Governed AI Rolls Out as Edge Authentication and Exploits Surge

Anthropic Claude Opus 4.5 Now Available on Vertex AI

🚀 Anthropic's Claude Opus 4.5 is now generally available on Vertex AI, delivering frontier performance for coding, agents, vision, and office automation at roughly one-third the cost of Opus 4.1. The model introduces advanced agentic tool use—programmatic tool calling (including direct Python execution) and dynamic tool search—plus expanded memory and a 1M-token context window to support long, multi-step tasks. On Vertex AI, Opus 4.5 is offered as a Model-as-a-Service on Google's high-performance infrastructure with prompt caching, efficient batch predictions, provisioned throughput, and enterprise-grade controls for deployment. Organizations can leverage the Agent Builder stack (ADK, A2A, and Agent Engine) and Google Cloud security controls, including Model Armor and Security Command Center protections, to accelerate production agents while managing cost and risk.

Amazon Quick Suite Embedded Chat Now Generally Available

💬 AWS announced general availability of Amazon Quick Suite Embedded Chat, a ready-made conversational AI you can embed into applications via one-click embedding or API-based iframes. The agent unifies structured data and unstructured knowledge in a single conversation so users can reference KPIs, pull file details, check customer feedback, and trigger actions without leaving the app. Connectors include SharePoint, websites, Slack, and Jira, and enterprises retain control over data access and action scopes. Embedded Chat is available in select Regions with no additional charge beyond existing Quick Suite pricing.

Anthropic Claude Opus 4.5 Now Available in Amazon Bedrock

🚀 Anthropic's Claude Opus 4.5 is now available through Amazon Bedrock, giving Bedrock customers access to a high-performance foundation model at roughly one-third the prior cost. Opus 4.5 advances professional software engineering, agentic workflows, multilingual coding, and complex visual interpretation while supporting production-grade agent deployments. Bedrock adds two API features — tool search and tool use examples — plus a beta effort parameter to balance reasoning, tool calls, latency, and cost. The model is offered via global cross-region inference in multiple AWS regions.

Claude Opus 4.5 Brings Agentic AI to Microsoft Foundry

🚀 Claude Opus 4.5 is now available in public preview in Microsoft Foundry, aiming to shift models from assistants to agentic collaborators that execute multi-tool workflows and support complex engineering tasks. Anthropic and Microsoft highlight Opus 4.5’s strengthened coding, vision, and reasoning capabilities alongside improved safety and prompt-injection robustness. Foundry adds developer features like Programmatic Tool Calling, Tool Search, Effort Parameter (Beta), and Compaction Control to help teams build deterministic, long-running agents while keeping centralized governance and observability.

Amazon Aurora PostgreSQL Adds Dynamic Data Masking

🔒 Amazon Aurora PostgreSQL-Compatible Edition now supports dynamic data masking using the new pg_columnmask extension, enabling column-level protection at query time. The extension complements PostgreSQL row-level security and column grants by letting administrators define SQL-based masking policies that alter how data appears to users without changing stored values. Policies can use built-in or user-defined functions to hide, partially mask, or transform data, and multiple policies can be applied with weighted precedence. pg_columnmask protects results across WHERE, JOIN, ORDER BY, and GROUP BY clauses and is available for Aurora PostgreSQL 16.10+ and 17.6+ in all regions.

SageMaker HyperPod Adds NVIDIA MIG GPU Partitioning

🚀 Amazon SageMaker HyperPod now supports NVIDIA Multi-Instance GPU (MIG), enabling administrators to partition a single GPU into multiple isolated devices to run simultaneous small generative AI tasks. Administrators can use an easy console configuration or a custom setup for fine-grained hardware isolation, allocate compute quotas across teams, and monitor real-time performance per partition via a utilization dashboard. Available on HyperPod clusters using the EKS orchestrator in multiple AWS Regions, this capability reduces wait times by letting data scientists run lightweight inference and interactive notebooks in parallel without consuming full GPU capacity.

