Hello, stay ahead with CISO Brief 🚀

🖼️ Google Cloud adds two new Gemini models—Nano Banana 2 Lite and Gemini Omni Flash—to the Gemini Enterprise Agent Platform, offering faster, cost-efficient image generation and advanced conversational video editing. Nano Banana 2 Lite is generally available and optimized for low-latency image generation and rapid iteration, while Gemini Omni Flash is in public preview for high-quality video generation, multimodal inputs, and conversational editing. Both models emphasize price-performance, content authenticity via C2PA and SynthID, and integration into creative workflows and partner tools.

🔗 The Gemini Enterprise Agent Platform remote MCP server lets external AI agents securely access Google Cloud Agent Platform resources. It acts as a standardized bridge so tools like Antigravity CLI or Claude Code can call models in Model Garden, manage Notebooks, and use shared prompts without leaving the IDE. Enable the API, configure your client, and use provided Toolset Endpoints to start integrating quickly while maintaining governance.

🧪 Schrödinger partnered with Google Cloud and DeepMind to deploy AlphaEvolve, an evolutionary AI coding agent that iteratively generates and refines algorithms to remove bottlenecks in MLFF training pipelines. The team targeted neighbor list computation and the Ewald summation in PyTorch, replacing slow for-loops with a batched parallel matrix multiplication implementation. This optimization increased the success rate of correct and faster programs from under 1% to over 60% and delivered a 4× speedup in training and inference, accelerating workflows in drug discovery, catalyst design, and materials development.

🔒 Google Cloud introduces AlloyDB Omni, a hybrid deployment of AlloyDB for PostgreSQL designed to modernize financial services databases while preserving data residency and regulatory compliance. The offering promises PostgreSQL compatibility to reduce vendor lock-in, high transactional performance, and integrated analytics and AI capabilities delivered on-premises, at the edge, or in hybrid clouds. It targets legacy licensing, sovereignty, and real-time insights gaps, and highlights customer outcomes demonstrating faster transactions and accelerated analytics.

🛡️ McAfee Labs uncovered an active campaign, dubbed Silent Swap, that deploys malicious Chromium extensions masquerading as a 'Google Notes' utility to intercept and replace cryptocurrency wallet addresses copied to the clipboard. The installers, observed in .NET and Golang variants, inject the extension into Chromium-based browsers by modifying protected preferences and recalculating security hashes to bypass store installation. The threat uses an EtherHiding technique to resolve C2 domains via the blockchain and performs dynamic, server-side wallet mappings to redirect funds to attacker-controlled addresses. Telemetry shows global infections, with higher concentration in India.

🔒 A critical authentication bypass in SimpleHelp's RMM software was exploited to forge a technician login token and deliver two previously unseen malware families. Researchers at Blackpoint Cyber found the flaw (CVE-2026-48558) allowed unauthenticated token forgery by skipping cryptographic signature checks in OpenID Connect. Attackers abused built-in file transfer and remote execution to deploy a Node.js loader named TaskWeaver and a cross-platform stealer called Djinn Stealer. The vulnerability received a CVSS score of 10 and was patched in late May; CISA added it to KEV on June 29.

🔒 New research from Adversa AI, dubbed GuardFall, shows a decades-old shell trick can bypass simple blocklist checks in open-source AI coding agents, letting hidden destructive commands run. The flaw arises because filters inspect the command as plain text while shells like bash rewrite and expand that text before execution. Ten of eleven tested agents were vulnerable; only Continue defended by parsing commands the same way the shell does.

📣 Flare researchers examined underground forum discussions and tools used to orchestrate Business Email Compromise (BEC) campaigns, finding that attacks extend beyond email to include remote access, cash-out networks, and call centers. Actors target finance and leadership SaaS accounts, increasingly using AI to craft realistic messages and scale operations. Defenders should monitor exposed credentials, enforce MFA, train high-risk staff, and treat multi-channel contacts cautiously.

🔍 Researchers tested 444 iPhone AI chatbot apps and found 282 leaking paid AI access via network traffic, often as plaintext keys, reusable tokens, or unsecured backend relays. The team used a tool called LLMKeyLens to capture credentials without jailbreaking. Only 28% of affected apps were fixed after three months; many tokens remained valid and susceptible to costly misuse.

