AWS Outage Exposes ‘Dangerous’ Over-Reliance on US Cloud Giants

Article Link: https://www.datacenterknowledge.com/outages/aws-outage-exposes-dangerous-over-reliance-on-us-cloud-giants

• A major AWS outage last week in its US-EAST-1 region disrupted multiple services worldwide, exposing how deeply enterprises depend on a single cloud region or provider. Many affected systems had redundancy only within that same region, leaving them vulnerable when the control plane failed.
• Analysts noted that multi-region architectures are critical to isolate failures and maintain service continuity. Even within a single provider, cloud diversity can dramatically reduce downtime risk.
• The incident also revealed fragile dependencies within digital supply chains, where one provider’s outage cascaded into others.
• For security and compliance teams, it underscored the need to verify disaster recovery plans and regularly test cross-region failover capability.

Microsoft Threatens to Ram Copilot into Exchange Server On-Prem

Article Link: https://www.theregister.com/2025/10/23/copilot_exchange_server/

• Microsoft is surveying administrators about adding its AI assistant, Copilot, to Exchange Server on-premises. The survey asks whether organizations would accept sending some on-premises Exchange data to Microsoft’s cloud for Copilot to function.
• Many administrators maintain on-prem systems precisely to avoid that data transfer, raising questions about regulatory compliance, privacy, and data boundary requirements. The survey also gauges which features, such as email summarization or server health monitoring, might justify the risk of limited cloud integration.
• Exchange admins can indicate their organization’s current use of Microsoft 365 Copilot, but the survey lacks any outright opt-out stance, signaling Microsoft’s intent to measure resistance rather than avoid cloud dependence.
• For now, Microsoft says it is only exploring feasibility, but admins are encouraged to respond before decisions are made about embedding AI assistants into on-prem email infrastructure.

Ransomware Recovery Perils: 40% of Paying Victims Still Lose Data

Article Link: https://www.csoonline.com/article/4077484/ransomware-recovery-perils-40-of-paying-victims-still-lose-their-data.html

• A new Hiscox survey finds that two in five companies that pay ransomware demands never recover their data, underscoring that payment offers no guarantee of resolution. Despite 80% of attacked firms paying up, only 60% restored all or part of their data. Ransomware attacks surged in early 2025, with incidents nearly tripling year-over-year, while data theft continues even after ransom payments.
• Experts note that flawed encryption, buggy decryptors, and untested backups frequently sabotage recovery efforts. Some attackers use defective or incompatible tools, while others vanish post-payment, leaving victims with corrupted systems and encrypted backups. Even when decryption succeeds, recovery is slow and incomplete, often taking weeks for large environments.
• Paying also introduces legal and regulatory complications. Data corruption can trigger privacy violations under GDPR, and payments risk breaching sanctions if funds reach restricted groups. Lawyers warn that victims gain no legal recourse if criminals fail to deliver decryption keys.
• Security professionals stress preparation over payment: strong backups, tested recovery plans, and cyber insurance with built-in crisis response. Maintaining a retainer with an incident response firm can also ensure rapid negotiation and restoration support.
• Hiscox Cyber Readiness Report: https://www.hiscox.ie/sites/ireland-new/files/2025-09/Hiscox%20Cyber%20Readiness%20Report%202025.pdf

Self-Propagating ‘GlassWorm’ Targets VS Code Supply Chain

Article Link: https://www.darkreading.com/application-security/self-propagating-glassworm-vs-code-supply-chain

• A newly discovered malware campaign dubbed GlassWorm has infected over 35,000 developer machines by exploiting Visual Studio Code extensions. Found by Koi Security on October 18, the worm spread through malicious extensions uploaded to the OpenVSX marketplace and even briefly reached Microsoft’s official store before removal.
• Researchers revealed the malware uses invisible, printable Unicode characters to hide code within legitimate files, rendering traditional code review ineffective. The attack marks one of the first known instances of “truly invisible” malicious code appearing in the wild.
• Beyond its stealth, GlassWorm employs an unusually advanced architecture, utilizing the Solana blockchain for command-and-control, Google Calendar as backup, and stolen credentials from GitHub, NPM, and OpenVSX to spread autonomously. Once embedded, it can harvest credentials, hijack cryptocurrency wallets, and convert systems into proxy servers under attacker control.
• Affected organizations are urged to rotate all access tokens and passwords immediately, verify extensions against Koi’s published indicators of compromise, and fully reformat compromised machines to prevent reinfection.

