Critical React RCE Spurs WAF Shields; AWS Boosts AI Customization

Critical RSC Deserialization Flaw in React and Next.js

🚨 A maximum-severity remote code execution vulnerability in React Server Components (CVE-2025-55182, CVSS 10.0) allows unauthenticated attackers to execute arbitrary JavaScript by sending crafted payloads to Server Function endpoints. Affected npm packages include react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack in specific 19.x releases; fixes are available in 19.0.1, 19.1.2, and 19.2.1. The issue also impacts Next.js (CVE-2025-66478, CVSS 10.0) across multiple releases and has been patched in a series of 15.x and 16.x updates. Security firm Wiz reports roughly 39% of cloud environments host vulnerable instances; apply patches immediately.

Google Cloud guidance on CVE-2025-55182 for React/Next.js

🔒 Meta and Vercel disclosed a critical remote code execution vulnerability in React Server Components (CVE-2025-55182) that also affected some Next.js releases. Google Cloud rolled out a preconfigured Cloud Armor WAF rule (cve-canary), is enforcing protections for Firebase Hosting, and recommends testing the rule in preview while enabling ALB request logging to consume telemetry. Customers should promptly update dependencies to React 19.2.1 and the patched Next.js releases and redeploy services to remove the vulnerability.

AWS SageMaker AI adds serverless model customization

🚀 Amazon SageMaker AI now offers a serverless model customization capability that lets developers quickly fine-tune popular models using supervised learning, reinforcement learning, and direct preference optimization. The fully managed, end-to-end workflow simplifies data preparation, synthetic data generation, training, evaluation, and deployment through an easy-to-use interface. Supported base models include Amazon Nova, Llama, Qwen, DeepSeek, and GPT-OSS. The AI agent-guided workflow is in preview with regional availability and a waitlist.

Amazon Bedrock Adds Reinforcement Fine‑Tuning for Models

🔧 Amazon Bedrock now supports reinforcement fine-tuning, enabling developers to improve model accuracy without deep ML expertise or large labeled datasets. The service automates the reinforcement fine-tuning workflow and trains models by learning from feedback on multiple candidate responses, improving model judgment about what makes a good reply. AWS reports an average 66% accuracy gain over base models, allowing teams to deploy smaller, faster, and more cost-effective variants while maintaining quality. At launch the feature supports Amazon Nova 2 Lite, and it can be accessed via the Bedrock console or APIs.

Cloudflare WAF Blocks Critical React Server Components RCE

🛡️ Cloudflare has deployed new WAF protections to mitigate a high‑severity RCE in React Server Components (CVE-2025-55182). All customers whose React traffic is proxied through the Cloudflare WAF are automatically protected — the rules are included in both the Free Managed Ruleset and the standard Managed Ruleset and default to Block. Rule IDs: Managed Ruleset 33aa8a8a948b48b28d40450c5fb92fba and Free Ruleset 2b5d06e34a814a889bee9a0699702280; Cloudflare Workers are immune. Customers on paid plans should verify Managed Rules are enabled and update to React 19.2.1 and the recommended Next.js releases (16.0.7, 15.5.7, 15.4.8).

Automated Metadata Generation in Google Data Cloud

🧭 Google announces generally available automated metadata generation in the Google Data Cloud, using Dataplex Universal Catalog and Gemini to convert profiling and schema context into human-readable table and column descriptions. The capability integrates with BigQuery, stores generated descriptions for search and governance, and is accessible via an API. It aims to reduce "metadata debt," accelerate time-to-insight, and provide reliable grounding for AI agents, while still encouraging human review for key business definitions.

Azure expands local and hybrid options for AI and control

🔒 Microsoft is expanding Azure with on‑premises, edge, and hybrid options to deliver AI, resilience, and operational sovereignty. Azure Local provides integrated compute, storage, and networking on customer premises with GA features like Microsoft 365 Local and NVIDIA Blackwell GPUs, plus previews for disconnected operations and multi‑rack scale. Coupled with Azure IoT, Microsoft Fabric, and Azure Arc management enhancements, the updates enable near‑real‑time analytics, secure device identity, and a unified control plane for distributed estates. The goal is to accelerate AI and analytics while preserving data residency, continuity, and compliance for regulated or mission‑critical environments.

