TRACE Cyber Intelligence Pulse - 24 October 2025
Cyber threats do not wait for you to catch up. Stay ahead with CyXcel’s weekly threat intelligence foresight, grounded in real-world incident response and powered by our fusion of legal, technical and strategic expertise.
Edited by: Samuel Kudláč, Senior Analyst, and Danny Howett, Technical Director – Digital Forensics and Incident Response.
In Focus
AWS Outage Disrupts Businesses Globally, Exposing Systemic Vulnerabilities Within the Cloud Ecosystem
On October 20, 2025, Amazon Web Services (AWS) experienced a 15-hour outage across its US-EAST-1 region in northern Virginia, US, where its hub is located. The disruption was caused by a DNS failure affecting the DynamoDB API, degrading performance for multiple services including EC2, Lambda and SQS.
AWS traced the root cause to an internal monitoring subsystem for network load balancers and restored full service by the end of the day. The outage impacted businesses worldwide including McDonald’s, Disney+, Signal WhatsApp, as well as multiple banks, such as Lloyds and Bank of Scotland, and government agencies.
Key Takeaways
US-EAST-1 functions as AWS’s original and most widely integrated infrastructure hub and remains the default endpoint for many global services despite Amazon’s geographic redundancy architecture. Organizations worldwide still route core functions through this region regardless of their actual geographic distribution, creating a single point of failure that undermines multi-region resilience assumptions. Companies operating single-region architecture face increasing operational and reputational risk from such concentration.
The disruption exposed a systemic vulnerability in the global financial services sector, where AWS supports core capabilities ranging from fraud detection to payments processing, requiring millisecond execution and uninterrupted data flow. Industry analysts assess that the financial cost of the downtime is likely to reach hundreds of billions of US dollars in lost productivity and business interruption.
The incident confirms that geographic distribution alone does not ensure operational resilience when key dependencies remain centralized. Multi-region failover capability, while resource-intensive, is more cost effective than prolonged outages. As a result, AWS is expected to reinforce architectural diversification across its ecosystem to reduce dependence on US-EAST-1.
This marks the second significant cloud availability disruption in two months. In our September Digital Risk Management Webinar, we reported on the Microsoft Azure outages affecting services and cloud connectivity across the Middle East, South Asia and Africa. Together, these events demonstrate the digital economy’s growing exposure to single-vendor infrastructure risk.
Finally, as AI workloads expand and strain power and network capacity, organizations should accelerate testing of backup systems, failover mechanisms and alternate data center routes ahead of the Northern Hemisphere’s peak heating season. Proactive validation of these contingencies is essential to mitigate cascading disruptions from future cloud outages.
Around the Globe
Worldwide: VSCode Extensions Expose Secrets and Spread GlassWorm Malware
Researchers discovered that over 500 Visual Studio Code (VSCode) extensions exposed hardcoded API keys and tokens from major AI, cloud and payment providers, that allow threat actors to compromise developer environments and supply chains.
Separately, researchers identified GlassWorm malware, which is actively propagating through compromised VSCode extensions via stolen tokens. The worm facilitates credential and cryptocurrency theft.
EU: Europol’s Operation SIMCARTEL Takes Down Cybercriminal SIM Farm Operation
European law enforcement dismantled a SIM farm operation that used 40,000 SIM cards to create 49 million fraudulent online accounts for phishing, fraud and other cybercriminal activity. The operation resulted in seven arrests and financial as well as physical asset seizure. The scale of this cybercrime-as-a-service network serves as a reminder of the vulnerability of SMS-based authentication and validation methods.
US: Envoy Air Is the Second Confirmed Victim of the Oracle E-Business Suite Breach
Envoy Air, a subsidiary of American Airlines, is the second confirmed victim of Cl0p ransomware group’s Oracle E-Business Suite (EBS) breach. The threat actor exploited a zero-day vulnerability (CVE-2025-61882) in the Oracle EBS as early as June 2025 in a supply chain compromise campaign. This follows the breach of Harvard University as described in last week’s Pulse bulletin.
We Can Help
Expand your threat intelligence monitoring capabilities beyond the dark web with support from CyXcel’s TRACE team. Contact our experts today to find out more.
Photo by Denis Sebastian Tamas on Unsplash.