All news with #product release tag

Falcon Next-Gen Identity Security Unifies Protection

🔒 CrowdStrike announced Falcon Next-Gen Identity Security, a unified solution to protect human, non-human, and AI agent identities across on-premises, cloud, and SaaS environments. It consolidates initial access prevention, modern secure privileged access, identity threat detection and response (ITDR), SaaS identity security, and agentic identity protection into a single sensor and management console. Delivered via the AI-native Falcon platform, the offering provides real-time visibility, dynamic access enforcement, and autonomous response to reduce identity-driven breaches and simplify hybrid identity security.

AWS Achieves HITRUST Certification for 177 Services

🔒 Amazon Web Services announced that 177 AWS services achieved HITRUST certification for the 2025 assessment cycle, with five services certified for the first time: Amazon Verified Permissions, AWS B2B Data Interchange, AWS Payment Cryptography, AWS Resource Explorer, and AWS Security Incident Response. A third‑party assessor audited the services under the HITRUST CSF v11.5.1 framework. Customers can inherit the certification for validated assessments when they use in‑scope services and follow the AWS Shared Responsibility Model, and evidence is available through AWS Artifact.

Android pKVM Achieves SESIP Level 5 Certification Milestone

🔒 Google announced that protected KVM (pKVM) has achieved SESIP Level 5 certification, making it the first software security system for large-scale consumer electronics to reach this assurance. The certification followed a hands-on evaluation by Dekra under the TrustCB SESIP scheme compliant to EN-17927 and includes AVA_VAN.5 vulnerability analysis. pKVM will enable high-criticality isolated workloads such as on-device AI and provides an open-source, verifiable foundation for device manufacturers.

GPT-5 in Azure AI Foundry: Enterprise AI for Agents

🚀 Today Microsoft announced general availability of OpenAI's flagship model, GPT-5, in Azure AI Foundry, positioning it as a frontier LLM for enterprise applications. The GPT-5 family (GPT-5, GPT-5 mini, GPT-5 nano, GPT-5 chat) spans deep reasoning, real-time responsiveness, and ultra-low-latency options, all accessible through a single Foundry endpoint and managed by a model router to optimize cost and performance. Foundry pairs agent orchestration, tool-calling, developer controls, telemetry, and compliance-aware deployment choices to help organizations move from pilot projects to production.

Google July AI updates: tools, creativity, and security

🔍 In July, Google announced a broad set of AI updates designed to expand access and practical value across Search, creativity, shopping and infrastructure. AI Mode in Search received Canvas planning, Search Live video, PDF uploads and better visual follow-ups via Circle to Search and Lens. NotebookLM added Mind Maps, Study Guides and Video Overviews, while Google Photos gained animation and remixing tools. Research advances include DeepMind’s Aeneas for reconstructing fragmentary texts and AlphaEarth Foundations for satellite embeddings, and Google said it used an AI agent to detect and stop a cybersecurity vulnerability.

Microsoft launches Secure Future Initiative patterns

🔐 Microsoft announced the launch of the Secure Future Initiative (SFI) patterns and practices, a new library of actionable implementation guidance distilled from the company’s internal security improvements. The initial release includes eight patterns addressing urgent risks such as phishing-resistant MFA, preventing identity lateral movement, removing legacy systems, standardizing secure CI/CD, creating production inventories, rapid anomaly detection and response, log retention standards, and accelerating vulnerability mitigation. Each pattern follows a consistent taxonomy—problem, solution, practical steps, and operational trade-offs—so organizations can adopt modular controls aligned to secure by design, by default, and in operations principles.

CISA Releases Thorium: Scalable Malware Analysis Platform

🛡️ CISA, in partnership with Sandia National Laboratories, released Thorium, an automated, scalable malware and forensic analysis platform that consolidates commercial, custom, and open-source tools into unified, automated workflows. Thorium is configured to ingest over 10 million files per hour per permission group and schedule more than 1,700 jobs per second, enabling rapid, large-scale binary and artifact analysis while maintaining fast query performance. It scales on Kubernetes with ScyllaDB, supports Dockerized tools and VM/bare-metal integrations, and enforces strict group-based access controls along with tag and full-text filtering for results.

CISA Releases Open-Source Eviction Strategies Tool

🛡️CISA published a no-cost Eviction Strategies Tool, developed with MITRE, to help cyber defenders build tailored incident response plans and adversary eviction strategies within minutes. The package includes COUN7ER, a database of atomic post-compromise countermeasures, and the Cyber Eviction Strategies Playbook NextGen web app to match findings to countermeasures. It exports results in JSON, Word, Excel and markdown and is available under the MIT Open Source License.

AWS releases SRA Verify: Open-source SRA assessment

🔍 SRA Verify is an open-source assessment tool from AWS that automates validation of an organization’s alignment to the AWS Security Reference Architecture (AWS SRA). It runs automated checks across multiple services to verify configurations and highlight deviations from recommended patterns. The tool links checks to remediation guidance and IaC examples to help teams implement fixes more quickly. It currently covers CloudTrail, GuardDuty, IAM Access Analyzer, Config, Security Hub, S3, Inspector, and Macie, with plans to expand.

Chrome on Android: Advanced Protection Enhancements

🔒 Android's Advanced Protection extends Google's device-level security and integrates with Chrome on Android, enabling three core protections to guard high-risk users such as journalists and officials. It forces HTTPS via the Always Use Secure Connections mode, turns on full Site Isolation for devices with 4GB+ RAM, and reduces attack surface by disabling V8's higher-level JavaScript optimizers. Settings are available on Android 16 in Chrome 137+, and enterprises can control behaviors via policies while affected users should enable automatic updates and join the Advanced Protection Program for maximum defense. These measures trade some performance for stronger exploitation resistance.

Google Open-Sources ZKP Libraries for Age Assurance

🛡️ Google has open sourced its Zero-Knowledge Proof (ZKP) libraries to accelerate privacy-preserving digital ID and age-assurance solutions. Developed with Sparkasse, the release enables people to prove attributes (for example, that they are over 18) without sharing any other personal data. By making a performant ZKP codebase available, Google aims to help developers, researchers, businesses, and governments integrate privacy-first flows, including use cases for the European EUDI Wallet.

SAFECOM Updates Emergency Communications Lifecycle Guide

📢 CISA, in partnership with SAFECOM and NCSWIC, released an updated Emergency Communications System Lifecycle Planning Guide and companion Lifecycle Planning Tool on July 2, 2025. The suite refreshes the 2011 and 2018 materials and incorporates public safety practitioners' experiences to inform system build, maintenance, operation, decommission, and replacement decisions. The Lifecycle Guide offers recommendations and the Lifecycle Planning Tool provides checklists for each lifecycle phase. Resources and funding guidance are aligned to help jurisdictions plan technology upgrades.

Android 16 Adds Advanced Protection for Mobile Devices

🔐Android 16 introduces a device-level Advanced Protection setting that applies Google's strongest security features to mobile devices. Designed for at-risk individuals—journalists, elected officials, public figures—and any user who prioritizes heightened security, the feature consolidates multiple protections and prevents their accidental or malicious disablement. It also enables Android-specific capabilities like Intrusion Logging, a tamper-resistant, privacy-preserving log backup for forensic analysis. Activation is simple, and Google plans to add USB protections, network auto-reconnect controls, and Scam Detection integration later this year.