Cloudflare Q3 2025 DDoS Threat Report: Aisuru Peaks

📈 The 23rd edition of Cloudflare’s Quarterly DDoS Threat Report reviews Q3 2025 data and spotlights the unprecedented Aisuru botnet, estimated at 1–4 million infected hosts. Aisuru launched routine hyper-volumetric attacks exceeding 1 Tbps and 1 Bpps, peaking at 29.7 Tbps and 14.1 Bpps, while Cloudflare mitigated 8.3 million DDoS events in the quarter. Network-layer attacks dominated the mix, and the report warns that short, high-volume strikes often outpace manual defenses, underscoring the need for global, automated mitigation.

TypeScript Preview and Updates for Strands Agents on AWS

🚀 AWS has announced TypeScript support in preview for the Strands Agents SDK, giving developers a choice between Python and TypeScript for building model-driven AI agents. The TypeScript implementation provides idiomatic, type-safe APIs with async/await and modern JavaScript/TypeScript patterns, and is designed to run in browsers, client applications, and server runtimes such as AWS Lambda and Bedrock AgentCore. AWS also introduced three SDK updates: edge device support is now GA, Strands steering is available experimentally, and Strands evaluations is in preview to help validate agent behavior.

Android expands in-call scam protection to banks and fintech

🔒 Android is expanding its pilot for in-call scam protection that detects when users launch participating financial apps while screen sharing during calls from unsaved numbers. The feature warns users, offers a one-tap end-call and stop-sharing option, and enforces a 30-second pause to disrupt social engineering. After UK success and pilots in Brazil and India, Google is rolling pilots with US fintechs including Cash App and banks like JPMorganChase.

Amazon SageMaker HyperPod Adds Checkpointless Training

🚀 Amazon SageMaker HyperPod now supports checkpointless training, a foundational capability that eliminates the need for checkpoint-based, job-level restarts for distributed model training. Checkpointless training preserves forward training state across the cluster, automatically swaps out failed nodes, and uses peer-to-peer state transfer to resume progress, reducing recovery time from hours to minutes. The feature can deliver up to 95% training goodput at very large scale, is available in all Regions where HyperPod runs, and can be enabled with zero code changes for popular recipes or with minimal PyTorch modifications for custom models.

Aisuru botnet behind record 29.7 Tbps DDoS attack impact

⚠️ In three months the Aisuru botnet has been linked to more than 1,300 DDoS attacks, including a record peak of 29.7 Tbps in Q3 2025 that Cloudflare mitigated. The botnet, offered as a rental service, leverages an estimated 1–4 million compromised routers and IoT devices exploited via known vulnerabilities and weak credentials. The record incident lasted 69 seconds and used UDP carpet‑bombing across roughly 15,000 destination ports per second; Cloudflare reports a sharp rise in hyper‑volumetric attacks that can disrupt ISPs and critical services.

Amazon SageMaker HyperPod Adds Elastic Training at Scale

⚡ Amazon SageMaker HyperPod now supports elastic training, automatically scaling distributed training jobs to absorb idle accelerators and contract when higher‑priority workloads require resources. This eliminates the manual cycle of halting jobs, reconfiguring parameters, and restarting distributed training, which previously demanded specialized engineering time. Organizations can start training with minimal resources and grow opportunistically, improving cluster utilization and reducing costs. Elastic training can be enabled with zero code changes for public models like Llama and GPT OSS, and requires only lightweight configuration updates for custom architectures.

Microsoft Quietly Patches Long-Exploited Windows LNK Bug

🔒 Microsoft has quietly fixed CVE-2025-9491, a Windows Shortcut (.LNK) UI misinterpretation flaw that enabled remote code execution and has been abused since 2017 by multiple state-affiliated and criminal groups. The change, deployed in November 2025, forces the Properties dialog to display the full Target command string regardless of length, removing the truncation that hid malicious arguments. Vendors including 0patch and ACROS Security noted alternative mitigations — a UI change by Microsoft and a warning-based micropatch — that together reduce user exposure.

