Posts

🟢 Low | Source: AWS What’s New Amazon SageMaker Unified Studio has added localisation support for twelve languages, allowing the interface to display in the user’s preferred language based on browser settings or manual selection. This is a usability enhancement with no direct security implications. It is available across all AWS regions where SageMaker Unified Studio is supported. Architect’s Take: No security action is required for this update. Architects should note that language localisation does not affect IAM permissions, domain configurations, or access controls — existing governance and access policies remain unchanged. ...

🟢 Low | Source: AWS What’s New AWS Config has added support for nine new resource types spanning Amazon Bedrock, Bedrock AgentCore, and SageMaker. This means organisations can now track, audit, and enforce compliance rules against these resources automatically if they have enabled recording for all resource types. The expansion is particularly relevant as AI/ML workloads become a growing part of enterprise cloud environments. Architect’s Take: Review your AWS Config recording settings to confirm these new resource types are being captured, and consider authoring or adapting Config rules to enforce security baselines — such as network isolation, encryption, and access controls — for the newly supported Bedrock and SageMaker resources before they proliferate across your environment. ...

🟢 Low | Source: AWS What’s New Amazon ECS Managed Instances now supports AWS Trainium and Inferentia AI accelerator instance types, allowing teams to run ML training and inference workloads without managing the underlying EC2 infrastructure. A single task per instance is automatically allocated all accelerator resources via a NEURON_CORE configuration in the task definition. This is a feature release rather than a security event, though it expands the attack surface for ECS-based AI workloads. ...

🟢 Low | Source: The Hacker News This is a webinar announcement featuring HD Moore, creator of Metasploit, focused on network exposure and attack surface visibility rather than reactive patching. The core argument is that with zero-days arriving faster than patches and AI accelerating exploit development, organisations must shift focus to limiting what an attacker can reach once inside. It matters because it reframes security strategy around blast radius reduction rather than the increasingly futile race to patch everything in time. ...

🔴 Critical | Source: The Hacker News A debug flag accidentally left enabled in production builds of multiple Microsoft 365 Android apps disabled a security check that restricts account token sharing to trusted Microsoft applications. As a result, any app installed on the same Android device could silently request and receive the signed-in user’s authentication token, granting full access to email, files, calendar, and the ability to send messages on their behalf. No user interaction, credentials, or elevated permissions were required to exploit this. ...

🔴 Critical | Source: The Hacker News A debug flag accidentally left enabled in production builds of multiple Microsoft 365 Android apps disabled the trust check that normally restricts account-token sharing to authorised Microsoft applications. As a result, any app installed on the same Android device could silently request and receive a valid authentication token, granting full access to the victim’s email, files, calendar, and messaging without any user interaction or additional permissions. The flaw affects any user running a vulnerable Microsoft 365 Android app while also having a malicious or compromised app on the same device. ...

🟠 High | Source: The Register — Security A security researcher has publicly leaked Microsoft exploit code in protest at how the company handles vulnerability disclosures, following a similar incident by a researcher known as Nightmare Eclipse. The move bypasses responsible disclosure norms, meaning working exploits are now publicly available before Microsoft has necessarily issued patches. This significantly raises the risk for organisations running unpatched Microsoft and Azure environments. Architect’s Take: Review your Microsoft and Azure patch status immediately and prioritise any outstanding security updates — publicly available exploit code dramatically shortens the window between disclosure and active exploitation. Ensure your vulnerability management process includes alerting on zero-day and pre-patch public exploit releases, not just CVE publication. ...

🟠 High | Source: The Register — Security A security researcher has publicly leaked Microsoft exploit code in protest at how the company handles vulnerability disclosures, following a similar incident by a researcher known as Nightmare Eclipse. The researcher chose to bypass responsible disclosure and release exploits immediately, arguing Microsoft’s process is inadequate. This creates immediate risk as working exploit code is now publicly available before patches may be widely applied. ...

🟡 Medium | Source: The Hacker News Modern enterprise identity and access management (IAM) is increasingly fragmented across applications, machine identities, and decentralised teams, creating blind spots known as ‘Identity Dark Matter’ — activity that falls outside centralised IAM controls. Identity Visibility and Intelligence Platforms (IVIP) are emerging as a way to consolidate this visibility and reduce the exploitable attack surface. This matters because unmanaged identities are a primary vector for privilege abuse and lateral movement in cloud environments. ...

🟢 Low | Source: Schneier on Security Researchers are applying machine learning techniques to crack historical hand-written ciphers used in medieval correspondence, including diplomatic and personal communications. While academically fascinating, this work demonstrates that AI can systematically analyse and break pattern-based encryption schemes that were previously considered too obscure to decode at scale. It highlights the broader capability of AI to accelerate cryptanalysis against weak or legacy cipher designs. Architect’s Take: No immediate action is required, but this research serves as a timely reminder to audit any legacy or proprietary encryption schemes in your environment — AI-assisted cryptanalysis lowers the bar for breaking non-standard ciphers. Ensure all sensitive data at rest and in transit is protected by modern, well-vetted standards such as AES-256 and TLS 1.3, and avoid reliance on security through obscurity. ...