< ciso
brief />

Hello, stay ahead with CISO Brief 🚀

Every day the cybersecurity world moves fast — new incidents, evolving AI risks, changing regulations, and critical vendor updates. We cut through the noise to deliver only what matters most for your business and security strategy.

CISO Brief brings you a daily digest of high-signal news: major breaches, hyperscaler security releases, AI and compliance shifts, and the latest threat intelligence — all in one concise update.

Built for CISOs, CTOs, and architects, our goal is to save you time, reduce distraction, and keep you always on pulse with the risks and opportunities that shape tomorrow.

👉 Join our Telegram channel for your daily update — stay informed, stay ready.

Cybersecurity News Digest — Daily Briefings

Latest News

all posts →

Zealot: Autonomous AI Attacks on Cloud Environments

🔒 Unit 42 demonstrates Zealot, a multi-agent LLM proof of concept that autonomously chained well-known cloud exploits in an isolated GCP sandbox. The system coordinated specialist agents to perform reconnaissance, exploit an SSRF vulnerability, steal metadata service credentials, impersonate service accounts and exfiltrate BigQuery data without step-by-step human prompts. The report emphasizes that AI acts as a force multiplier—accelerating exploitation of misconfigurations rather than inventing novel techniques—and urges defenders to harden metadata access, enforce least privilege and adopt machine-speed detection and response.
read more →

Researchers Find 10 In-the-Wild Prompt Injection Payloads

🔒 Forcepoint researchers have uncovered 10 distinct indirect prompt injection (IPI) payloads embedded in web content that instruct AI agents to perform malicious real‑world actions such as financial fraud, data destruction and API key exfiltration. The attacks poison pages so that browsing or summarizing agents ingest and execute attacker directives, often overriding prior safeguards. Forcepoint warns risk scales with AI privilege and highlights threats to agentic tools integrated into IDEs, payment flows and automation pipelines.
read more →

Microsoft Adds Anthropic Mythos to SDLC, Boosts Security

🔒 Microsoft will integrate Anthropic’s Mythos Preview into its Security Development Lifecycle, using the model alongside other advanced AI to surface vulnerabilities earlier in the software development process. The company says the move aims to strengthen and harden core products including Windows, Azure, and Microsoft 365 by improving automated detection and secure coding. Analysts note the shift signals frontier models moving from experimental tools into standard engineering workflows while raising dual-use concerns.
read more →

China-aligned GopherWhisper APT Targets Mongolian Government

🛡️ ESET reports a previously undocumented China-aligned APT, tracked as GopherWhisper, has compromised Mongolian governmental systems with a modular suite of backdoors and loaders. The actor primarily uses tools written in Go and abuses legitimate services — including Discord, Slack, Microsoft 365 Outlook, and file[.]io — for command-and-control and data exfiltration. ESET found about 12 infected systems at one institution and telemetry from attacker-controlled Discord and Slack suggests additional victims. Message timestamps and Slack locale align with China Standard Time, supporting a China-aligned assessment.
read more →

NCSC Endorses Passkeys as Default Consumer Login Option

🔐 The UK’s National Cyber Security Centre (NCSC) now recommends passkeys as the preferred sign-in method for consumers, advising passwords only when passkeys are unavailable. This follows a year of collaboration with the FIDO Alliance, observed improvements across the passkey ecosystem and successful NHS deployments. The NCSC also urges businesses to adopt passkeys as the default and to use single sign-on (SSO) where possible, with additional business guidance expected.
read more →

Vercel Identifies Additional Customer Account Breaches

🔒 Vercel said it has identified an additional set of customer accounts compromised as part of an incident after expanding its indicators of compromise and reviewing network requests and environment‑variable read events. The company reported a small number of accounts showing prior compromise that predates this incident and may stem from social engineering, malware, or other methods, and confirmed it notified affected parties. Investigators traced the chain to a compromise of Context.ai that allowed takeover of a Google Workspace account and pivoting into Vercel; further analysis points to Lumma Stealer as a likely initial payload.
read more →

Apple fixes iOS bug that retained deleted notifications

🔒 Apple released patches for iOS and iPadOS to fix a Notification Services logging flaw that could retain notifications marked for deletion. Tracked as CVE-2026-28950, the issue was addressed by improving data redaction so deleted alerts are no longer preserved. Affected models were fixed in iOS 26.4.2/iPadOS 26.4.2 and in iOS/iPadOS 18.7.8 for other devices. The update follows reporting that copies of Signal messages were forensically extracted from push notification storage.
read more →

