 Matrix Push C2 is a browser-native, fileless C2 platform that leverages web push notifications, fake alerts, and link redirects to distribute phishing links across operating systems. Attackers social-engineer users into allowing notifications on malicious or compromised sites, then send branded, OS-like alerts with action buttons that redirect victims to fraudulent landing pages. Sold as a MaaS kit via Telegram and cybercrime forums, it includes a web dashboard, analytics, URL shortening, configurable templates (e.g., MetaMask, Netflix, PayPal), and tiered crypto-paid subscriptions.

TalayLink Subsea Cable Connects Australia and Thailand

🌐 Today Google is announcing TalayLink, a new subsea cable that will extend the previously announced interlink cable from the Australia Connect initiative to establish a diverse path between Australia and Thailand via the Indian Ocean. The project includes planned connectivity hubs in Mandurah (Western Australia) and South Thailand, the latter in partnership with AIS, plus local landing support from IGC. These investments are designed to integrate Google Cloud’s upcoming Thailand region and data center into its global network, improving resilience, routing diversity, and onward connectivity across the Indian Ocean.

AWS Device Farm: Managed Appium Endpoint for Live Testing

📱 AWS Device Farm now provides a fully managed Appium endpoint that developers can connect to with just a few lines of code to run interactive tests on multiple real devices from their IDE or local machine. The capability integrates with third-party tools such as Appium Inspector (hosted and local) for element inspection and debugging. Live video and log streaming deliver faster feedback in local workflows while existing server-side execution remains available for scaled, secure enterprise runs.

Practical Steps to Minimize Key Exposure in AWS Environments

🔐 This AWS Security blog by Jennifer Paz outlines a layered, practical approach to reduce exposure from long‑term AWS credentials. It recommends discovery and risk assessment with CodeGuru Security, IAM Access Analyzer, credential reports, and Trusted Advisor, followed by enforcement using SCPs and RCPs to create a network data perimeter. The post also covers runtime protections (security groups, NACLs, Network Firewall, AWS WAF), automated rotation using Secrets Manager or rotation patterns, and threat detection via GuardDuty, all intended to bridge the gap until migration to temporary credentials is feasible.

Gemini CLI Adds Looker Extensions for Terminal Data Access

🚀 The Gemini CLI now includes Looker and Looker Conversational Analytics extensions, enabling direct terminal access to Looker data and dashboards. These additions let users ask complex questions, generate reports, and create dashboards without leaving the command line. Installation requires the Gemini CLI (npm), the two extensions, and configuration of Looker API credentials and optional Google Cloud settings. The update aims to streamline workflows and make data exploration more accessible from everyday development environments.

AWS Cost Anomaly Detection accelerates anomaly detection

🔍 AWS Cost Anomaly Detection now uses an enhanced algorithm that analyzes spend in rolling 24-hour windows, comparing current costs to equivalent time periods from previous days whenever AWS receives updated cost and usage data. This removes delays from incomplete calendar-day comparisons and aligns analysis to similar times of day, improving accuracy for workloads with distinct morning and evening patterns. The result is faster, more precise anomaly identification with fewer false positives; the enhancement is available in all AWS Regions except the AWS GovCloud (US) Regions and the China Regions.

Amazon QuickSight Adds Table and Pivot Table Customization

📊Amazon QuickSight now lets dashboard viewers customize tables and pivot tables directly in dashboards. Users can sort, reorder, hide or show, and freeze columns without requiring updates from dashboard authors. These per-view adjustments support cross-team collaboration and tailored analysis — for example, sales teams sorting by revenue or finance freezing account columns to retain context. The features are available in Amazon QuickSight Enterprise Edition across supported regions; see the product documentation and blog for guidance.

Amazon Lightsail launches Nginx blueprint with IMDSv2

🚀 Amazon Lightsail now offers a new Nginx blueprint that includes IMDSv2 enforced by default and supports IPv6-only instances. With a few clicks you can provision a Lightsail VPS of your chosen size with Nginx preinstalled, using Lightsail instance bundles that combine OS, storage, and monthly data transfer. This blueprint is available in all AWS Regions where Lightsail runs; consult Lightsail documentation for supported blueprints and pricing details.