Superbox Android TV Boxes Found Relaying Malicious Traffic

⚠️ Superbox media streaming boxes sold through retailers like BestBuy and Walmart have been found running intrusive, unofficial apps that can enlist buyers' Internet connections into distributed residential proxy networks and botnets. Censys researchers observed devices phoning home to Tencent QQ and a proxy service called Grass IO, and installing tools such as tcpdump and netcat while performing DNS hijacking and ARP spoofing. The boxes require removing Google Play and installing a third-party app store, increasing the risk of unauthorized relays, advertising fraud, and account takeovers. Consumers are advised to avoid uncertified Android TV devices and follow FBI and EFF guidance on suspicious app marketplaces.

Amazon CloudFront Adds mutual TLS Authentication Now

🔒 Amazon CloudFront now supports mutual TLS (mTLS), enabling both server and client authentication with X.509 certificates at AWS edge locations. Customers can require trusted client certificates to access distributions, reducing unauthorized access to APIs and applications. Typical uses include secure B2B API integrations and IoT device authentication. mTLS is available at no additional cost and configurable via Console, CLI, SDK, CDK, and CloudFormation.

Amazon Redshift Adds Federated Permissions for Warehouses

🔐 Amazon Redshift now supports federated permissions to centralize and enforce data access policies across multiple Redshift warehouses, reducing governance overhead for multi-warehouse deployments. Registered warehouses are auto-mounted account-wide and can be queried using existing workforce identities via AWS IAM Identity Center or IAM roles. Row-level, column-level, and masking controls are applied automatically, ensuring consistent fine-grained access control regardless of query location.

AWS launches U7i-6tb EC2 high-memory instances in Jakarta

🚀 Amazon EC2 High Memory U7i instances (u7i-6tb.112xlarge) are now available in Asia Pacific (Jakarta), offering 6TB of DDR5 memory and 448 vCPUs powered by custom Intel Sapphire Rapids processors. The instances support up to 100Gbps for EBS and networking and include ENA Express for lower-latency, consistent network performance. They are positioned for mission-critical in-memory databases such as SAP HANA, Oracle, and SQL Server, enabling higher transaction throughput and faster data loading and backups.

Amazon OpenSearch Service: OpenSearch 3.3 Now Available

📢 Amazon OpenSearch Service now supports OpenSearch 3.3, introducing search performance, observability, and agentic AI integration improvements. Vector search enhancements include agentic search for natural-language queries without complex DSLs, batch processing for the semantic highlighter to lower latency and improve GPU utilization, and optimizations in the Neural Search plugin. The release also makes Apache Calcite the default query engine for PPL, adds a broader PPL command library, and improves the approximation framework for more responsive pagination and dashboards. A new workload management plugin enables grouping of search traffic and tenant-level network isolation to prevent resource overuse.

WAF Payload Logging Improvements for Cloudflare Customers

🔍 Cloudflare describes enhancements to its Web Application Firewall (WAF) payload logging, which now records specific request fields and post-transformation values that triggered a rule. The feature disambiguates which branch of a rule evaluated true, logs partial matches with contextual slices, and reduces the amount of data written for large fields. Cloudflare also optimized regex compilation and memory usage, shrank median log sizes, and plans further work on binary formats and expanded WAF coverage.

Second Sha1-Hulud npm Wave Hits 25,000+ Repositories

⚠ Multiple security vendors report a second Sha1-Hulud campaign that has trojanized hundreds of npm packages and affected over 25,000 repositories. The attack leverages a preinstall script ("setup_bun.js") to install or locate the Bun runtime and execute a bundled payload ("bun_environment.js") that harvests credentials. The malware registers hosts as self-hosted GitHub runners named "SHA1HULUD", drops a vulnerable workflow (.github/workflows/discussion.yaml) to run arbitrary commands via repository discussions, exfiltrates secrets as artifacts, and then removes traces; when exfiltration fails it can attempt destructive wiping of the user home directory.

CISA Adds Critical Oracle Identity Manager RCE to KEV

🔴 Oracle Identity Manager is affected by a critical unauthenticated remote code execution flaw, CVE-2025-61757, impacting versions 12.2.1.4.0 and 14.1.2.1.0. Disclosed by Searchlight Cyber on 20 November and reported by Oracle on 21 November, the bug was added to the CISA KEV catalog the same day. The issue resides in the REST WebServices component and carries a CVSS score of 9.8, enabling HTTP access to execute arbitrary code and potentially allowing full takeover. CISA urges immediate patching or isolation of affected services from the public internet.