RCE Flaw in OpenAI's Codex CLI Elevates Dev Risks Globally

⚠️Researchers from CheckPoint disclosed a critical remote code execution vulnerability in OpenAI's Codex CLI that allowed project-local .env files to redirect the CODEX_HOME environment variable and load attacker-controlled MCP servers. By adding a malicious mcp_servers entry in a repo-local .codex/config.toml, an attacker with commit or PR access could cause Codex to execute commands silently whenever a developer runs the tool. OpenAI addressed the issue in Codex CLI v0.23.0 by blocking project-local redirection of CODEX_HOME, but the flaw demonstrates how automated LLM-powered developer tools can expand the attack surface and enable persistent supply-chain backdoors.

Critical King Addons WordPress Plugin Flaw Exploited

⚠️ A critical privilege-escalation vulnerability in the King Addons plugin for Elementor (CVE-2025-8489, CVSS 9.8) is being actively exploited to create administrative accounts. The flaw stems from an insecure handle_register_ajax() implementation that permits unauthenticated users to specify the administrator role during registration via the "/wp-admin/admin-ajax.php" endpoint. A patch is available in version 51.1.35 (released September 25, 2025); administrators should update immediately and audit for unauthorized admin users.

Microsoft mitigates Windows LNK zero-day exploited widely

🔒 Microsoft has quietly mitigated a high-severity Windows LNK vulnerability tracked as CVE-2025-9491, which attackers used to hide malicious command-line arguments inside .lnk files. The flaw relied on padding the Target field so Windows previously masked arguments beyond 260 characters, enabling persistence and malware delivery. Microsoft’s November update now shows the full Target string in Properties but does not remove malicious arguments or warn users. An unofficial 0Patch micropatch limits target strings and warns on unusually long values.

Adversarial Poetry Bypasses AI Guardrails Across Models

✍️ Researchers from Icaro Lab (DexAI), Sapienza University of Rome, and Sant’Anna School found that short poetic prompts can reliably subvert AI safety filters, in some cases achieving 100% success. Using 20 crafted poems and the MLCommons AILuminate benchmark across 25 proprietary and open models, they prompted systems to produce hazardous instructions — from weapons-grade plutonium to steps for deploying RATs. The team observed wide variance by vendor and model family, with some smaller models surprisingly more resistant. The study concludes that stylistic prompts exploit structural alignment weaknesses across providers.

Intellexa Continues Exploitation of Zero-Day Bugs Worldwide

🔍 Google Threat Intelligence Group (GTIG) analysis shows that Intellexa, vendor of the Predator spyware, continues to develop and deploy zero‑day exploits against mobile browsers and operating systems despite sanctions. GTIG attributes 15 unique zero‑days to Intellexa out of roughly 70 discovered since 2021, spanning RCE, sandbox escape, and LPE flaws on iOS, Android, and Chrome. The company uses modular exploit frameworks, acquires exploit chain steps from third parties, delivers payloads via one‑time messaging links and malvertising, and embeds anti‑analysis watcher modules to abort operations on detection.

Malicious Chrome and Edge Extensions Abused by ShadyPanda

🛡️Researchers at Koi Security uncovered a multi-year campaign by an actor dubbed ShadyPanda that abused trusted Chrome and Edge extensions to harvest browsing data, manipulate search results and traffic, and install a backdoor. The group amassed roughly 4.3 million infected browser instances by publishing legitimate-looking add-ons and later pushing malicious updates. Although many extensions have been removed from stores, infected browsers remain at risk because extensions auto-update and marketplaces generally review only at submission.

University of Phoenix Discloses Data Breach After Oracle Hack

🔒The University of Phoenix disclosed a data breach tied to a zero-day flaw in Oracle E-Business Suite, saying it detected the incident on November 21 after the extortion group posted the university to its leak site. Phoenix Education Partners filed an SEC 8-K announcing the incident and an ongoing review. The university said attackers accessed names, contact details, dates of birth, Social Security numbers, and bank account and routing numbers for current and former students, employees, faculty and suppliers. Affected individuals will receive mailed notifications with next steps.