CloudWatch Container Insights: Sub-Minute GPU Metrics

🔍 Amazon CloudWatch Container Insights now supports configurable sub-minute GPU sampling for Amazon EKS, enabling GPU metrics to be collected at a per-second sample rate and aggregated to CloudWatch once per minute. This enhancement gives teams finer visibility into short-lived AI/ML inference and GPU-intensive workloads, helping to optimize resource utilization, troubleshoot performance issues, and improve operational efficiency for containerized GPU applications. The feature is available in all AWS Commercial Regions and AWS GovCloud (US) Regions at no additional cost.

AWS Network Firewall adds flexible cost allocation

🔁 AWS Network Firewall now supports flexible cost allocation through AWS Transit Gateway native attachments, enabling automatic distribution of data processing charges across different AWS accounts. Administrators can create metering policies to apply inspection charges to application teams or business units instead of consolidating expenses in the firewall owner account. This preserves centralized security controls while automating chargeback based on actual usage. Flexible cost allocation is available in all AWS Commercial and Amazon China Regions where supported, with no additional fees beyond standard service pricing.

AWS STS now supports dual‑stack IPv6 endpoints globally

🌐 AWS Security Token Service (STS) now supports IPv6 via new dual‑stack endpoints, allowing connections over IPv6, IPv4, or both. Dual‑stack access is supported over the public internet and privately from Amazon VPCs using AWS PrivateLink, so STS APIs can be invoked without traversing the public internet. This capability is available in all Commercial, GovCloud (US), and China Regions. Configure STS clients using the IAM user guide to enable dual‑stack endpoints.

Amazon WorkSpaces Applications Adds IPv6 Support Widely

🌐 Amazon WorkSpaces Applications now supports IPv6 for WorkSpaces Applications domains and external endpoints, allowing users on IPv6-capable devices to connect (SAML authentication is not supported over IPv6). This reduces the need for address-translation appliances, helps meet IPv6 compliance, and simplifies VPC addressing. The feature is available at no additional cost in 16 AWS Regions and uses pay-as-you-go pricing; customers must use the latest client or web access.

AWS IoT Core adds SET clause and get_or_default() support

🔧 The AWS IoT Core rules-SQL now supports a SET clause to define and reuse variables across SQL statements, simplifying complex queries and ensuring consistent content when values are referenced multiple times. A new get_or_default() function returns fallback values when encountering data encoding or external dependency failures so rules continue executing. These capabilities reduce SQL complexity and improve reliability across regions.

EC2 Image Builder Adds Automatic Versioning Support

🔁 EC2 Image Builder now supports automatic versioning for recipes and automatic build version increments for components, removing the need to manually manage version numbers. You can place an 'x' placeholder to auto-increment any position in a recipe version and use wildcard patterns to resolve to the highest compatible version in pipelines. The feature is available across all AWS regions, including China and GovCloud, and is accessible via Console, CLI, API, CloudFormation, and CDK.

AI-Driven GLP-1 Scams Hijacking European Authorities

⚠️ Criminal networks are exploiting shortages of GLP-1 drugs like Ozempic, Wegovy and Mounjaro, using AI to generate convincing counterfeit websites, emails and documents that impersonate regulators and health services across Europe. They are hijacking the identities of the NHS, AEMPS, ANSM, BfArM and AIFA to market fake weight-loss products and harvest payments. Check Point Research documents the tactics, scale and public-safety implications of this rapidly evolving scam epidemic.

Amazon Location Service Adds No-Code Address Form Builder

🧭 AWS announced the Address Form Solution Builder for Amazon Location Service, a no-code tool that creates customizable address forms with predictive suggestions, autofill for fields like postal code, and an integrated map view. Developers can generate a ready-to-use application in minutes and download a developer package in React JavaScript, React TypeScript, or standalone HTML/JavaScript. The builder aims to speed address entry, reduce errors, and improve delivery and fraud outcomes for enterprise applications.

