Hello, stay ahead with CISO Brief 🚀

Every day the cybersecurity world moves fast — new incidents, evolving AI risks, changing regulations, and critical vendor updates. We cut through the noise to deliver only what matters most for your business and security strategy.

CISO Brief brings you a daily digest of high-signal news: major breaches, hyperscaler security releases, AI and compliance shifts, and the latest threat intelligence — all in one concise update.

Built for CISOs, CTOs, and architects, our goal is to save you time, reduce distraction, and keep you always on pulse with the risks and opportunities that shape tomorrow.

👉 Join our Telegram channel for your daily update — stay informed, stay ready.

Cybersecurity News Digest — Daily Briefings

Latest News

all posts →

May 18, 2026

Storm-2949: Identity Compromise Leads to Cloud Breach

🔐 Microsoft Threat Intelligence details how Storm-2949 converted targeted identity compromise into a broad cloud breach, exfiltrating data from Microsoft 365 and production workloads in Azure. The actor abused SSPR-based social engineering to bypass MFA, performed directory discovery via Graph API, and leveraged management-plane operations to retrieve Key Vault secrets and download large volumes of data. Organizations should adopt behavior-based detections such as Microsoft Defender and tighten RBAC and administrative controls to detect and mitigate similar identity-driven cloud attacks.

Microsoft Azure Identity Security Cloud Account Compromise

May 18, 2026

INTERPOL Operation Ramz: 200+ Arrests and 53 Servers Seized

🔒 INTERPOL's Operation Ramz led to more than 200 arrests and the seizure of 53 servers used for phishing, malware, and online fraud, affecting at least 3,867 confirmed victims from nearly 8,000 intelligence packages. Authorities identified another 382 suspects across 13 MENA countries. INTERPOL partnered with private firms including Kaspersky, Group-IB, The Shadowserver Foundation, Team Cymru, and TrendAI to track malicious infrastructure. The operation disrupted phishing-as-a-service platforms, dismantled investment scam rings, and disabled malware-infected servers.

Phishing Malware Ransomware Gang Incident Response

May 18, 2026

AWS Console Adds Local Zones to Region Selector Now

🗺️ The AWS Management Console now displays AWS Local Zones in the Region selector, showing Local Zones alongside standard Regions in the console's top navigation. Selecting the Local Zones tab lists all opted-in Local Zones and clicking one brings users to the parent Region's Console page to view and manage resources. This streamlines navigation for customers operating across multiple Local Zones parented to different AWS Regions. The capability is available across all AWS Local Zones in public AWS Regions; to get started, open the Region selector in the Management Console.

AWS Product Update

May 18, 2026

SHub 'Reaper' macOS Infostealer Spoofs Apple Updates

🔔 SentinelOne researchers disclosed a new SHub macOS infostealer variant, dubbed Reaper, that lures victims with fake app installers and uses the applescript:// URL scheme to launch a malicious AppleScript. The payload displays a bogus Apple security update, requests the macOS password, and executes a shell script that harvests browser data, crypto wallets, passwords, iCloud and Telegram artifacts, and files from Desktop and Documents. Reaper also persists via a LaunchAgent, hijacks wallet apps by replacing core files, and clears quarantine flags to evade Gatekeeper.

SentinelOne Infostealer Malware

May 18, 2026

AWS Glue Zero-ETL Expands to Asia Pacific (Mumbai) Region

🔔 AWS Glue zero-ETL integrations are now available in the Asia Pacific (Mumbai) region. With this expansion, customers can replicate data from sources such as Amazon DynamoDB, Oracle Database@AWS, self-managed databases (Oracle, SQL Server, MySQL, PostgreSQL) and supported SaaS apps directly into analytics targets without building ETL pipelines. It automates schema mapping, change data capture, and incremental replication to reduce latency and accelerate analytics and ML workflows.

AWS Product Update

May 18, 2026

Windows 11 May Patch Fails Due to EFI Partition Size

⚠️ Some Windows 11 devices fail to complete Microsoft’s May Security Update when the EFI System Partition (ESP) has roughly 10MB or less free, producing the rollback message "Something didn’t go as planned. Undoing changes." Microsoft suggested a registry tweak or rollback while consultants warn this leaves endpoints unpatched and undermines trust in update validation. Experts recommend resizing partitions, testing fixes, and adding ESP checks to endpoint health.

Microsoft Patch Tuesday Infrastructure Security

May 18, 2026

Amazon Lightsail CDN Now Supports IPv6-Only Origins

🌐 Amazon Lightsail CDN distributions now support IPv6-only instances as origins. This enables customers to host websites and applications on cost-effective IPv6-only instances while delivering content through the Lightsail CDN with low latency and high transfer speeds worldwide. Previously, only IPv4 and dual-stack origins were supported. Lightsail CDN also accepts instances, containers, buckets, and load balancers as origins.

AWS Product Update

May 18, 2026

Five Practical Steps to Manage Shadow AI Tools Securely

🔍 Across organizations, employees run three to five AI tools daily—many unapproved and often connected to corporate data via OAuth, browser extensions, or newly added vendor features—creating a widening "shadow AI" gap that evades traditional network controls. The article outlines five practical steps security teams can apply: build an inventory, write usable policies, create a fast approval lane, implement browser-native monitoring, and deliver just-in-time coaching. Together these measures aim to preserve productivity while restoring visibility, reducing data exposure, and aligning employee workflows with security requirements.