Picklescan Flaws Enable Malicious PyTorch Model Execution

⚠️ Picklescan, a Python pickle scanner, has three critical flaws that can be abused to execute arbitrary code when loading untrusted PyTorch models. Discovered by JFrog researchers, the issues — a file-extension bypass (CVE-2025-10155), a ZIP CRC bypass (CVE-2025-10156) and an unsafe-globals bypass (CVE-2025-10157) — let attackers present malicious models as safe. The vulnerabilities were responsibly disclosed on June 29, 2025 and fixed in Picklescan 0.0.31 on September 9; users should upgrade and review model-loading practices and downstream automation that accepts third-party models.

Marquis data breach affects over 74 US banks, credit unions

🔒 Financial software provider Marquis Software Solutions disclosed a ransomware intrusion on August 14, 2025, after attackers breached a SonicWall firewall and exfiltrated certain files. The incident potentially impacted roughly 400,000 customers across 74 banks and credit unions and involved names, contact details, Social Security and Taxpayer IDs, account information (no security codes), and dates of birth. Marquis says there is no confirmed misuse or publication of the data to date and is notifying affected institutions and state regulators while implementing enhanced security measures, including MFA, patching, account cleanup, and tightened firewall policies.

Brazil Hit by WhatsApp Worm and RelayNFC Fraud Campaign

🔒 Water Saci has shifted to a layered infection chain that uses HTA files and malicious PDFs delivered via WhatsApp to deploy a banking trojan in Brazil. The actors moved from PowerShell to a Python-based worm that propagates through WhatsApp Web, while an MSI/AutoIt installer and process-hollowing techniques load the trojan only on Portuguese (Brazil) systems. Trend Micro links the behavior to Casbaneiro-style features and notes possible use of code-translation or AI tools to port scripts. In parallel, a React Native Android strain named RelayNFC executes real-time NFC APDU relays to enable contactless payment fraud.

Deep Dive: DragonForce Ransomware Cartel and Spider

🔍 DragonForce is a ransomware-as-a-service group that re-emerged in 2023 and has rebranded as a self-described "ransomware cartel," recruiting affiliates with generous revenue shares and customizable encryptors. Recent variants exploit vulnerable drivers like truesight.sys and rentdrv2.sys to disable security controls and shore up earlier encryption flaws. Its partnership with Scattered Spider combines elite social-engineering initial access with deployable ransomware, elevating risk to organizations globally.

Building Conversational Genomics with Multi-Agent AI

🧬 Combining Google’s ADK, Gemini, and Cloud infrastructure, this work reframes variant interpretation as a conversational workflow that removes repetitive scripting and context switching. A two-phase design performs heavy VEP annotation once, stores versioned ADK artifacts and public BigQuery datasets, and enables sub-5-second interactive queries via a QueryAgent. Validation with an APOB spike-in demonstrated single-variant precision, compatibility across DeepVariant versions, and scalability to ~8.8M variants.

Malicious Rust Crate Delivers Cross-Platform Backdoor

⚠️ Researchers identified a malicious Rust crate, evm-units, on crates.io that targeted developer machines running Windows, macOS, and Linux by posing as an Ethereum Virtual Machine helper. Uploaded in mid‑April 2025 and downloaded thousands of times, the package fetched OS-specific payloads from download.videotalks[.]xyz, wrote them to temporary directories, and executed them silently. A related package, uniswap-utils, included evm-units as a dependency, widening exposure; both packages have been removed and indicators released to help defenders.

Critical Privilege-Escalation Flaw in King Addons for WP

⚠️ A critical privilege-escalation vulnerability (CVE-2025-8489) in the King Addons for Elementor plugin is being actively exploited to create administrative accounts during registration. Attacks began on October 31, a day after public disclosure, and Wordfence reports blocking more than 48,400 exploit attempts. Site owners should upgrade to King Addons 51.1.35 immediately and check logs for suspicious IPs and unexpected admin accounts.

Freedom Mobile Breach Exposes Customer Personal Data

🔒 Freedom Mobile detected a breach of its customer account management platform on October 23 after a third party used the account of a subcontractor to access customer records. The carrier says it blocked suspicious accounts and IP addresses and implemented corrective measures and security enhancements. Exposed data include first and last names, home addresses, dates of birth, phone numbers, and Freedom account numbers. Freedom reports no evidence so far of misuse and has urged customers to watch for phishing and check accounts for unusual activity.