Ransomware Shifts Focus to AWS S3 Buckets and Keys

🔐 A Trend Micro analysis warns ransomware actors are increasingly targeting cloud storage by abusing AWS-native encryption and key management to render S3 data unrecoverable. Attackers probe buckets with disabled versioning or Object Lock, exploit wide write permissions, and weaponize SSE-KMS, SSE-C, BYOK and XKS to seize control of keys. Researchers recommend least-privilege IAM, enable versioning/Object Lock, isolate backups, and continuously monitor audit logs. An "assume breach" posture and short-lived credentials are urged to limit impact.

Oracle Database@AWS Integrates with AWS KMS for TDE

🔐 AWS announced integration between Oracle Database@AWS and AWS Key Management Service (KMS), enabling KMS to encrypt Oracle Transparent Data Encryption (TDE) master keys. The feature is available in all regions where Oracle Database@AWS runs and incurs only standard KMS charges—there is no additional Oracle Database@AWS fee. Customers gain centralized key control, CloudTrail auditing, and automatic key rotation for TDE keys.

AWS Glue zero-ETL now supports CloudFormation & CDK

🚀 AWS Glue zero-ETL integrations now support AWS CloudFormation and the AWS Cloud Development Kit (CDK), enabling creation and management of zero-ETL integrations using infrastructure as code. This lets teams ingest data from DynamoDB and enterprise SaaS sources (Salesforce, ServiceNow, SAP, Zendesk) into Amazon Redshift, S3, and S3 Tables. CloudFormation and CDK support makes it easier to deploy, update, and version-control zero-ETL configurations consistently across multiple AWS accounts.

Sneaky2FA Adds Browser-in-the-Browser to Phishing Kits

🛡️ Researchers report that the Sneaky2FA phishing-as-a-service kit now includes browser-in-the-browser (BITB) functionality that lets attackers embed a fake browser window with a customizable URL bar to mimic legitimate sites such as Microsoft. The iframe-backed pop-up captures credentials and MFA codes in real time, enabling attackers to hijack active sessions. This change lowers the skill threshold for criminals and undermines many signature-based defenses, prompting calls for updated training and stronger browser configurations.

Flexible Cost Allocation for AWS Transit Gateway GA

💸 AWS has announced general availability of Flexible Cost Allocation (FCA) for AWS Transit Gateway, enabling organizations to distribute data processing and transfer charges more flexibly across accounts. FCA lets you assign usage to the source, destination, or the central Transit Gateway account and supports attachment-level or per-flow granularity. It also supports middle-box appliances such as AWS Network Firewall, allowing costs to be attributed to original source or destination owners. You can enable FCA via the AWS Management Console, CLI, or SDK with no additional charge.

Amazon Athena adds per-query DPU controls for Capacity use

🔧 Amazon Athena now lets you control Data Processing Unit (DPU) allocation for queries running on Capacity Reservations at the workgroup or per-query level. You can set explicit DPU values so small queries consume less capacity while critical jobs receive guaranteed resources. The Athena console and API now report per-query DPU usage, improving visibility into consumption and supporting capacity planning. These controls reduce over-provisioning, manage concurrency, and improve predictability for business-critical workloads in supported AWS Regions.

AWS Transfer Family Terraform Module Adds Custom IdP

🚀 The AWS Transfer Family Terraform module now supports provisioning Transfer Family servers with a custom identity provider (IdP), enabling integration with existing authentication systems and centralized access control. This update automates deployment of SFTP, FTPS, FTP, AS2 and browser-based endpoints using Terraform, removing repeated manual configuration. The module is built on the open source Custom IdP solution and includes an Amazon Cognito example to help teams get started quickly.

