< ciso
brief />
Telegram

Hello, stay ahead with CISO Brief 🚀

Every day the cybersecurity world moves fast — new incidents, evolving AI risks, changing regulations, and critical vendor updates. We cut through the noise to deliver only what matters most for your business and security strategy.

CISO Brief brings you a daily digest of high-signal news: major breaches, hyperscaler security releases, AI and compliance shifts, and the latest threat intelligence — all in one concise update.

Built for CISOs, CTOs, and architects, our goal is to save you time, reduce distraction, and keep you always on pulse with the risks and opportunities that shape tomorrow.

👉 Join our Telegram channel for your daily update — stay informed, stay ready.

Cybersecurity News Digest — Daily Briefings

Latest News

all posts →

FBI alert: Kali365 OAuth phishing risks rise

🔒 The FBI warns of phishing campaigns using Kali365 to harvest Microsoft 365 OAuth access tokens and bypass multi-factor authentication. Attackers trick users into entering a code on a legitimate Microsoft page, which instead authorizes the attacker’s device to access the victim’s account. The FBI advises IT teams to deploy conditional access policies and block authentication transfer to reduce exposure.
OAuth App AbusePhishingMFAMicrosoft
read more →

Netherlands seizes servers tied to hosting firm

🔎 Financial crime investigators in the Netherlands (FIOD) arrested two men and seized 800 servers linked to a web hosting company accused of enabling cyberattacks, interference operations, and disinformation campaigns. Authorities say the suspects provided resources indirectly to Russian and Belarusian entities sanctioned by the EU, and that infrastructure was moved to a front company after sanctions. Raids recovered servers, laptops, phones, and records across multiple Dutch data centers.
Critical InfrastructureNation-State ActorRussia-nexus
read more →

AWS Security Agent adds verification scripts

🔐 AWS Security Agent now generates verification scripts for penetration test findings to help teams reproduce and validate discovered vulnerabilities. The tool creates ready-to-run scripts for each confirmed finding that include setup instructions, documented environment variables, and redacted sensitive values. Teams download the script, configure variables, and execute it against targets to streamline triage and speed remediation. Verification scripts are available in all Regions where AWS Security Agent is supported.
AWSPenetration TestingVulnerability ManagementProduct Update
read more →

BootROM flaw in Qualcomm chips lets attackers persist

🔒 Kaspersky researchers disclosed CVE-2026-25262, a BootROM-level flaw in Qualcomm’s Sahara/EDL implementation that enables arbitrary write operations during device recovery. The bug, a CWE-123 Write-What-Where condition in the ARM Primary Boot Loader, permits attackers with brief physical access via USB to upload and execute malicious code before the OS boots. Qualcomm confirmed the issue, issued a security bulletin, and pledged fixes for future silicon while advising mitigation steps for affected devices.
Privilege EscalationZero-Day Exploitation
read more →

European takedown targets VPN linked to crime

🛡️ European investigators dismantled First VPN in a joint operation led by France and the Netherlands, assisted by Europol and Eurojust. The service, widely promoted in Russia, was used by criminals for ransomware, fraud, and data theft to conceal identities and infrastructure. While the takedown is seen as warranted, experts warn that broad restrictions on VPNs risk harming legitimate privacy and business uses and could face legal challenges.
RansomwareRegulatory Action
read more →

Amazon WorkSpaces adds Linux WorkSpace migration

🔄 Amazon WorkSpaces now supports WorkSpace Migration for all Linux operating systems offered by the service, enabling seamless migration between Linux OS versions and distributions. The feature automatically transfers user data from a Linux WorkSpace’s home directory to the new WorkSpace, removing the need for manual data copying. Supported in AWS commercial and AWS GovCloud (US) Regions where WorkSpaces Personal is available, the capability helps streamline OS upgrades and migrations without disrupting end users.
AWSProduct Update
read more →

Ghostwriter Targets Ukrainian Government via Prometheus Lures

📄 The Belarus-aligned threat actor Ghostwriter (aka UAC-0057/UNC1151) is using Prometheus e-learning themed phishing lures targeting Ukrainian government entities. CERT-UA reports the campaign, active since spring 2026, uses PDF links to deliver a ZIP with JavaScript that stages multiple payloads: OYSTERFRESH, OYSTERBLUES, and OYSTERSHUCK. The operation harvests system data and ultimately deploys Cobalt Strike, with advice to restrict wscript.exe for standard users to reduce risk.
PhishingCobalt StrikeAPT
read more →

Amazon Keyspaces expands to Malaysia and Thailand

🚀 Amazon Keyspaces (for Apache Cassandra) is now available in the Asia Pacific (Malaysia) and Asia Pacific (Thailand) Regions, enabling customers to build Cassandra-compatible applications with lower latency and keep data within the Region to meet residency requirements. The managed, serverless service offers virtually unlimited throughput and storage while customers pay only for used resources. These Regions provide the same features as other AWS Regions, including point-in-time recovery, Multi-Region replication, CDC streams, and IPv6 support, reducing operational overhead of running Cassandra clusters.
AWSProduct LaunchCloud SecurityData Residency
read more →

Securing AI Foundations: Microsoft Customer Spotlights

🛡️ This article highlights how St. Luke’s University Health Network and ManpowerGroup modernized security to enable AI-powered operations. It describes how both organizations unified visibility across cloud, identity, endpoint, and email by adopting Microsoft Security Copilot, Microsoft Defender, and Microsoft Sentinel, and how automation reduced noise and accelerated response. The piece frames security as a strategic enabler for scaling AI responsibly under Zero Trust and governance principles.
MicrosoftMicrosoft Security CopilotMicrosoft SentinelMicrosoft Defender XDR
read more →