Fortinet, Chrome 0-days and Supply-Chain Attacks Recap

⚠️ This week’s recap spotlights multiple actively exploited vulnerabilities, supply‑chain compromises, and a record cloud DDoS that forced rapid vendor responses. Fortinet disclosed a FortiWeb OS command injection (CVE-2025-58034) that was observed chained with a recent critical fix, raising concerns about silent patching and disclosure timing. Google patched an actively exploited Chrome V8 0‑day (CVE-2025-13223), and attackers continued to abuse browser notifications, malicious updates, and SaaS integrations to phish and persist. The incidents underscore urgent priorities: patch quickly, scrutinize integrations, and strengthen monitoring and response.

Fluent Bit Vulnerabilities Threaten Cloud and Kubernetes

⚠️ Researchers disclosed five vulnerabilities in Fluent Bit, the open-source telemetry agent, that can be chained to bypass authentication, write or overwrite files, execute code, corrupt logs, and cause denial-of-service conditions. CERT/CC noted many issues require network access, and fixes were released in Fluent Bit 4.1.1 and 4.0.12 with AWS participating in coordinated disclosure. Operators are urged to update immediately and apply mitigations such as avoiding dynamic tags, mounting configs read-only, and running the agent as a non-root user.

Shai-Hulud Malware Hits Hundreds of npm Packages, Leaks Secrets

⚠️ Hundreds of trojanized versions of popular npm packages — including toolkits linked to Zapier, ENS Domains, PostHog and others — have been published in a renewed Shai‑Hulud supply‑chain campaign designed to steal developer and CI/CD secrets. The malware runs during pre‑install, collects credentials into files like cloud.json and environment.json, and posts encoded data to quickly created GitHub repositories. Researchers at Aikido Security, Wiz and Step Security identified obfuscated payloads in setup_bun.js and a large, heavily obfuscated bun_environment.js dropper.

Pre-auth RCE in Oracle Identity Manager Forces Patching

⚠️ The Cybersecurity and Infrastructure Security Agency (CISA) added a critical pre-authenticated remote code execution flaw in Oracle Identity Manager (CVE-2025-61757) to its Known Exploited Vulnerabilities catalog after active exploitation was observed. Searchlight Cyber reported that a flawed authentication filter combined with matrix/query parameters lets attackers bypass auth and reach a Groovy compile endpoint, enabling RCE through compile-time annotation processing. Oracle fixed the issue in its October 2025 Critical Patch Update; federal agencies must remediate by December 12, 2025.

ShadowPad Delivered via WSUS Exploits CVE-2025-59287

🛡️ A recently patched WSUS deserialization flaw, CVE-2025-59287, has been weaponized to install the ShadowPad backdoor on Windows servers. AhnLab's ASEC reports attackers used PowerCat to spawn a CMD shell and then leveraged certutil and curl to retrieve payloads from 149.28.78.189:42306. ShadowPad was deployed via DLL side-loading of ETDApix.dll by ETDCtrlHelper.exe and runs as an in-memory loader with plugin support, anti-detection, and persistence.

Critical Fluent Bit Vulnerabilities Expose Telemetry Risk

⚠️ Fluent Bit, a widely deployed telemetry agent, has multiple critical vulnerabilities disclosed by Oligo Security affecting inputs, tag processing and output handling. Patches are available in Fluent Bit v4.1.1 and v4.0.12 released in early October 2025; older releases remain at risk. Operators are advised to update immediately, avoid dynamic tags, lock down output file parameters, run with least privilege and mount configuration directories read-only to reduce exposure.

SitusAMC Data Breach Exposes Client and Customer Data

🔒 SitusAMC, a major real-estate finance services firm that supports banks and lenders, disclosed a November data breach that compromised some client and customer information. The company says business operations remain unaffected and investigators found no evidence of encrypting ransomware. External experts have been retained, and affected clients and residential customers are being notified directly as the scope is determined.