Yearn Finance yETH Pool Exploited for $9M via Mint Bug

⚠️ A vulnerability in Yearn Finance's yETH pool allowed an attacker to mint an enormous amount of yETH and drain approximately $9 million in assets. Check Point Research (CPR) found that a desynchronization between the pool's main supply counter and its cached virtual balances (packed_vbs[]) enabled the exploit. The attacker used flash loans and repeated deposit/withdraw cycles to pollute cached balances, burned LP tokens to reset supply to zero, then deposited 16 wei to trigger faulty "first deposit" logic and mint inflated tokens, later converting stolen LSD assets to ETH and laundering funds.

CISA Adds One CVE to Known Exploited Vulnerabilities Catalog

🚨 CISA added CVE-2021-26828 — an OpenPLC ScadaBR unrestricted file upload vulnerability — to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation. The flaw allows dangerous file types to be uploaded, a frequent attack vector that poses significant risks to federal networks. Under BOD 22-01 federal agencies must remediate cataloged CVEs by required dates; CISA also urges all organizations to prioritize remediation.

Leroy Merlin Notifies French Customers of Data Breach

🔔 French home improvement retailer Leroy Merlin has notified customers in France that certain personal data may have been exposed in a cyberattack, including full names, phone numbers, email and postal addresses, dates of birth and loyalty program details. The company says no banking data or account passwords were involved and that it moved quickly to block unauthorized access and contain the incident. The notice warns customers to be vigilant against phishing and impersonation attempts; BleepingComputer confirmed the notification is genuine and has sought further details. No ransomware group had claimed responsibility at the time of reporting.

Hybrid 2FA Phishing Kits Evade Kit-Specific Detection

🔐 Researchers at Any.Run report a hybrid 2FA-phishing strain that fuses elements of Salty2FA and Tycoon2FA, producing payloads that evade detection rules tuned to either kit alone. The samples begin with Salty-style obfuscation and trampoline JavaScript, then shift into Tycoon’s DGA domains and AiTM execution chain. Analysts warn defenders to focus on behavioral patterns and fallback routines rather than static indicators of compromise.

Guide: Secure Integration of AI in Operational Technology

🔒 The Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Signals Directorate’s Australian Cyber Security Centre published a joint guide outlining four principles to safely integrate AI into operational technology (OT). The guidance emphasizes educating personnel, assessing AI uses and data risks, establishing governance, and embedding safety and security. It focuses on ML, LLMs, and AI agents while remaining applicable to other automation approaches. CISA and international partners encourage OT owners and operators to adopt these risk-informed practices to protect critical infrastructure.

NCSC's Share and Defend Blocks Nearly One Billion in UK

🔒 The UK's National Cyber Security Agency (NCSC) reports its Share and Defend service has blocked almost one billion attempts to access malicious websites in under a year. Launched in May 2024, the service aggregates threat intelligence and indicators of compromise (IOCs) from partners and data sources, then shares them with ISPs such as BT, Vodafone, and TalkTalk for DNS filtering. When users try to follow phishing links, fraudulent texts or scam adverts, connections to known malicious domains are stopped automatically. The initiative supports the government's Stop! Think Fraud campaign and aims to reduce online fraud for consumers and businesses.

Google Extends Android In-Call Scam Protection to US Banks

🔒 Google is expanding its Android in-call scam protection to cover several U.S. financial apps, including Cash App and the JPMorgan Chase mobile banking app. The feature, introduced with Android 16, warns users when they launch a financial app while sharing their screen during a call with an unknown number, presenting a persistent 30-second alert that only allows ending the call. The protection runs on Android 11 and later and remains in a testing phase.