🔒 Fortinet describes its integration of frontier AI models (Anthropic’s Glasswing/Mythos and OpenAI’s Daybreak/GPT 5.5 Cyber) alongside on-premises models to scale security testing across firmware, source code, and penetration testing. The company emphasizes responsible innovation, mature vulnerability management, and human validation of AI findings. Fortinet reports limited exploitable firmware issues but greater findings from source-code analysis and commits to mitigation, virtual patching, and secure-by-default deployments.

🛰️ The Financial Times reports on how AI is transforming video surveillance, drawing on examples from Israel, Iran and Russia. These AI tools let analysts ask natural-language questions of video streams rather than rely on limited preset searches. Analysts can now search for behaviors—such as two people exchanging a bag, repeated vehicle movements, or changes in appearance—creating new investigative possibilities. Officials call this shift a major advancement in surveillance capability.

🔒 Analysis by ReliaQuest shows the ClickFix social engineering technique dominated malware delivery from March to May 2026. ClickFix tricks users into pasting attacker-supplied commands into trusted dialogs like Run, Terminal, or Script Editor, allowing payloads such as infostealers to execute while evading many defenses. The method has been used to deliver Windows malware and, notably, to deploy AMOS/Atomic Stealer to macOS via Script Editor. ReliaQuest urges equal monitoring for macOS and recommends user training and administrative restrictions to mitigate ClickFix risks.

🚀 AWS GovCloud (US) now offers Anthropic's Claude Opus 4.8, the vendor's most capable generally available model to date. Claude Opus 4.8 improves agentic coding, long-running autonomous tasks, and professional knowledge work by maintaining extended context, planning before edits, and recovering from errors. Amazon Bedrock delivers access while keeping data in AWS infrastructure and adding AWS-managed features such as Guardrails and Knowledge Bases.

⚠️ Check Point Research found that cybercriminals pre-built and partially deployed fraud infrastructure targeting FIFA World Cup 2026 before the June 11 kickoff, focusing on financial services, transportation, hospitality, and gambling. Pre-tournament research highlighted weak DMARC enforcement among partners, a 60x surge in fake sportsbook apps concentrated on Google Play, and large volumes of lookalike travel and hotel domains created two months prior. Check Point's exposure, brand protection, and dark web monitoring capabilities flagged the activity and report rapid remediation metrics.

🔒 Aflac disclosed that attackers accessed systems at its wholly owned Japan subsidiary between June 15 and June 25, 2026, prompting suspension of certain systems while operations continue. The insurer is working with external cybersecurity experts, has notified Japanese regulators, and will inform affected individuals. Aflac said U.S. systems were not accessed and the full scope of the incident remains under investigation.

🔒 Microsoft introduced a Teams admin policy that prevents third-party bots from joining meetings without organizer approval. The feature, announced earlier in the Microsoft 365 roadmap, will roll out across Windows, macOS, Android, and iOS for multi-tenant and GCC customers. When enabled, Teams detects potential bots, places them in the lobby, identifies them clearly, and prompts organizers to admit them. Microsoft plans further controls such as allow lists, blocking policies, and audit reports to enhance visibility and governance.

🛡️ Microsoft introduced a Teams admin policy that prevents third-party bots from joining meetings without organizer approval. The feature, announced in March, will roll out across Windows, macOS, Android, and iOS for standard multi-tenant and GCC clouds. When enabled, Teams detects potential bots, places them in the lobby, clearly identifies them, and prompts organizers to confirm admission. Additional controls planned include allow lists, blocking policies, reports, and audit logs to give admins greater visibility and control.

🛡️ Trend Micro's TrendAI discovered a phishing campaign targeting Booking.com partner accommodations in Japan that uses guest complaint impersonations to trick staff into opening malicious attachments. The delivered malware, TONResolver, is hosted via a smart contract on the TON blockchain and acts as a remote access trojan, establishing persistent backdoor connectivity for follow-up intrusion. Attackers abused scheduling-tool notifications to bypass SPF/DKIM/DMARC protections and used Node.js obfuscation and LNK-based delivery to frustrate detection.