StealC V2 Spread Through Malicious Blender .blend Files

🛠️ Morphisec researchers have uncovered a six-month campaign embedding StealC V2 inside weaponized Blender .blend files distributed via marketplaces such as CGTrader. When opened with Blender's Auto Run enabled, concealed Python scripts fetch loaders from workers.dev domains and initiate a multistage infection that deploys PowerShell components and Python-based stealers. The malware establishes persistence with LNK files and communicates with Pyramid-linked C2 servers to retrieve encrypted payloads. Morphisec says its deception-based protection thwarts credential theft by injecting decoy credentials and terminating processes before exfiltration.

Commercial Spyware Targets Mobile Messaging Users Worldwide

📱 CISA warns that multiple cyber threat actors are actively using commercial spyware to target users of mobile messaging applications. These actors employ phishing, malicious device-linking QR codes, zero-click exploits, and impersonation of platforms such as Signal and WhatsApp to gain unauthorized access and deploy additional malicious payloads. CISA urges users to review updated mobile communications guidance and mitigations to reduce spyware risk.

DeepSeek-R1 Generates Less Secure Code for China-Sensitive Prompts

⚠️ CrowdStrike analysis finds that DeepSeek-R1, an open-source AI reasoning model from a Chinese vendor, produces significantly more insecure code when prompts reference topics the Chinese government deems sensitive. Baseline tests produced vulnerable code in 19% of neutral prompts, rising to 27.2% for Tibet-linked scenarios. Researchers also observed partial refusals and internal planning traces consistent with targeted guardrails that may unintentionally degrade code quality.

Major US Banks Assess Impact of SitusAMC Data Breach

🔒 Major US banks including JPMorgan Chase, Citi and Morgan Stanley are assessing potential customer data exposure after third-party mortgage servicer SitusAMC disclosed a breach discovered on Nov. 12 and confirmed on Nov. 22. SitusAMC says corporate records and 'certain data' related to clients' customers may have been accessed; the company reports services remain operational and the incident is contained. The FBI is investigating, has found no operational impact to banking services so far, and the company has implemented credential resets, disabled remote access tools, updated firewall rules and engaged third-party advisors while forensic analysis continues.

Blender model files used to deliver StealC infostealer

⚠️ Researchers at Morphisec observed a Russian-linked campaign using malicious Blender .blend files uploaded to 3D model marketplaces to deliver the StealC V2 infostealer. The embedded Python in the .blend fetches a loader from a Cloudflare Workers domain, which runs a PowerShell script to download two ZIP archives, unpack them into %TEMP%, drop LNK shortcuts into the Startup folder for persistence, and deploy both the StealC payload and an auxiliary Python stealer. Users are advised to disable Blender's Auto Run for Python scripts and treat downloaded 3D assets like executables, testing unknown files in sandboxed environments.

ClickFix Uses Fake Windows Update to Deliver Malware

🔒 Researchers warn of ClickFix attack variants that display a realistic full‑screen fake Windows Update animation in the browser to trick users into pasting commands that execute malware. Operators use steganography to hide AES‑encrypted shellcode inside PNG pixel data and leverage mshta, PowerShell, and a .NET Stego Loader to reconstruct and run payloads. Huntress observed delivery of LummaC2 and Rhadamanthys info stealers and a dynamic evasion ctrampoline technique to hinder analysis. A law enforcement takedown in November disrupted payload delivery on some fake update domains.

Harvard Alumni Systems Breached in Voice Phishing Attack

📞Harvard University disclosed that systems used by Alumni Affairs and Development were accessed in a phone‑based phishing attack discovered on November 18, 2025. Exposed information includes email addresses, phone numbers, home and business addresses, event attendance records, donation details, and biographical data for alumni, donors, some students, faculty and staff. The university stated the compromised systems did not contain Social Security numbers, passwords, payment card data, or financial account information. Harvard sent notifications on November 22 and is working with law enforcement and third‑party cybersecurity experts to investigate and remediate the incident.

Iberia Alerts Customers After Supplier-Related Data Breach

⚠️ Iberia has notified customers that personal data was exposed after unauthorized access to a supplier's systems, potentially including names, email addresses and Iberia Club loyalty numbers. The carrier says no login credentials or payment card details were taken and that it has implemented additional verification checks and mitigation measures. Customers are urged to watch for phishing and suspicious communications. The airline is investigating and has informed authorities.