AWS Compute Optimizer Adds Automation Rules for EBS

🛠 AWS Compute Optimizer introduces automation rules to optimize Amazon Elastic Block Store (EBS) volumes at scale. The feature can automatically clean up unattached volumes and upgrade volumes to the latest-generation types on a recurring schedule, using filters such as AWS Region and Resource Tags. A new dashboard summarizes automation events, shows step history and estimated savings, and supports action reversal.

Amazon RDS for SQL Server Adds Resource Governor Support

🔧 Amazon RDS for SQL Server now supports resource governor, enabling customers to manage CPU, memory, and I/O allocation across workloads on Enterprise Edition instances. RDS exposes stored procedures for configuring resource pools, workload groups, and classifier functions so administrators can isolate resource‑intensive queries and maintain predictable performance. This feature is available in all AWS Regions where RDS for SQL Server is offered.

AWS Glue adds DynamoDB connector with Spark DataFrame

🚀 AWS Glue now includes a new Amazon DynamoDB connector that natively supports Apache Spark DataFrames. This enables developers to reuse existing Spark DataFrame code across AWS Glue, Amazon EMR, and other Spark environments with minimal modification, replacing prior reliance on Glue-specific DynamicFrame objects. The connector exposes the full range of DataFrame operations and current Spark performance optimizations and is available in all AWS Commercial Regions where Glue runs.

AWS Lambda lowers Kafka ESM costs with Provisioned mode

⚡ AWS announces enhancements to Lambda's Provisioned mode for Kafka event source mappings, enabling grouping of ESMs and higher density of event pollers to reduce costs by up to 90% for low-throughput workloads. Each Event Poller Unit (EPU) still provides 20 MB/s but now defaults to 10 pollers per EPU and supports shared capacity via the new PollerGroupName parameter. Changes are available today across AWS Commercial Regions and can be configured via API, CLI, Console, SDK, CloudFormation, or SAM.

AWS Adds Lambda Kafka Event Source Mapping in MSK Console

🔗 AWS announced integration of AWS Lambda Kafka event source mapping directly in the Amazon MSK Console, allowing you to connect MSK topics to Lambda functions without switching consoles. The MSK Console now requires only a topic and target function while automatically creating and configuring the event source mapping (ESM), applying optimized defaults and optional IAM role generation. The integration defaults to Provisioned Mode to improve latency and throughput, and is generally available in most AWS Commercial Regions with a few regional exceptions.

Amazon Lex adds Wait & Continue in 10 new languages

🗣️ Amazon Lex now supports Wait & Continue in ten additional languages — Chinese, Japanese, Korean, Cantonese, Spanish, French, Italian, Portuguese, Catalan, and German. The feature enables deterministic voice and chat bots to pause while customers gather information and then resume the interaction seamlessly. It enhances natural, multilingual self-service experiences and is available in all AWS Regions where Amazon Lex operates.

CrowdStrike Fires Insider Allegedly Sharing Internal Data

🔒 CrowdStrike said it fired a “suspicious insider” after screenshots of company resources—including an Okta dashboard for internal access—appeared in a public Telegram channel run by Scattered Lapsus$ Hunters. The hackers claimed the material came from a Salesforce-ecosystem breach involving vendor Gainsight, a claim CrowdStrike denied. The company told TechCrunch investigators the images were produced when an employee shared pictures of their screen externally, that its systems were not compromised, and that customers remained protected. CrowdStrike has referred the matter to law enforcement.

Industrialization of Cybercrime: AI, Speed, Defense

🤖 FortiGuard Labs warns that by 2026 cybercrime will transition from ad hoc innovation to industrialized throughput, driven by AI, automation, and a mature supply chain. Attackers will automate reconnaissance, lateral movement, and data monetization, shrinking attack timelines from days to minutes. Defenders must adopt machine-speed operations, continuous threat exposure management, and identity-centric controls to compress detection and response. Global collaboration and targeted disruption will be essential to deter large-scale criminal infrastructure.