Microsoft Warns of AI-Driven Threats in 2025 Digital Defense Report

Article Link: https://industrialcyber.co/reports/microsoft-2025-digital-defense-report-flags-rising-ai-driven-threats-forces-rethink-of-traditional-defenses/

• Microsoft’s latest Digital Defense Report warns that artificial intelligence is reshaping both attack and defense strategies, forcing organizations to rethink traditional protection models. The report’s authors describe this as a “defining moment,” with AI amplifying the scale, precision, and speed of attacks while simultaneously enhancing defenders’ ability to detect and respond in real time.
• Adversaries, including nation-states and criminal groups, are using generative AI to automate phishing, exploit discovery, and lateral movement while targeting the AI systems themselves through prompt injection and data poisoning. Campaigns such as “ClickFix” and device code phishing illustrate how attackers blend technical exploits with social engineering to evade standard detection.
• Microsoft emphasized that identity remains the top entry point for attacks, calling for phishing-resistant multifactor authentication, rapid credential isolation, and a board-level focus on digital risk. The report also recommends stronger cloud workload inventories, perimeter audits, and regular ransomware response exercises to strengthen organizational readiness.
• On a geopolitical level, the report calls for global coordination to deter nation-state cyber operations, particularly those targeting critical infrastructure. It urges governments to align on attribution frameworks, impose proportionate consequences for malicious activity, and address ransomware safe havens through political pressure rather than technical retaliation.
• Report: https://www.microsoft.com/en-us/security/security-insider/threat-landscape/microsoft-digital-defense-report-2025#Threat-landscape

Blue Cross Blue Shield of Montana Probed Over Major Data Breach

Article Link: https://nbcmontana.com/news/local/blue-cross-blue-shield-of-montana-under-investigation-for-data-breach

• Blue Cross Blue Shield of Montana (BCBSMT) is under investigation after a data breach potentially exposed sensitive personal and medical details for as many as 462,000 residents. The breach, occurring between November 2024 and March 2025, reportedly compromised names, addresses, birth dates, billing information, and phone numbers.
• The Montana State Auditor’s Office launched the probe amid claims that BCBSMT failed to promptly notify affected customers or provide credit monitoring as promised. BCBSMT claims to the contrary.
• Commissioner of Securities and Insurance James Brown described the breach as a “deeply disturbing incident” and pledged to use every available regulatory authority to protect residents. He also announced new statewide initiatives to boost digital safety awareness and strengthen oversight of companies handling health data.
• Impacted individuals are being urged to review Explanation of Benefits statements closely, monitor for suspicious billing, and report any irregularities to BCBSMT or the Commissioner’s Office. Regulators have warned that incidents of this nature highlight the need for faster response protocols and stronger accountability in protecting personal information.   

OpenAI’s Atlas Shrugs Off Inevitability of Prompt Injection, Releases AI Browser Anyway

Article Link: https://www.theregister.com/2025/10/22/openai_defends_atlas_as_prompt/

• OpenAI’s newly launched Atlas browser, which embeds ChatGPT as a web-processing agent, is facing scrutiny after researchers demonstrated indirect prompt injection attacks, malicious commands hidden in web content that can influence AI behavior.
• OpenAI CISO Dane Stuckey acknowledged that prompt injection remains an unresolved security challenge despite extensive red-teaming, model retraining, and overlapping guardrails.
• Researcher Johann Rehberger replicated attacks that caused Atlas to alter settings and outputs, illustrating how “offensive context engineering” can exploit trust between users and AI systems.
• In a preprint research paper on the threats of prompt injection to the confidentiality, integrity, and availability of data processed by AI agents, Rehberger recommends such mitigations as human oversight, downstream validation of AI outputs, and rate limiting per user or IP. The article implies that the paper’s conclusion applies to all AI agents at this point in their development: “Trust No AI.”
• Research paper: https://arxiv.org/pdf/2412.06090

Fake LastPass Death Claims Used to Breach Password Vaults

Article Link: https://www.bleepingcomputer.com/news/security/fake-lastpass-death-claims-used-to-breach-password-vaults/

• LastPass is warning of a new phishing campaign impersonating its inheritance process to steal users’ vault credentials and passkeys. The scam claims a relative has uploaded a death certificate to request vault access, prompting users to “cancel” the request through a malicious link.
• Victims are redirected to a fake site, lastpassrecovery[.]com, where they’re tricked into entering their master password. Some were also contacted by callers posing as LastPass support.
• The campaign, linked to the CryptoChameleon group, uses fake Okta, Gmail, and iCloud pages to harvest credentials and target crypto wallets.
• LastPass says the attackers are now also focusing on stealing passkeys — reflecting a shift toward passwordless authentication abuse.

Scouts Will Now Be Able to Earn Badges in AI and Cybersecurity

Article Link: https://www.cnn.com/2025/10/14/tech/scouting-america-ai-cybersecurity-merit-badges

• Scouting America, formerly known as the Boy Scouts, has launched two new merit badges focused on artificial intelligence and cyber defense to reflect the organization’s modernization push.
• The AI badge teaches scouts to explore the impact of artificial intelligence on daily life, understand deepfakes, and complete a project demonstrating or explaining AI concepts.
• The cyber badge, developed with Air Force officer Michael Dunn, introduces practical skills for protecting personal and family data from digital threats. Dunn said the initiative also exposes scouts to an industry facing a national shortage of skilled workers and helps spark future career interest.
• Beyond technical skills, the program emphasizes digital ethics and responsibility, values aligning closely with the organization’s broader mission of preparing youth for leadership in a connected world.