Operation Endgame 3.0 Disrupts Rhadamanthys Infostealer

🔒Operation Endgame 3.0, coordinated by Europol with over 30 national and private partners, dismantled more than 1,000 servers and seized 20 domains tied to the Rhadamanthys infostealer, VenomRAT and the Elysium botnet. Authorities say the disrupted infrastructure harboured hundreds of thousands of infected computers and millions of stolen credentials, with the Rhadamanthys operator allegedly accessing over 100,000 crypto wallets. The action included 11 searches and at least one arrest; users are advised to check accounts via national breach-check services or HaveIBeenPwned and to maintain strong defences as criminals can rebuild.

AWS Lambda adds customizable error handling for Kafka

🔁 AWS Lambda now offers enhanced error handling for Amazon Managed Streaming for Apache Kafka (MSK) and self-managed Kafka event sources, enabling developers to define custom retry configurations and route failed messages to a Kafka topic as an on-failure destination. The update extends Kafka event source mapping (ESM) in Provisioned mode to support retry limits, time-bound retry windows, automatic discards of exceeded records, and per-message failure reporting to optimize retries. Configure these settings via the ESM API, AWS Console, or AWS CLI.

AWS MediaTailor Adds HLS Interstitials for Live Streams

🎥 AWS Elemental MediaTailor now supports HLS Interstitials for live streams, enabling broadcasters and streaming services to insert interstitial ads using the HLS Interstitials specification. MediaTailor generates necessary metadata tags (EXT-X-DATERANGE with X-ASSET-LIST) for compatible players such as HLS.js, Shaka, Bitmovin and Apple devices, removing the need for custom client stitching. The capability integrates with MediaTailor's server-side ad insertion for frame-accurate, buffer-free transitions and preserves server-side beaconing for measurement. It supports pre-roll and mid-roll, can be toggled per playback session via a manifest query parameter, and is available in all Regions where MediaTailor operates on a pay-as-you-go basis.

Amazon Connect flow modules: custom IO and versioning

🧩 Amazon Connect flow modules now support custom inputs, outputs and branching logic, plus advanced versioning and alias management. You can define flexible parameters for reusable modules—for example, an authentication module that accepts a phone number and PIN and returns customer name and authentication status with branches like authenticated or not authenticated. Immutable version snapshots and alias mapping let teams update module implementations while flows referencing an alias automatically use the new version, simplifying maintenance and reuse.

Amazon MSK Replicator Now in Five Additional Regions

🔁 Amazon has expanded availability of Amazon MSK Replicator, allowing customers to replicate streaming data across Amazon MSK clusters in five more AWS Regions: Asia Pacific (Thailand), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary), and Europe (Spain). MSK Replicator offers automatic asynchronous replication, auto-scales underlying resources on demand, and replicates Kafka metadata such as topic configurations, ACLs, and consumer group offsets. You can configure replication from the Amazon MSK console or the AWS CLI.

AWS Glue: Catalog Federation for Remote Iceberg Catalogs

🔗 AWS announces general availability of AWS Glue catalog federation for remote Apache Iceberg catalogs. The feature enables analytics engines to query Iceberg tables stored in Amazon S3 and cataloged remotely without moving or copying data, with real-time metadata synchronization to the AWS Glue Data Catalog. It leverages AWS Lake Formation for fine-grained access controls and supports the Iceberg REST specifications; federation is available in the Lake Formation console and via SDKs/APIs.

Windows 11 24H2 Bug Crashes Explorer and Start Menu

⚠️ Microsoft confirmed a Windows 11, version 24H2 bug in cumulative updates released since July 2025 that causes XAML dependency packages not to register in time, leading Explorer, StartMenuExperienceHost, ShellHost.exe and other shell components to crash or fail to initialize. Microsoft provided three PowerShell Add-AppxPackage commands as a temporary workaround and says a restart is required after running them. Organizations using non-persistent VDI should run a logon script to provision the packages before Explorer launches; a permanent fix is in development with no timeline.