Why IT Admins Choose Samsung Galaxy and Knox Suite

🔒 Samsung Galaxy devices with Knox Suite combine hardware-rooted protections and centralized management to help IT secure corporate data without slowing users. Built-in at manufacture, Knox delivers multi-layered defenses—secure boot, trusted execution environments, and integrated malware protections—while fitting into existing EMM workflows. Native Zero Trust support, ZTNA and near-real-time telemetry from Knox Asset Intelligence feed SIEMs so mobile threats are visible alongside other alerts.

Amazon Route 53 DNS API Endpoint Adds IPv6 Dual-Stack

🌐 Amazon Route 53 now exposes a dual-stack API endpoint at route53.global.api.aws, allowing clients to connect over IPv6, IPv4, or dual-stack. The existing IPv4-only endpoint remains available for backward compatibility. IPv6 support is available in all Commercial Regions at no additional cost and can be enabled via the AWS CLI or Management Console. This reduces IPv4 translation complexity and helps organizations meet IPv6 compliance.

AWS ALB Adds Health Check Logs to S3 for Troubleshooting

🛡️ AWS Application Load Balancers (ALB) now support Health Check Logs that deliver detailed target health check entries to a designated Amazon S3 bucket every five minutes. The optional feature records timestamps, target identifiers, per-target health status, and precise failure reasons to accelerate troubleshooting. You can enable it via the AWS Management Console, AWS CLI, or SDK. Available in all AWS Commercial Regions, AWS GovCloud (US), and AWS China Regions, logs incur no additional fees beyond standard S3 storage and can reduce mean time to resolution for target health investigations.

AWS Security Incident Response Introduces Metered Pricing

🔒 AWS Security Incident Response introduces a metered pricing model that charges per ingested security finding and includes a free tier for the first 10,000 findings per month. After the free tier, the per-finding rate is $0.000676 with tiered discounts at higher volumes. The consumption-based approach removes upfront commitments and minimum fees, enabling teams to scale response capability as needs evolve. Customers can monitor finding counts via Amazon CloudWatch at no extra cost, and the new pricing automatically applies in supported Regions starting November 21, 2025.

Amazon Connect adds monitoring for queued callbacks

🔔 Amazon Connect now enables monitoring of contacts queued for callback, allowing supervisors and integrations to search queued callbacks and view details such as customer phone numbers and queued duration in the Connect UI and via APIs. Teams can proactively route contacts nearing promised callback windows to available agents and clear customers who have already been served to avoid duplicative work. This capability is available in all regions where Amazon Connect is offered.

Amazon Connect Adds Multi-Skill Agent Scheduling Support

📞 Amazon Connect now supports multi-skill agent scheduling to optimize workforce allocation across departments, languages, and customer tiers. Using forecast-driven, skill-based matching, administrators can schedule agents who hold multiple specialties and reserve multi-skilled staff for high-value interactions when demand peaks. This capability is available in all AWS Regions where agent scheduling is offered and aims to raise utilization while reducing staffing gaps.

AWS Transfer Family Web Apps Support VPC Endpoints

🔒 AWS Transfer Family web apps now support Virtual Private Cloud (VPC) endpoints, enabling private, in‑VPC access to your browser-based S3 file interface at no additional charge. Workforce users can connect through a VPC, AWS Direct Connect, or VPN so that file traffic remains inside your network boundary. Administrators can enforce controls with security groups and subnet-level NACLs, retaining full visibility and control over transfers. Configure and manage endpoints via the Transfer Family console, AWS CLI, or SDK.

Microsoft fixes Windows 11 hotpatch reinstall loop

🔁 Microsoft released the KB5072753 out-of-band cumulative update to resolve a known issue that caused the November 2025 hotpatch KB5068966 to repeatedly reinstall on Windows 11, version 25H2 systems. The update is rolling out via Windows Update and supersedes earlier hotpatches, so administrators should deploy KB5072753 instead of KB5068966 if they have not yet applied the November update. Microsoft said the reinstall behavior did not affect system functionality and was mainly noticeable in update-history timestamps.