Star Blizzard Targets Reporters Without Borders in Phishing

📧 Sekoia.io researchers have identified a fresh wave of spear-phishing linked to the Russia-nexus intrusion set Star Blizzard (aka Calisto/ColdRiver) that targeted NGOs including Reporters Without Borders in May–June 2025. Operators impersonated trusted contacts via ProtonMail, using a custom Adversary-in-the-Middle kit to harvest credentials and relay 2FA prompts through compromised sites and redirectors. Observed tactics included a ZIP disguised as a .pdf, decoy encrypted PDFs instructing victims to open files in ProtonDrive, injected JavaScript to lock password-field focus, and an API-driven workflow for handling CAPTCHA and 2FA challenges, underscoring continued risk to Western organizations supporting Ukraine.

UK Plans Ransomware Payment Ban With Security Exemptions

🔒 The UK government plans to ban ransomware payments for public sector and critical national infrastructure, while requiring other businesses to notify authorities if they intend to pay attackers. Announced after a public consultation and detailed in a September policy paper, the measure will include national security exemptions to avoid creating impossible choices for essential services. Security Minister Dan Jarvis said the move is a priority and that adoption will proceed when parliamentary time allows, with ongoing coordination across government and allied states.

CISOs Preparing for Shorter TLS Certificate Lifespans

🔐 Shorter maximum TLS certificate lifespans are imminent: starting 15 March 2026 the limit drops from 398 days to 200 days, then to 100 days a year later and eventually to 47 days by 2029. CISOs should prioritize complete, continuously updated certificate inventories and move to automated issuance and renewal — ideally via ACME — to avoid outages. Centralized governance, percentage-based renewal policies, and integrated alerts tied to ticketing systems reduce human error and operational risk.

Secure Integration of AI into Operational Technology

🔒 CISA and the Australian Signals Directorate released joint guidance, Principles for the Secure Integration of Artificial Intelligence in Operational Technology, to help critical infrastructure owners and operators balance AI benefits with OT safety and reliability. The guidance focuses on ML, LLMs, and AI agents while remaining applicable to traditional statistical and logic-based systems. It emphasizes four core areas—Understand AI, Assess AI Use in OT, Establish AI Governance, and Embed Safety and Security—and recommends integrating AI considerations into incident response and compliance activities.

AI Phishing Factories: Tools Fueling Modern BEC Attacks

🔒 Today's low-cost AI services have industrialized cybercrime, enabling novice actors to produce highly convincing BEC and phishing content at scale. Tools such as WormGPT, FraudGPT, and SpamGPT remove traditional barriers by generating personalized messages, exploit code, and automated delivery that evade static filters. Defensive detection alone is insufficient when signatures continually mutate; organizations must protect identity and neutralize credential exposure. Join the webinar to learn targeted signatures and access-point controls to stop attacks even after a click.

AI, Automation and Integration: Cyber Protection 2026

🔒 In 2025 threat actors increasingly used AI—deepfakes, automated scripts, and AI-generated lures—to scale ransomware, phishing, and data-exfiltration attacks, exposing gaps between siloed security and backup tools. Publicly disclosed ransomware victims rose sharply and phishing remained the dominant initial vector, overwhelming legacy protections. Organizations are moving to AI-driven automation and unified detection, response, and recovery platforms to shorten dwell time and streamline compliance.

Russia Blocks Roblox Citing Distribution of LGBT Content

🚫 Roskomnadzor has restricted access to the US gaming platform Roblox, saying it repeatedly failed to stop the distribution of what the regulator described as LGBT propaganda, extremist and terrorist materials, and calls for violent illegal actions. The agency said unsafe content appeared in in-game rooms where users can simulate attacks, target schools, or participate in gambling. Roblox was reportedly warned in November after moderation shortcomings were confirmed.

Fortinet Named Challenger in Gartner Email Security MQ

📧 Fortinet was named a Challenger in the 2025 Gartner Magic Quadrant for Email Security, reflecting continued progress across its email protection portfolio. FortiMail Email Security and FortiMail Workspace Security combine AI-native detection, sandboxing, DMARC, enhanced BEC and account takeover defenses, and flexible on-premises and cloud deployment options. The company positions this suite as a cost-effective, integrated alternative that also extends protection to web browsers, cloud storage, and collaboration apps.

