Hello, stay ahead with CISO Brief 🚀

🧾 Amazon SageMaker HyperPod now supports data capture for inference workloads, allowing organizations to record request and response payloads for monitoring, compliance, debugging, and offline analysis. You can capture traffic at the SageMaker endpoint, load balancer, or model pod and combine layers for richer observability. Captured data is delivered asynchronously to Amazon S3 with configurable sampling and encryption using customer-managed AWS KMS keys and is designed to never block inference. Enable data capture via the HyperPod Inference Operator or SageMaker JumpStart.

🔒 Microsoft has disrupted the infrastructure behind a major malware code-signing service, seizing the group's site signspace[.]cloud and revoking more than 1,000 abused certificates. The company removed hundreds of attacker-controlled Azure virtual machines and linked the operation to a group it calls Fox Tempest. The service sold malware signing-as-a-service to ransomware affiliates, letting signed malicious installers evade Windows warnings and deploy backdoors, infostealers, and ransomware.

⚠️ A max-severity flaw (CVE-2026-45829) in the Python FastAPI server of ChromaDB allows unauthenticated attackers to load and execute remote models before authentication is enforced, enabling arbitrary code execution on exposed servers. The issue impacts PyPI-distributed releases used widely in AI retrieval stacks; a 1.5.9 release exists but it is unclear if the fix addresses this vulnerability. Mitigations include using the Rust frontend, avoiding public exposure of the Python API, and restricting network access to the ChromaDB API port.

🔒 Microsoft says it disrupted a malware-signing-as-a-service operation that abused its Azure Artifact Signing platform to generate fraudulent short-lived code-signing certificates used by ransomware gangs and other cybercriminals. The actor, tracked as Fox Tempest, created over 1,000 certificates and hundreds of Azure tenants and subscriptions. Microsoft seized the signspace[.]cloud domain, took virtual machines offline, revoked certificates, and filed a lawsuit in the Southern District of New York.

🔒 The AWS Customer Incident Response Team describes a tactic where attackers use credentials with the organizations:LeaveOrganization permission to remove a member account from an AWS Organization, bypassing inherited safeguards such as Service Control Policies and centralized management. After removal, the account is disentangled from consolidated billing, organization-wide CloudTrail trails, and delegated GuardDuty findings, reducing visibility. The post urges deploying the DenyLeaveOrganizationSCP, enforcing least privilege, securing root users with MFA and centralized root management, and updating detection and response workflows to monitor related CloudTrail events.

🔒 A public GitHub repository tied to a suspected CISA contractor exposed plain-text credentials—AWS tokens, GitHub access tokens, Kubernetes files, workflows and internal documents—discovered on May 14 by GitGuardian. The repo, active since November 13, 2025, contained roughly 844 MB of data and was taken offline within a day after disclosure. CISA is investigating and reports no current indication of sensitive compromise. Experts recommend centralized secret management, automated secret scanning, strict vendor controls and MFA to prevent similar exposures.

🔒 Discord has enabled default end-to-end encryption (E2EE) for all voice and video calls after completing the deployment in March. The company extended the open-source DAVE protocol across desktop, mobile, web browsers, PlayStation, Xbox and Discord SDKs, and is removing legacy unencrypted fallback code. The encryption layer now covers DMs, group DMs, voice channels and Go Live streams, while Stage channels remain excluded. Discord says it has no current plans to apply DAVE to text due to major engineering constraints tied to its existing messaging architecture.

🚀 Amazon Managed Workflows for Apache Airflow (Amazon MWAA) now supports Apache Airflow 3.2, the latest major release of the open-source orchestration framework. The update brings data-aware scheduling, asset partitioning, and expanded Human-in-the-Loop (HITL) features to simplify pipeline control and approvals. Other enhancements include Grid View virtualization, full XCom UI management, and async callable support in PythonOperator. Environments can be launched or upgraded in all supported MWAA regions via the AWS Console.

🛑 The FBI warns Americans lost more than $388 million in 2025 to scams that leverage cryptocurrency kiosks, commonly called crypto or Bitcoin ATMs. These standalone terminals, often located at gas stations and convenience stores, were used to transfer victims' cash to attacker-controlled wallets, with complaints up 23% and losses up 58% year‑over‑year. The IC3 received over 13,400 kiosk-related complaints and noted adults over 50 suffered a disproportionate share of losses. The bureau recommends verifying callers, refusing QR/payment instructions from unknown individuals, and preserving transaction receipts.

