< ciso
brief />
Tag Banner

All news with #serverless security tag

37 articles

Hardening Public Serverless Functions on Google Cloud

🛡️ This post from Mandiant highlights how publicly exposed serverless applications — often unauthenticated by design — are frequent targets for application-level attacks like LFI/RFI and command injection. It explains exploitation paths including file retrieval and service account token exfiltration, and demonstrates attack examples against Cloud Run Python functions. The article provides actionable hardening guidance such as using dedicated service accounts with least privilege, isolating public services in separate projects, enforcing S‑SDLC practices, and deploying Cloud Armor WAF and Layer 7 load balancing for centralized protection.
read more →

Google Cloud Run Sandboxes Enter Public Preview

🛡️ Cloud Run sandboxes are now in public preview, offering a native, secure, and ultra-fast runtime to execute untrusted code and agent workloads in milliseconds. These lightweight, isolated execution boundaries can spawn within existing Cloud Run service instances and enforce credential isolation, deny-by-default network egress, and a safe read-only filesystem overlay. Enabling sandboxes requires a single deployment flag and integrates with the Agent Development Kit and ComputeSDK for streamlined use.
read more →

Amazon MWAA Serverless adds shared VPC support

🔧 Amazon Managed Workflows for Apache Airflow (Amazon MWAA) Serverless now supports shared VPC subnets, removing a prior validation error when creating Serverless workflows with subnets shared via AWS Resource Access Manager (AWS RAM). This change aligns MWAA Serverless subnet ownership validation with MWAA Provisioned environments, enabling centrally managed network architectures to launch workflows in member accounts without workarounds. The update also benefits customers using Amazon SageMaker Unified Studio Workflows with shared VPC networking and is available in all Regions where MWAA Serverless is supported.
read more →

Amazon EMR Serverless enables live config updates

🔧 Amazon EMR Serverless now permits live updates to key application configurations, such as maximum capacity and custom image settings, without stopping or restarting the application. New workloads submitted after a configuration change automatically use the updated settings while existing jobs continue under their original configuration. This removes the previous need to coordinate maintenance windows and restart applications when adjusting scaling boundaries or deploying updated custom images.
read more →

AWS launches Lambda MicroVMs for isolated serverless

🚀 AWS announces Lambda MicroVMs, a new serverless compute primitive delivering VM-level isolation, near-instant launch and resume speeds, and up to 8 hours of state preservation. Built on Firecracker, MicroVMs let developers provide each user or job a dedicated, secure execution environment without managing virtualization infrastructure. MicroVM images are created from Dockerfiles and support HTTP/2, gRPC, and WebSockets, with regional availability and pay-for-use pricing.
read more →

BigQuery Managed Python UDFs Now Generally Available

🐍 BigQuery now supports fully managed Python User-Defined Functions (UDFs) in GA, enabling data teams to run custom Python code securely inside BigQuery using SQL or BigQuery DataFrames. The service runs on BigQuery-managed serverless infrastructure that auto-scales and removes the need to manage containers. It provides access to popular Python libraries, vectorized PyArrow processing, configurable container resources, concurrency controls, and streaming logs for observability. Billing is integrated with BigQuery SKUs and supports spend commitments and cost monitoring.
read more →

AWS Glue Interactive Sessions Add Spark Connect

🧭 AWS Glue Interactive Sessions now supports Apache Spark Connect, enabling development and execution of Spark applications from managed notebooks like Amazon SageMaker Unified Studio or IDEs such as Jupyter and VS Code while running on AWS Glue's serverless infrastructure. The thin client architecture decouples client dependencies from the server-side Spark runtime, enabling ad hoc exploration, iterative debugging, and incremental PySpark development. Observability includes real-time Spark UI monitoring, History Server tracking, and session management via the AWS Glue API, CLI, or SDK. This capability is available across multiple AWS regions.
read more →

SageMaker Adds Serverless Fine-Tuning for Nemotron 3

🚀 Amazon SageMaker AI now supports serverless customization for Nvidia Nemotron 3 Nano via supervised fine-tuning (SFT) and reinforcement fine-tuning (RFT). This open-weight 30B-parameter model can be deployed and adapted to specific domains and workflows directly within SageMaker. Serverless customization handles infrastructure and training orchestration, enabling teams to focus on data and evaluation while paying only for usage. The feature is available in US East (N. Virginia), US West (Oregon), Asia Pacific (Tokyo), and Europe (Ireland), and can be launched from SageMaker Studio or via the SageMaker Python SDK.
read more →

MWAA Serverless emits Airflow state events to EventBridge

📣 Amazon Managed Workflows for Apache Airflow (MWAA) Serverless now publishes workflow and task state change events to Amazon EventBridge, enabling event-driven automation for Airflow pipelines. Previously, teams relied on custom polling or manual monitoring; this capability lets MWAA Serverless emit events for workflow states (started, running, succeeded, failed) and task states (scheduled, succeeded, failed, up for retry). Use cases include alerting on failures, triggering downstream pipelines when upstream workflows succeed, and logging state transitions for compliance.
read more →

Google Cloud enhances Managed Spark clusters

⚙️ This announcement details Google Cloud’s updates to Managed Service for Apache Spark, now offered as Managed Spark clusters with serverless and managed modes. Key enhancements include Lightning Engine, a native C++ vectorized execution engine delivering up to 4.9x faster Spark performance, Flexible VMs for improved capacity resilience, and FinOps features like zero-scale clusters and scheduled stops. The release also adds the Model Context Protocol server and Data Agent Kit integrations to connect LLMs and developer tools securely to clusters, plus Lakehouse interoperability and Cluster Image 3.0 with Spark 4.1 preview.
read more →