Secure SD-WAN as the Foundation for Successful SASE

🔒Fortinet positions secure SD-WAN as the essential foundation for effective SASE, arguing that unified networking and security deliver consistent policy enforcement and optimized connectivity across hybrid and cloud environments. Integrated capabilities such as local internet breakout, built-in ZTNA, and application-aware routing reduce latency and attack surface while improving user experience. AI-enhanced operations and centralized management simplify troubleshooting and accelerate deployments.

Global Execs Rank Disinformation, AI and Cyber Risks

🧭 Business leaders across 116 economies told the World Economic Forum that misinformation/disinformation, cyber insecurity and the adverse outcomes of AI rank among the top near-term threats to national stability. The WEF’s Executive Opinion Survey 2025 canvassed 11,000 executives, who placed technological risks alongside economic and societal concerns. Respondents flagged AI-driven deepfakes, model exploitation and AI-assisted cyber techniques as amplifiers of both disinformation campaigns and critical-system threats.

Pall Mall Process to Define Responsible Cyber Intrusion

🛡️ The Pall Mall Process, launched in 2024 by the UK and France with 27 governments and major tech firms onboard, seeks to set guidelines for commercial cyber intrusion capabilities. Its second phase invites input from the offensive cyber industry — vendors, brokers, researchers and service providers — on what constitutes responsible behaviour. The guidance will complement the existing Code of Practice for States and aims to curb irresponsible trade in spyware and zero‑day exploits. The public consultation closes on December 22.

Browser Defense Playbook: Securing the New Work Center

🛡️ Unit 42’s Browser Defense Playbook warns that modern work happens primarily in the browser—about 85% of daily tasks—and that attackers increasingly exploit that centrality with phishing, malicious extensions, drive-by downloads and session hijacks. The guide identifies common failures such as unmanaged extensions, lax policies and blind spots in encrypted traffic. It recommends extending zero trust to the browser with strong MFA, conditional access, continuous monitoring and vetted extension allow lists, and points to Prisma Browser for agentless inspection and DLP.

AI Security Posture Management: A Practical Buyer's Guide

🔒 AI-SPM is emerging to protect AI/ML pipelines, cloud-hosted models and large datasets without moving data. The guide outlines core capabilities — agentless access, data classification, pipeline protection, model monitoring and compliance checks — and summarizes offerings from vendors such as Cyera, LegitSecurity, Microsoft, Orca and Palo Alto Networks. It also advises reviewing standards like MITRE ATLAS and OWASP LLM when evaluating tools.

Chopping AI Down to Size: Practical AI for Security

🪓 Security teams face a pivotal moment as AI becomes embedded across products while core decision-making remains opaque and vendor‑controlled. The author urges building and tuning small, controlled AI‑assisted utilities so teams can define training data, risk criteria, and behavior rather than blindly trusting proprietary models. Practical skills — basic Python, ML literacy, and active model engagement — are framed as essential. The piece concludes with an invitation to a SANS 2026 keynote for deeper, actionable guidance.

CME Group modernizes exchange infrastructure with Cloud SQL

🚀 CME Group partnered with Google Cloud to migrate its critical trading databases to Cloud SQL, aiming to sustain ultra-low-latency operations and reduce operational overhead. The managed service provides built-in observability and AI-assisted insights that surface anomalies and suggest query optimizations, enabling teams to identify root causes in minutes. As a result, administrators focus on strategic improvements while developers iterate faster and collaborate across environments.

Check Point Named Leader in Gartner 2025 Email Security

✅ Check Point has been recognized as a Leader in the 2025 Gartner Magic Quadrant for Email Security. This independent evaluation reinforces our commitment to delivering best-in-class email protection that blocks increasingly sophisticated threats while remaining easy to deploy and manage. According to Check Point Research, 68% of attacks start with email and 61% of harmful files are delivered as HTML attachments, underscoring the need for robust, reliable defenses.

Many Germans Neglect Cybersecurity Despite Rising Fraud

🛡️ A BdB survey of 1,057 German adults found that only 54% regularly or occasionally seek information about online security, even as 41% believe they are likely to face online fraud (9% very likely, 32% likely). Nearly a quarter (23%) reported being victims of online fraud in the past two years, yet 82% still consider online banking at home to be safe. BdB CEO Heiner Herkenhoff warns that awareness and basic protective measures significantly reduce the risk of falling for scams.