Root Cause Analysis Lags, Undermining Incident Resilience

🔍 Post-incident learning often falls behind containment, with Foundry’s Security Priorities study reporting 57% of security leaders struggled to identify root causes last year. Experts warn that prioritizing firefighting over forensic investigation leaves organizations exposed to repeat breaches and that disciplined evidence preservation is essential. Centralized telemetry such as SIEM, and forensic-capable services like MDR and XDR, plus structured postmortems, are key to building long-term resilience.

Amazon Connect adds follow-up email replies for agents

📧 Amazon Connect Email now lets agents send follow-up replies to existing email contacts, enabling them to add information or continue assistance without opening a new thread. The feature preserves full conversation history so agents retain context and deliver consistent support. It is available in multiple AWS regions including US East (N. Virginia), US West (Oregon), Europe (Frankfurt, London), Canada (Central), several Asia Pacific locations, and Africa (Cape Town). Refer to documentation and pricing to get started.

Amazon Aurora DSQL Storage Limit Increased to 256 TiB

🔔 Amazon Web Services has raised the maximum storage limit for Aurora DSQL database clusters to 256 TiB, doubling the prior 128 TiB cap. This update enables customers to store and manage much larger datasets within a single cluster, simplifying data management for large-scale applications. Storage continues to auto-scale and customers pay only for used capacity; default clusters remain limited to 10 TiB and higher limits require a Service Quotas request.

Amazon SES Now Available in Malaysia and Canada West

📧 Amazon Simple Email Service (Amazon SES) is now available in the Asia Pacific (Malaysia) and Canada West (Calgary) AWS Regions. This expansion lets customers send marketing, notification, and transactional emails from local AWS infrastructure, helping reduce latency and address data sovereignty and residency needs. Amazon SES, a scalable and cost-effective cloud email service, is now offered across 29 AWS Regions worldwide.

Nvidia issues hotfix driver for Windows October update

🔧 Nvidia released the GeForce Hotfix Display Driver 581.94 to address gaming performance regressions reported after the October 2025 Windows update (KB5066835 [5561605]) affecting Windows 11 24H2 and 25H2 systems. The company notes this is a beta hotfix with an abbreviated QA cycle and is provided as-is to deliver targeted fixes more quickly. The driver is available from Nvidia Customer Care for Windows 10 x64 and Windows 11 x64 PCs.

Google Begins Showing Ads in AI Mode Answers Worldwide

🤖Google has begun showing ads in its AI mode, the company's answer-engine experience rather than a traditional search engine. AI mode has been available for about a year and is free to all, with Google One subscribers able to toggle advanced models such as Gemini 3 Pro. Until now Google avoided ads to keep the conversational experience compelling; the new placements are labeled “sponsored” and typically appear at the bottom of AI-generated answers rather than in the right-side citation area. This looks like an experiment or optimization to improve click-through rates while complying with ad disclosure rules.

Amazon RDS for Oracle SE2 License Included in Taipei

📢 Amazon RDS for Oracle now offers Oracle Database Standard Edition 2 (SE2) License Included on R7i and M7i instances in the Asia Pacific (Taipei) region. Launched Nov 21, 2025, these License Included instances remove the need to purchase separate Oracle Database licenses and are available through the AWS Management Console, AWS CLI, and SDKs. There are no separate license or support charges. Review the Rethink Oracle Standard Edition Two on Amazon RDS for Oracle blog and Amazon RDS pricing for cost and regional availability.

Enterprise Password and Secrets Management — Passwork 7

🔐 Passwork 7 consolidates enterprise password and secrets management into a single, self-hosted platform supporting both human and machine credentials. The release improves credential organization with new vault types, expands RBAC and group-based permissions, and enhances audit trails and notifications. It also provides a REST API, Python connector, CLI, and Docker image for automation, plus zero-knowledge encryption and SSO/LDAP integration to help meet compliance needs.