Agentic AI Bridges Dental Manufacturing Gaps

🦷 Movix built a custom agentic AI platform to address a severe shortage of skilled dental technicians and reduce costly remakes in aligner and appliance manufacturing. Using Google Cloud infrastructure, including Gemini Enterprise Agent Platform, Cloud Run with L4 GPUs, and Compute Engine, Movix developed deep learning, computer vision, and 3D mesh models to automate quality control and data entry. The solution integrates with legacy lab systems, anonymizes PHI for compliance, and targets large-volume labs to improve accuracy, speed, and cost savings.
Agentic AIGoogle CloudVertex AIAI Application Security
read more →

Microsoft adds agentic AI to Edge for Business

🧭 Microsoft is piloting agentic AI in Edge for Business to streamline multi-step workflows like form-filling, site navigation, and cross-tab data gathering. A limited preview introduces a unified new-tab experience with calendar entries, files, and Copilot prompts to reduce context-switching. Enterprises can enforce data protections—blocking copy/paste, keeping prompts and responses inside their Microsoft 365 tenant, and auditing or blocking sensitive uploads. The features integrate with Purview to detect and prevent policy violations when users sign into Edge for Business.
Agentic AIMicrosoftMicrosoft CopilotMicrosoft Purview
read more →

Trend Micro Apex One zero-day exploited in attacks

🛡️ Trend Micro disclosed a zero-day in its Apex One on-premises server (CVE-2026-34926), a directory traversal flaw that can let a local attacker with administrative access inject malicious code to be deployed to agents. The vendor noted the bug is restricted to on-prem installations and requires prior admin credentials, but observed at least one attempted exploitation in the wild. CISA added the vulnerability to its actively exploited list and ordered federal agencies to patch by June 4, while Trend Micro also released fixes for seven related SEP agent privilege escalation issues.
Trend MicroZero-Day ExploitationActive Exploitation
read more →

Drupal SQL injection flaw now being exploited

🔒 Drupal has warned administrators that a "highly critical" SQL injection vulnerability, tracked as CVE-2026-9082, is being actively targeted in the wild. Discovered by Google/Mandiant researcher Michael Maturi, the flaw affects Drupal's database abstraction API and allows specially crafted requests to trigger arbitrary SQL injection on sites using PostgreSQL. Exploitation requires no authentication and can lead to remote code execution, privilege escalation, and data disclosure; Drupal has released updates and urges immediate patching.
SQL InjectionActive ExploitationRemote Code Execution
read more →

AI-Enabled Attacks Shift from Labs to Live Threats

🛡️ Check Point Research’s March–April 2026 Threat Landscape Digest documents that AI-powered attacks have moved from experimental and state-sponsored exercises into routine criminal deployment. The report details a campaign in Mexico where a single operator used commercial AI to compromise nine government agencies, leveraging persistent jailbreaks, weaponized agent configuration files, and commodified attack platforms like EvilTokens. It warns that stolen AI provider keys, rapid exploit timelines, and shadow AI use create urgent operational and supply-chain risks for organizations.
Check PointAI SecurityJailbreakAPT
read more →

Ubiquiti patches three max-severity UniFi OS flaws

🛡️ Ubiquiti issued updates addressing three maximum-severity vulnerabilities in UniFi OS that allow remote, unauthenticated attackers to modify systems, read files via path traversal, and perform command injection after gaining network access. Additional fixes include another critical command injection and a high-severity information disclosure issue. The flaws were reported via HackerOne and can be exploited with low complexity; Ubiquiti has not confirmed any in-the-wild exploitation. Censys reports nearly 100,000 Internet-exposed UniFi OS endpoints, with about 50,000 in the United States, though it is unclear how many have been remediated.
Patch ReleaseRemote Code ExecutionAuthentication Bypass
read more →

Apple blocks $2.2bn in App Store fraud attempts

🔒 Apple reports it prevented more than $2.2bn in fraudulent App Store transactions over the past year and blocked over 1.1 billion fraudulent account creations. By combining human review with machine learning and AI models, Apple says it accelerated fraud detection and disrupted new deceptive tactics. In 2025 the company also terminated 193,000 developer accounts, deactivated 40.4 million user accounts, and prevented use of 5.4 million stolen credit cards.
Data Breach
read more →

ROADtools misuse in cloud identity attacks

🔍 ROADtools is an open-source Python toolkit for red teams and researchers that attackers have repurposed to target Microsoft Entra ID. It enumerates tenants, registers devices, and acquires or manipulates OAuth2/OpenID Connect tokens while using legitimate Microsoft APIs and configurable request attributes to evade detection. Nation-state actors have used ROADtools for discovery, persistence and defense evasion, and Palo Alto Networks outlines detection queries, mitigation recommendations and protections available via Cortex Cloud, Cortex XDR and Unit 42 services.
MicrosoftNation-State ActorAzure Entra IDOAuth Misconfiguration
read more →

Why AI Security Strategies Fail at the OT Edge

🔧 Industrial AI initiatives collide with legacy OT realities: an AI-ready control room can still depend on an unpatched Windows 7 maintenance laptop that alone communicates with protection relays. The author reports pervasive visibility gaps across utilities and plants, noting fewer than 10% of OT networks have meaningful monitoring. AI trained on IT telemetry misclassifies normal industrial traffic and automated responses risk shutting down production; passive monitoring of Level 0–2 protocols and a focus on crown-jewel processes are essential before layering AI.
OT SecurityAI SecurityPatch ManagementDetection Engineering
read more →