Amazon SageMaker HyperPod Adds Spot Instance Support

⚡ Amazon SageMaker HyperPod now supports Spot Instances, enabling customers to reduce GPU compute costs by up to 90% compared with on-demand instances. The integration is available on HyperPod EKS clusters and works with Karpenter for intelligent autoscaling, automatic Spot capacity discovery, and interruption handling. You can enable Spot when creating instance groups via the CreateCluster API or the AWS Console, and the feature supports all HyperPod instance types across available regions.

AWS IoT Core: Retrieve Thing Registry Data via Rules

🔧 AWS IoT Core now supports dynamic retrieval of thing registry data directly within IoT rules using the new get_registry_data() inline rule function. You can access device attributes, device type, and group membership to filter, enrich, and route messages — for example, routing lifecycle events or enriching gateway messages with sensor thresholds. The feature is available in all AWS regions where AWS IoT Core is present and can be used immediately via the IoT developer guide and API.

AWS OpenSearch Service adds PPL and natural language

🔍 Amazon OpenSearch Service now makes Piped Processing Language (PPL) and natural language the default experience in the OpenSearch UI Observability workspace. The release introduces 35+ new commands for deep analysis, faceted exploration, and natural-language querying, and integrates OpenTelemetry ingestion pipelines to simplify onboarding. Users can run enterprise-grade queries, correlate events, and move directly from query to visualization to reduce mean time to detect and resolve issues.

Ransomware Targets AWS S3 via Cloud Key Abuse Tactics

🔐 A Trend Micro report warns that ransomware groups are shifting from on-premises targets to cloud object storage, particularly AWS S3, by abusing integrated encryption and key management. Attackers probe configurations from AWS-managed KMS keys to customer-provided and external key stores to encrypt or irreversibly lock data. The report urges hardening S3 settings, enforcing least privilege, enabling versioning and Object Lock, and isolating backups.

Amazon EC2 Introduces Interruptible Capacity Reservations

🔁 Amazon EC2 now offers interruptible On‑Demand Capacity Reservations (ODCRs), allowing reservation owners to temporarily make unused reserved capacity available to other internal workloads while retaining the ability to reclaim it. Consumers using interruptible ODCRs receive an interruption notice to allow graceful shutdown or checkpointing. The capability targets flexible, fault‑tolerant tasks such as batch processing, data analysis, and machine learning training, is available at no additional cost, and CloudFormation support is coming soon.

GhostAd: Hidden Google Play Adware Draining Devices

🔍 Check Point's Harmony Mobile Detection Team discovered a broad Android adware campaign on Google Play that operated as a persistent background advertising engine. Masquerading as benign utilities and emoji editors, the apps continued running after closure or reboot, quietly consuming battery and mobile data. The campaign, dubbed GhostAd, comprised at least 15 related apps, with five still available at discovery.

Microsoft to Remove WINS Support After Windows Server 2025

⚠️ Microsoft announced that WINS support will be removed from Windows Server releases after Windows Server 2025, with standard support for that final LTSC build continuing through November 2034. The legacy NetBIOS name registration and resolution service was deprecated in Windows Server 2022. Microsoft said WINS components, management snap-ins and automation APIs will be removed, and urged administrators to audit dependencies and migrate to DNS-based solutions to avoid disruptions.

CloudFront BYOIP for Anycast Static IPs via VPC IPAM

🌐 Amazon CloudFront now supports bringing your own IP addresses (BYOIP) for Anycast Static IPs through VPC IP Address Manager (IPAM). Network teams can register and manage public IPv4 address pools in IPAM and assign dedicated Anycast Static IP lists to CloudFront distributions, preserving existing allow-lists and avoiding changes to application address space. The capability simplifies IP address management across AWS's global edge network and improves partner reachability and security. It is available in all commercial AWS Regions except AWS GovCloud (US) and the China regions.

What Keeps CISOs Awake - Zurich's Approach to Resilience

😴 At the Global Cyber Conference 2025 in Zurich, CISOs openly confronted a profession-wide exhaustion tied to escalating cyber risk. Tim Brown distilled the anxiety into five core threats: shrinking exploit windows, persistent adversaries, third-party risk, an AI arms race, and staff burnout. The Swiss Cyber Institute's vendor-free format created a trust-based forum where peers share IOCs, run joint table-tops and adopt risk-based patching and UEBA to speed response and restore resilience.