Google Cloud Serverless Spark Runtime 3.0 Features

🚀 Managed Service for Apache Spark runtime 3.0 reduces setup and startup friction for Spark workloads. It automates IAM, networking, and API provisioning to shorten the time to first job and cuts startup latency by 75% for standard and premium tiers. The runtime adds support for GPU obtainability via Dynamic Workload Scheduler Flex Start, enhanced multi-zonal execution with no cross-zone network charges, and compatibility with upcoming Spark 4.x features like Spark Connect.
read more →

AWS announces next-generation OpenSearch Serverless GA

🚀 The next generation of Amazon OpenSearch Serverless is now generally available, offering a fully managed search and vector engine optimized for agentic workflows. It auto-scales up to 20x faster and provisions resources in seconds, supports scale-to-zero and pay-per-usage pricing, and can reduce costs by up to 60% versus provisioning clusters for peak loads. New features include a shared storage layer that decouples compute and storage, two resource-based endpoints for simplified network connectivity, and native integrations with AI development platforms and OpenSearch Agent Skills.
read more →

AWS SAM CLI Adds Support for CloudFormation Extensions

🛠️ AWS SAM CLI now processes AWS CloudFormation Language Extensions in-memory for local workflows, letting developers define repeating serverless resources once and iterate without deploying to the cloud. Commands such as sam build, sam local invoke, sam sync, and sam local start-api automatically expand Fn::ForEach loops and support several helper functions and conditional policies. Update to the latest SAM CLI and add AWS::LanguageExtensions to your template to begin.
read more →

EventBridge Scheduler Adds 619 SDK Actions for Scheduling

🚀 Amazon EventBridge Scheduler expands its AWS SDK integrations with 619 new API actions across 13 additional services, including support for AWS Lambda Managed Instances. This update enables customers to schedule direct API invocations for a broader set of AWS services without writing custom integration code. As a serverless scheduler, EventBridge Scheduler can manage billions of scheduled events and now supports time-based scaling of Lambda managed instances for more precise capacity control. The enhancements are generally available in all Regions where Scheduler is offered, subject to target service availability.
read more →

Dynamic Workflows: Durable Execution Following Tenants

🚀 Cloudflare announced Dynamic Workflows, a compact TypeScript library that lets a single Worker Loader route durable Workflows to per-tenant code at runtime. It wraps the WORKFLOWS binding so tenant-created workflows persist, resume, and execute in the correct tenant sandbox. Built on Dynamic Workers, it supports per-tenant caching, hibernation, and minimal dispatch overhead.
read more →

AWS Lambda Adds Ruby 4.0 Managed Runtime and Images

🚀 AWS Lambda now supports creating serverless applications with Ruby 4.0. Developers can use Ruby 4.0 as both a managed runtime and a container base image, and AWS will automatically apply updates to the managed runtime and base image as they become available. The runtime adds advanced logging controls including JSON structured logs, configurable logging levels, and the ability to target specific Amazon CloudWatch log groups. Ruby 4.0 is available in all AWS Regions, including China and AWS GovCloud (US).
read more →

Cloud Run updates: AI agents, GPUs, and developer tools

🚀 Google announced a broad set of updates to Cloud Run to accelerate full‑stack app delivery, agent hosting, and high‑performance inference. New capabilities include full‑stack app deployment from AI Studio, a fully managed remote MCP server, and integration with the Gemini Enterprise Agent Platform. High‑end NVIDIA RTX PRO 6000 Blackwell GPUs are now GA, while instance primitives, SSH access, ephemeral sandboxes, and billing caps are rolling out in preview or coming soon.
read more →

AWS Lambda durable functions expand into 16 regions

🚀 AWS has expanded Lambda durable functions into 16 additional regions, enabling developers to run orchestrated, multi-step serverless workflows closer to users and data. The feature adds primitives like steps and waits to checkpoint progress, recover from failures, and pause execution without incurring compute charges for on‑demand functions. You can enable durable functions for Python 3.13/3.14, Node.js 22/24, or Java 17+ via the API, Console, SDK, or IaC tools such as CloudFormation, SAM, and CDK.
read more →

Agent Plugin for AWS Serverless Accelerates AI Dev Workflows

📦 AWS introduces the Agent Plugin for AWS Serverless, which integrates AI coding assistants like Kiro, Claude Code, and Cursor to simplify building, deploying, troubleshooting, and managing serverless applications. The plugin packages reusable agent skills, sub-agents, hooks, and MCP servers to provide contextual guidance across the development lifecycle. It supports Lambda integrations with common event sources, IaC workflows via SAM and CDK, long‑running stateful patterns with durable functions, and API design with API Gateway. Skills are distributed in the open Agent Skills format and are available in AI tooling that supports agent plugins or skills.
read more →

Amazon Aurora PostgreSQL adds express cluster creation

🚀 Amazon Aurora PostgreSQL introduces an express configuration that creates serverless clusters and enables query execution in seconds. These clusters are provisioned outside a VPC with an internet access gateway that supports the full PostgreSQL wire protocol and multi‑AZ availability. IAM-based passwordless admin authentication is enabled by default, and the tier is available under the AWS Free Tier. Use the RDS Console, AWS CLI, or SDKs to deploy.
read more →