BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA

Today’s signal The Hacker News recently reported BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA. Published context: July 7, 2026. BeyondTrust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could allow unauthenticated attackers to take control of susceptible devices. The vulnerabilities are listed below - CVE-2026-40138 (CVSS score: 9.2) - A pre-authentication vulnerab ...

July 7, 2026 · 3 min · David Gomez

AWS Certificate Manager now supports the ACME protocol for public certificates

Today’s signal AWS What’s New recently reported AWS Certificate Manager now supports the ACME protocol for public certificates. Published context: July 6, 2026. AWS Certificate Manager (ACM) now allows you to provision a fully managed ACME server endpoint that issues public TLS certificates with a 45 day validity from Amazon Trust Services using any ACMEv2-compatible client, including Certbot, cert-manager for Kubernetes, and acme.sh. With the CA/Browser Forum mandating 47-day certificate lifetimes by 2029, manual m ...

July 7, 2026 · 2 min · David Gomez

U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case

Today’s signal The Hacker News recently reported U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case. Published context: July 4, 2026. A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and the blockchain trail the payment left. The odd part: the group that took the money calls itself Kairos, but it may not be a ransomware gang at all. Krishnan found no si ...

July 6, 2026 · 3 min · David Gomez

Amazon Managed Service for Prometheus achieves FedRAMP High and DoD IL-4/5 authorization in...

Today’s signal AWS What’s New recently reported Amazon Managed Service for Prometheus achieves FedRAMP High and DoD IL-4/5 authorization in AWS GovCloud (US). Published context: July 1, 2026. Amazon Managed Service for Prometheus is now FedRAMP High and Department of Defense Cloud Computing Security Requirements Guide (DoD CC SRG) Impact Level (IL) 4 and 5 authorized in the AWS GovCloud (US) Regions. Federal agencies, public sector organizations, and other enterprises with FedRAMP High and DoD CC SRG IL-4/5 compliance requirements can now use Ama ...

July 6, 2026 · 2 min · David Gomez

SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation

Today’s signal The Hacker News recently reported SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation. Published context: July 2, 2026. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-45659 (CVSS score: 8.8), is a case of remote code execution arising from the deseria ...

July 5, 2026 · 3 min · David Gomez

AWS AppConfig launches managed experimentation tools for A/B testing

Today’s signal AWS What’s New recently reported AWS AppConfig launches managed experimentation tools for A/B testing. Published context: July 1, 2026. Today, AWS announces the general availability of experimentation tools in AWS AppConfig, a new capability that enables you to run A/B tests and feature experiments without building or managing separate experimentation infrastructure. Built on 25+ years of Amazon experimentation best practices, AWS AppConfig experimentation tools use AI-driven guidance to hel ...

July 5, 2026 · 2 min · David Gomez

New Avalon Malware Framework Packs CrownX Ransomware Capabilities

Today’s signal The Hacker News recently reported New Avalon Malware Framework Packs CrownX Ransomware Capabilities. Published context: July 3, 2026. Cybersecurity researchers have discovered a previously undocumented modular malware framework codenamed Avalon that’s distributed by means of a multi-stage phishing chain capable of bypassing traditional security controls. Avalon combines credential collection, lateral movement, remote access, recovery disruption, and ransomware execution, bringing together The reason this matters is simple: buyers are paying attention to speed, operational resilience, and credible technical execution. A trending story can create awareness, but the business question is what a team should do with that attention. ...

July 4, 2026 · 3 min · David Gomez

Amazon GuardDuty adds sensitive file modification threat detections

Today’s signal AWS What’s New recently reported Amazon GuardDuty adds sensitive file modification threat detections. Published context: July 1, 2026. Amazon GuardDuty Runtime Monitoring now includes three new threat detections that alert security teams when sensitive files are modified on Amazon EC2 instances and container workloads running on Amazon EKS or Amazon ECS. These findings help identify post-compromise attacker activities by monitoring critical system files, including configuration files, authe The reason this matters is simple: buyers are paying attention to speed, operational resilience, and credible technical execution. A trending story can create awareness, but the business question is what a team should do with that attention. ...

July 4, 2026 · 2 min · David Gomez

Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials

Today’s signal The Hacker News recently reported Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials. Published context: July 2, 2026. Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access. “Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and Monitoring (RMM) tooling, credential access, and hands-on-keyb ...

July 3, 2026 · 3 min · David Gomez

Amazon EC2 X8i instances are now available in additional regions

Today’s signal AWS What’s New recently reported Amazon EC2 X8i instances are now available in additional regions. Published context: July 2, 2026. Starting today, Amazon Elastic Compute Cloud (Amazon EC2) X8i instances are available in the Asia Pacific (Seoul), Asia Pacific (Malaysia) and Asia Pacific (Tokyo) regions. These instances are powered by custom Intel Xeon 6 processors available only on AWS. X8i instances are SAP-certified and deliver the highest performance and fastest memory bandwidth among ...

July 3, 2026 · 2 min · David Gomez

AWS Artifact now includes Assurance Assistant for compliance inquiries

Today’s signal AWS What’s New recently reported AWS Artifact now includes Assurance Assistant for compliance inquiries. Published context: July 1, 2026. AWS Artifact now includes Assurance Assistant, an AI-powered capability that generates citation-backed responses to security and compliance questions about AWS services. AWS Artifact is the service through which AWS provides compliance reports, certifications, and agreements to customers. Assurance Assistant helps third-party risk managers, compliance office The reason this matters is simple: buyers are paying attention to speed, operational resilience, and credible technical execution. A trending story can create awareness, but the business question is what a team should do with that attention. ...

July 2, 2026 · 3 min · David Gomez

Amazon EC2 C9g and C9gd compute optimized instances are now available

Today’s signal AWS What’s New recently reported Amazon EC2 C9g and C9gd compute optimized instances are now available. Published context: June 30, 2026. Starting today, Amazon Elastic Compute Cloud (Amazon EC2) C9g and C9gd instances, powered by AWS Graviton5 processors, are generally available. AWS Graviton5 processors are the fifth generation of custom-designed CPUs, delivering the best price performance for compute-intensive workloads running on Amazon EC2. C9g instances are ideal for workloads such as hi ...

July 2, 2026 · 2 min · David Gomez