🔐 Microsoft reports that a threat actor tracked as Storm-2949 is abusing Self-Service Password Reset (SSPR) and social engineering to steal Microsoft Entra ID credentials and bypass MFA for privileged users. The attackers trick targets into approving authentication prompts, reset passwords, remove MFA, and enroll Microsoft Authenticator on attacker devices. Using Microsoft Graph and custom scripts they enumerate tenants, exfiltrate files from OneDrive and SharePoint, and pivot into Azure to harvest secrets from Key Vaults, storage accounts, and SQL databases. Microsoft recommends least privilege, conditional access, phishing-resistant MFA for admins, limiting RBAC, and extended Key Vault logging to mitigate these attacks.

🔒 The npm registry suffered a fast-moving supply-chain compromise on May 19 after attackers gained access to a high-privilege maintainer account (atool), pushing 637 malicious versions across 317 packages and infecting a large portion of the AntV namespace. The payload, a Mini-Shai-Hulud worm, steals npm/GitHub tokens and credentials and exfiltrates data to public GitHub repositories. AntV maintainers deleted infected versions, deprecated remaining packages, and advised users to audit, rotate credentials, and install known-safe releases.

🔧 Data Agent Kit is an open-source toolkit from Google Cloud that brings data engineering and data science skills, plugins, and secure connectors directly into your IDE or CLI. It provides prebuilt agentic skills, Model Context Protocol (MCP) integrations to BigQuery, AlloyDB, and Cloud Storage, plus native extensions for VS Code, Gemini CLI, Claude Code, and Codex. By grounding agents in unified enterprise data, it reduces manual ETL and context-window costs and accelerates intent-driven pipelines; the kit is available in preview.

🤖 Today at Google I/O, Google Cloud announced a broad set of AI advances delivered through Gemini Enterprise and Google Workspace, including Gemini 3.5 Flash, Gemini Omni, Antigravity, and Gemini Spark. These offerings include new models, an Agent Platform with a Managed Agents API, and CodeMender for automated code security. The updates emphasize agentic workflows, multimodal content creation, enterprise-grade security, and faster, cost-efficient model performance.

🔧 At Google I/O, Google Cloud introduced a unified developer toolkit that brings Antigravity 2.0, the Gemini Enterprise Agent Platform, the Managed Agents API, and ADK 2.0 into a shared protocol layer to accelerate local development and secure cloud deployment. The post outlines a four-rung ladder from low-code Agent Studio to code-first ADK, all underpinned by the interoperable A2A protocol. New Antigravity desktop and CLI tools provide a consistent harness for coding agents, while Managed Agents offer agent-as-a-service with sandboxed execution. The platform emphasizes governance, skill reuse, evaluation tooling, and secure pipelines for production.

⏸️ Amazon Elastic Container Service (Amazon ECS) now supports configurable pause points in service deployments, allowing operators to halt progression at critical stages for manual approvals, tests, or operational checks. ECS emits Amazon EventBridge events at pause points and provides the ContinueServiceDeployment API to resume or rollback. Pause hooks support timeouts up to 14 days and configurable timeout actions. The feature integrates with native deployment strategies and is available across commercial and GovCloud Regions.

🔔 AWS has launched Amazon Inspector in the Asia Pacific (Taipei) Region, extending automated vulnerability management to customers there. The service continuously scans Amazon EC2 instances, container images pushed to Amazon ECR, and AWS Lambda functions for software vulnerabilities and unintended network exposure across an AWS Organization. New accounts are eligible for a 15-day free trial that performs full scans of eligible resources at no cost. After the trial, usage is billed according to public Amazon Inspector pricing.

🔍 Researchers at HUMAN's Satori Threat Intelligence team disclosed "Trapdoor," a multi-stage Android ad fraud and malvertising operation involving 455 malicious apps and 183 threat actor-owned C2 domains. The campaign used utility-like apps to trick users into installing secondary apps that launch hidden WebViews, load HTML5 cashout domains, and perform automated touch-fraud. At its peak Trapdoor generated about 659 million bid requests per day, drove over 24 million app installs—mostly from U.S. traffic—and Google removed the identified apps after disclosure.

🔧 Microsoft is launching the Driver Quality Initiative to raise the bar for Windows 11 drivers, emphasizing security, stability, and performance across media, display, camera, audio, connectivity, and peripherals. The initiative centers on four pillars: moving drivers from kernel to user mode or Microsoft class drivers; stricter partner verification and automated checks; improved Windows Update catalog hygiene; and expanded telemetry on stability, performance, battery and thermal impact. Microsoft says it will work closely with OEMs and silicon partners including AMD and Intel, and the changes will be phased in across 2026 as WinHEC resumes. The company frames this as a partnership to restore trust in Windows quality after recent criticism.