The Pulse of Cloud and Cyber — Issue 1: “Infrastructure Under Pressure; Security in the Real World”

Unprecedented Pressure on the Cloud: From AWS’s Subsea Cable to the Electricity Crunch and a Busier Threat Landscape

The cloud and cybersecurity beat faster every day. This cycle, infrastructure met the hard limits of power and fiber, while defenders confronted more coordinated adversaries and fresh software supply-chain risks.

AWS announces “Fastnet”: a 320+ Tbps subsea cable from Maryland to Cork

To meet surging demand for cloud and AI, AWS introduced a new transatlantic subsea route dubbed Fastnet, designed to boost capacity and resilience between the U.S. and Ireland. The project targets service robustness as much as raw speed: diverse paths reduce the blast radius of any single cable cut, keeping cloud services available when it matters most. Operations are slated for 2028, signaling how far ahead hyperscalers now must plan for data-center growth and AI workloads.

China offers half-price power to cloud titans—if they choose Huawei over Nvidia

Provincial incentives in China are pushing cloud and AI data centers toward domestic silicon. The proposition: up to a 50% discount on electricity costs if operators adopt local accelerators, especially Huawei’s Ascend ecosystem, instead of Nvidia. For hyperscale buyers like Alibaba or ByteDance, cheaper power can tilt the total-cost-of-ownership equation, even if performance-per-watt comparisons remain hotly debated. It’s industrial policy aimed squarely at strategic tech independence.

Nadella’s blunt take: “We don’t lack GPUs—we lack power and ready shells”

In a candid conversation on the BG2 podcast with Sam Altman, Microsoft CEO Satya Nadella framed the AI build-out’s true choke point as electricity and data-center real estate, not chips. The upshot: some GPUs are sitting idle because the power footprint and cooling capacity aren’t ready. That reality check should resonate across cloud strategy: expanding compute without parallel investment in energy and facilities only shifts the bottleneck downstream.

That MIT-linked paper on “AI driving most ransomware”? Withdrawn after backlash

A working note affiliated with MIT Sloan and Safe Security—claiming AI played a “significant role” in the vast majority of ransomware attacks—was rapidly criticized for methodology and sourcing. It has since been pulled from official channels. The episode is a useful reminder: in security, separate marketing sizzle from data that actually stands up to scrutiny, especially when big numbers go viral.

Cloud on a budget: rent an RTX 5090 from $0.25/hour

GPU-as-a-service keeps getting cheaper. Platforms like SaladCloud advertise RTX 5090 access from $0.25/hour on spot-style pricing; alternatives such as Vast.ai and RunPod regularly list sub-$1/hour offers. For startups, researchers, and indie developers, that’s a ticket to next-gen acceleration without buying multi-thousand-dollar cards—just remember spot capacity can vanish, so design jobs to checkpoint and resume.

Want to know where EU officials go? A data broker may sell you their location

An investigative project in Europe surfaced how mobile location data—collected for advertising—can be purchased to track even high-profile public officials. It’s a stark illustration of the privacy and national-security risks baked into the ad-tech ecosystem: data collected for “legitimate” purposes can be repurposed with minimal friction. Stronger data minimization and tighter control over flows are overdue.

A new cybercrime “brand”: elements of Scattered Spider, LAPSUS$, and ShinyHunters

Trustwave’s research outlines a federated, co-branded extortion model that appears to blend personas and tactics from Scattered Spider, LAPSUS$, and ShinyHunters. The result is louder theatrics and a more durable pipeline for initial access, data theft, and pressure campaigns on Telegram and elsewhere. For defenders, that elevates the importance of incident response muscle memory, disclosure playbooks, identity security, and real-world resilience—not just point-in-time negotiations.

Millions of developers at risk: critical React Native CLI bug (CVE-2025-11953)

JFrog disclosed an OS command injection in @react-native-community/cli that can lead to remote code execution, especially when the Metro dev server is exposed on external interfaces during default development. Version 20.0.0 includes a fix. If you can’t upgrade immediately, lock the server to localhost (e.g., --host 127.0.0.1) and audit exposure. Details are also tracked in the NVD entry for CVE-2025-11953.

Primary sources (read the full stories)

• AWS announcement: Fastnet subsea cable
• Financial Times: China’s power discount tied to domestic chips
• BG2 podcast: Satya Nadella on the power bottleneck
• Withdrawn MIT/Safe Security working note (archival copy)  |  Coverage: Techzine, Socket.dev
• SaladCloud pricing (RTX 5090 from $0.25/h)  |  Comparisons: Vast.ai, RunPod
• Netzpolitik: Data-broker files targeting EU officials  |  Coverage: TechCrunch
• Trustwave: Anatomy of “Scattered LAPSUS$ Hunters”  |  Coverage: The Hacker News
• JFrog: CVE-2025-11953 disclosure  |  NVD