SaaS Security OAuth App Abuse Security Awareness

May 18, 2026

Amazon EVS expands capacity to support 32 ESXi hosts

📢 Amazon Elastic VMware Service (Amazon EVS) now supports up to 32 ESXi hosts per environment, doubling the previous 16-host limit. You can place hosts within VMware Cloud Foundation domains as a single large cluster, multiple smaller clusters, or combinations that match operational requirements, and submit a service quota increase to scale. This capability is available in all regions where Amazon EVS is offered and aims to reduce the overhead of managing multiple environments.

AWS Infrastructure Security Virtualization Security

May 18, 2026

Leaked Shai-Hulud Source Fuels npm Infostealer Campaign

⚠️ OXsecurity identified four malicious npm packages published by account deadcode09284814, including typosquatted modules aimed at Axios users. One package, chalk-tempalte, contains a non-obfuscated clone of the leaked Shai-Hulud infostealer that steals credentials, secrets, and crypto wallet data and exfiltrates it to a known C2. Another package, axois-utils, adds persistent DDoS bot functionality alongside credential theft. Developers should remove affected packages and rotate exposed credentials and API keys immediately.

Infostealer Supply Chain Compromise Typosquatting

May 18, 2026

AI Attack Capability Rising Faster Than Expected Per UK Tests

🔍 New benchmarks from the UK’s AI Security Institute (AISI) show leading AI models rapidly improving at multi-stage penetration testing, with the difficulty of tasks solvable by models doubling every 4.7 months as of early 2026. The tests measure the longest task an AI can complete with 80% success relative to human work-hours, emphasizing autonomous chaining of steps rather than raw speed. While there are caveats — token limits and inconsistent model performance — the findings highlight growing offensive and defensive implications for enterprise security.

AI Security Threat Research Penetration Testing

May 18, 2026

AWS SAM CLI Adds Support for CloudFormation Extensions

🛠️ AWS SAM CLI now processes AWS CloudFormation Language Extensions in-memory for local workflows, letting developers define repeating serverless resources once and iterate without deploying to the cloud. Commands such as sam build, sam local invoke, sam sync, and sam local start-api automatically expand Fn::ForEach loops and support several helper functions and conditional policies. Update to the latest SAM CLI and add AWS::LanguageExtensions to your template to begin.

AWS Serverless Security

May 18, 2026

Amazon Redshift Supports ALTER TABLE for Apache Iceberg

🧊 Amazon Redshift now writes directly to Apache Iceberg tables via the auto-mounted awsdatacatalog and supports ALTER TABLE DDL to change schema, partitioning, and table properties. Supported operations include ADD/DROP/ALTER columns, RENAME COLUMN, SET TABLE PROPERTIES, and ADD/DROP/REPLACE PARTITION FIELD to evolve partition strategies and compression settings. Tables modified by Redshift remain interoperable with other Iceberg engines and respect AWS Lake Formation permissions.

AWS Data Security Cloud Security

May 18, 2026

Google Cloud’s Agentic Data Cloud: Streaming AI News

🚀 Google Cloud announced streaming AI enhancements to its Agentic Data Cloud at Next ‘26, unifying Pub/Sub, Dataflow, BigQuery, Bigtable and Managed Service for Kafka to deliver real-time context and low-latency inference. These additions include Pub/Sub AI inference, BigQuery continuous queries for stateful stream processing, Pub/Sub→Bigtable subscriptions, and unified embedding sinks for immediate semantic search and agent memory. The platform also supports MCP and ADK integrations so agents can manage resources and run inside Dataflow pipelines, reducing context lag for use cases like fraud detection and autonomous supply chain actions.

Google Cloud Agentic AI BigQuery MCP

May 18, 2026

Protect Growing Businesses in an AI-Powered World Now

🔒 AI is reshaping work and accelerating threats, with AI-automated phishing reported to be 4.5× more effective than traditional attacks. Growing businesses must balance speed, stability, and risk while often lacking dedicated security teams. Microsoft Security promotes simple, integrated protections for devices, identities, email, and cloud apps. Microsoft 365 Business Premium provides centralized, automated defenses so operations stay resilient and customer trust is preserved.

Microsoft Phishing Email Security

May 18, 2026

Fleet-Wide A/B Experimentation for Infrastructure at Scale

🔬 At Google, A/B experimentation extends beyond UI tweaks to critical infrastructure components like kernels, memory allocators, and schedulers. They run machine-level experiments on representative 1% subsets of the fleet to avoid selection bias and capture system-wide effects across colocated workloads. The framework enforces binary hermeticity and a strict two-step rollout so experiments can be activated and rolled back safely. Performance is assessed using application-defined productivity metrics, machine counters, and reliability signals.

Google Infrastructure Security Research

May 18, 2026

Building an Agentic Data Layer on Google Cloud: 5 Scenarios

🔒 This article outlines five architectural patterns for exposing enterprise data to autonomous systems on Google Cloud, using BigQuery examples and mocked CRM data as pedagogical blueprints. It contrasts deterministic, developer-authored SQL APIs with agentic approaches that use LLMs, platform-native reasoning like the Conversational Analytics API, and the vendor-neutral Model Context Protocol (MCP). It highlights trade-offs in trust, complexity, cost, latency, and maintenance.

Google Cloud Agentic AI BigQuery MCP

May 18, 2026

SageMaker Studio Adds Flexible Training Plan Reservations

🚀 Amazon SageMaker Studio IDEs, including JupyterLab and Code Editor, now support GPU capacity reservations via SageMaker Flexible Training Plans (FTP), offering predictable access to high-performance resources and up to 65% cost savings versus On‑Demand. FTP provides a self-serve procurement flow to select instance type, reservation length, and start date. Studio apps can be launched using the purchased plan from the Instance dropdown, with automatic provisioning and proactive expiration notifications to protect work.

AWS Amazon SageMaker AI Machine Identity