GenAI GRC: Moving Supply Chain Risk to the Boardroom

🔒 Chief information security officers face a new class of supply-chain risk driven by generative AI. Traditional GRC — quarterly questionnaires and compliance reports — now lags threats like shadow AI and model drift, which are invisible to periodic audits. The author recommends a GenAI-powered GRC: contextual intelligence, continuous monitoring via a digital trust ledger, and automated regulatory synthesis to convert technical exposure into board-ready resilience metrics.

Turning Threat Intelligence into Real Security Wins

🛡️ Modern SOCs drown in threat feeds; the problem is not data but converting it into repeatable decisions. The article lays out an operating model that makes CTI a business capability by centring work on Priority Intelligence Requirements (PIRs), engineering a single pipeline for collection, normalization and automated enrichment, and prioritizing behaviour‑first detections mapped to MITRE ATT&CK. It prescribes SOAR orchestration with human checkpoints, de‑duplication and scoring by relevance and visibility, and integration of intel into incident response and threat hunting. The result: measurable loss avoidance, reclaimed analyst capacity and executive reporting that drives concrete decisions.

Why Cyber Insurance Fails When Security Hygiene Is Poor

⚠️ Cyber insurance has become a boardroom staple, but it often creates a false sense of protection. Policies limit financial exposure but are not a blank check: insurers increasingly require documented controls and may reduce, delay, or deny claims when basic security hygiene—patching, access controls, logging, MFA, or incident readiness—is lacking. Relying on coverage without fixing these foundational failures leaves organizations exposed to financial, operational, and reputational harm.

SEC Drops Lawsuit Against SolarWinds After Years-long Probe

📰The U.S. Securities and Exchange Commission has voluntarily dismissed its lawsuit against SolarWinds and CISO Timothy G. Brown, filing a joint motion to dismiss on November 20, 2025. The October 2023 complaint alleged fraud, internal control failures, and misleading disclosures tied to the late-2020 supply-chain compromise attributed to APT29. Many allegations were rejected by the SDNY in July 2024 as relying on hindsight. SolarWinds' CEO said the company emerges stronger, more secure, and better prepared.

Unauthorized AI Use by STEM Professionals in Germany

⚠️A representative YouGov survey commissioned by recruitment firm SThree found that 77% of STEM professionals in Germany use AI tools at work without approval from IT or management. Commonly used services include ChatGPT, Google Gemini and Perplexity. Experts warn this shadow IT practice can lead to GDPR breaches, inadvertent disclosure of sensitive customer or internal data and the risk that providers will retain and reuse submitted content for training. In Germany, 23% report daily use, 29% weekly and 12% monthly; respondents cite efficiency gains and technical curiosity as primary drivers.

CrowdStrike Insider Shared Screenshots with Hackers

🔒 CrowdStrike confirmed that an insider shared screenshots taken on internal systems with external threat actors but stressed that its systems were not breached and customer data remained protected. The company said it identified and terminated the suspicious employee after an internal investigation and has referred the matter to law enforcement. CrowdStrike declined to name the responsible group or the insider's motives, while screenshots surfaced on Telegram attributed to several extortion-focused collectives.

Differentiating NDR, EDR and XDR for Threat Response

🔍 This article explains key differences between NDR, EDR and XDR and why a combined approach strengthens defense. EDR monitors endpoints using agents to detect local anomalies and malware but can leave visibility gaps where agents cannot be deployed or are bypassed. NDR analyzes packet-level traffic in real time and provides retrospective forensics to trace lateral movement and assess breaches. XDR is a strategy unifying telemetry from multiple tools, but without network context it can create blind spots.

Rewiring Democracy: Sales, Reviews, and Upcoming Events

📘 It’s been a month since Rewiring Democracy was published and sales are reported to be good; six Amazon reviews to date means the authors are asking readers to post more. Several chapters (2, 12, 28, 34, 38, and 41) are available online. The authors have been doing numerous live and podcast events, including a noted session with Danielle Allen at the Harvard Kennedy School Ash Center. Two in-person appearances are planned in December (MIT Museum on 12/1; Munk School on 12/2), and a live AMA will be hosted on the RSA Conference website on 12/16.