Invisible Battles: Cybersecurity's Toll on Mental Health

🛡️ Cybersecurity work creates a relentless, always-on pressure that erodes mental health, driving sleep loss, anxiety and burnout. The piece outlines how constant alerts, moral responsibility for failures and siloed teams amplify errors and organizational risk. It calls for concrete changes—from individual boundaries and therapy to organizational psychological safety—and industry shifts such as integrating wellness into ISO and NIST frameworks.

Why MDR Is the Essential Cybersecurity Service Now

🔧 Modern cyberdefense has outgrown simple antivirus and generalist IT skills. MDR combines advanced detection technologies with continuous human expertise to detect, triage, and remediate threats faster than most in‑house teams can. It delivers enterprise-grade visibility and rapid response at scale, closing skills and detection gaps while letting IT focus on business priorities. Adopting MDR is increasingly a strategic imperative for organisations of all sizes.

CISOs' Greatest Risk: Functional Leaders Quitting Now

⚠️ Functional security leaders are increasingly disengaging due to heavy workloads, limited autonomy, and stalled career progression, creating a direct resilience risk for CISOs and the broader enterprise. The piece cites ISACA data showing rising stress and widespread understaffing and includes perspectives from Carole Lee Hobson, Brandyn Fisher, and Monika Malik. Recommended actions include clear promotion rubrics and executive sponsorship, consolidated tooling with a quarterly kill-switch, and metrics tied to prevention and risk contribution.

Microsoft Tests File Explorer Preloading for Speed

⚡ Microsoft is testing an optional background preload for File Explorer on Windows 11 to reduce launch times and improve responsiveness. When enabled, the app loads automatically with no visible UI change; users can disable it by unchecking "Enable window preloading for faster launch times" in File Explorer's Folder Options under the View tab. The feature is rolling out to Windows Insiders on 25H2 in the Dev and Beta channels with preview build 26220.7271 (KB5070307). Microsoft also reorganized File Explorer's context menu into grouped flyouts to reduce clutter and has requested feedback via the Feedback Hub.

IACR Election Nullified After Trustee Loses Decryption Key

🔐 The International Association of Cryptologic Research (IACR) nullified its 2025 online election after trustee Moti Yung irretrievably lost his private decryption key. The election used the Helios voting system with a strict 3-of-3 trustee decryption scheme, so the missing key meant the system could not compute the final decryption shares or verify the outcome. The loss was an honest human error; the IACR will rerun the vote under a 2-of-3 threshold to permit recovery, and the incident was reported by outlets including Ars Technica and The New York Times.

UK Launches World’s First Military Esports Tournament

🎮 The UK government has launched the International Defence Esports Games (IDEG), touted as the world’s first military esports tournament, involving personnel from 40 allied nations. The three-day event at the National Gaming and Esports Arena in Sunderland on 9–11 October 2026 will combine live-streamed competitive matches with summits on cybersecurity, AI and drone operations. Officials say IDEG will sharpen cyber and digital skills, improve rapid decision-making and build allied partnerships.

CSO Hall of Fame Announces 2025 Honorees and Nominations

🏆 Hall of Fame award nominations are officially open, with a deadline of December 3. The CSO Hall of Fame, now in its eighth year, recognizes seasoned security leaders (10+ years in CSO, CISO or comparable roles) for lifetime contributions that have shaped information risk management. Inductees will be honored at the CSO Conference + Awards May 11–13, 2026 in Nashville, TN, where attendees can network across topics from AI to zero trust.

SCCM and WSUS in Hybrid Environments: Adopt Cloud Patching

☁️ Legacy Windows patching tools like SCCM and WSUS are struggling to meet the needs of distributed workforces because they depend on LAN or VPN check‑ins. The piece highlights WSUS deprecation and frequent synchronization, database, and re‑indexing failures that stall remediation. Cloud‑native, SaaS patch management (for example, Action1) allows endpoints to check in securely over the internet, use global delivery networks, and deliver faster, more consistent compliance without on‑prem infrastructure.