Serial-to-Ethernet Converters Riddled with Vulnerabilities

⚠ Forescout's BRIDGE:BREAK study finds serial-to-Ethernet adapters widely shipped with outdated kernels and insecure open-source components, exposing industrial, healthcare, and retail equipment to attack. Researchers report firmware images averaged roughly 80 OSS components and nearly 2,500 known vulnerabilities with public exploits present. Manual analysis uncovered 22 new flaws in Lantronix and Silex devices enabling RCE, authentication bypass, firmware tampering, and device takeover. Vendors released patches; operators should patch, remove internet exposure, enforce strong credentials, segment networks, and monitor for misuse.
read more →

Claude Mythos Finds 271 Firefox Flaws, Shifts Security

🔍 Claude Mythos Preview uncovered 271 security flaws in Firefox 148, all addressed in Firefox 150, prompting claims that the model can match human researchers in vulnerability discovery. Mozilla and security experts say Mythos closed significant gaps left by fuzzing and automation, though Anthropic is investigating reported unauthorized access to the model. Teams are urged to adopt continuous AI-assisted testing and treat models as privileged infrastructure.
read more →

Malicious pgserve and automagik Packages Target npm

🛡️ Security researchers at Socket and StepSecurity have identified malicious versions of pgserve and automagik published to the npm registry that execute a credential-harvesting payload during installation. The trojans collect tokens, SSH keys, cloud credentials (AWS, Azure, GCP), browser passwords and crypto wallet funds, and attempt to propagate by using any npm publish tokens found on infected machines. Stolen data is encrypted and exfiltrated to a decentralized ICP canister, chosen specifically to resist takedown. Developers are urged to rotate all credentials immediately, disable automatic postinstall scripts (npm config set ignore-scripts true), harden CI/CD egress and tighten token scopes.
read more →

Google Cloud Next '26 Day 1: Gemini and the Agentic Stack

🚀 At Google Cloud Next ’26, Google presented a unified stack to move AI into enterprise production, anchored by Gemini Enterprise as the connective tissue between data, people, and goals. Key launches include the Gemini Enterprise Agent Platform for building, scaling, governing, and optimizing agents, and the AI Hypercomputer with next-generation TPU 8 chips. Google also outlined the Agentic Data Cloud to ground agents in enterprise context, expanded security agents in Agentic Defense, Workspace Intelligence enhancements, and cross-cloud data capabilities to accelerate real-world deployment.
read more →

Tip-line Breach and Rockstar Leak Highlight Security Risks

🔐 A tip‑line operator that handled anonymous reports for 35,000 U.S. schools suffered a major breach after an attacker exploited an XSS flaw in a LeverTip chat box and stole a staff session cookie via social engineering. The intruder exfiltrated 91 GB (≈8.3M tip records), some dating back decades, and offered the dataset for sale. Separately, Rockstar Games experienced a third‑party compromise that exposed partial data, including internal financial figures. Both incidents underscore failures in basic web hygiene, third‑party controls, and incident transparency.
read more →

Apple fixes iOS bug retaining deleted notifications

🔒 Apple released out-of-band updates for iPhone and iPad to address a Notification Services flaw that could leave deleted notifications stored on the device. The bug, tracked as CVE-2026-28950, was patched on April 22, 2026 in iOS 26.4.2, iPadOS 26.4.2, iOS 18.7.8 and iPadOS 18.7.8. Apple says the issue was resolved through improved data redaction but provided no further technical details or confirmation of exploitation. Users are advised to install the updates promptly.
read more →

SageMaker Unified Studio Adds Multiple Code Spaces

🧑‍💻 Amazon SageMaker Unified Studio now lets data workers create and manage multiple code spaces within a single project for IAM domains. Each space maintains its own persistent Amazon EBS volume and independent compute and storage settings, and can be paused, resumed, or connected to a local IDE while preserving files and session state. This enables parallel workstreams and isolated experiments with tailored runtimes and is available in all Regions where SageMaker Unified Studio is offered.
read more →

Mirai Campaign Exploits RCE in EoL D-Link DIR-823X Routers

🔒 A new Mirai-based campaign is actively exploiting CVE-2025-29635, a command-injection RCE that affects D-Link DIR-823X routers, to enlist devices into a botnet. Akamai's SIRT observed the activity in March 2026 and found attackers downloading and executing a shell script that installs a multi-architecture Mirai variant called tuxnokill. The affected DIR-823X line reached end of life in November 2024 and is unlikely to receive a vendor patch. Users are advised to replace EoL devices, disable remote administration, change default passwords, and monitor for configuration changes.
read more →

Amazon EC2 C8i-flex Instances Now in Europe, New Zealand

🚀 Amazon has launched EC2 C8i-flex instances in Europe (Ireland, London) and Asia Pacific (New Zealand). Powered by custom Intel Xeon 6 processors exclusive to AWS, C8i-flex deliver up to 15% better price-performance and 2.5x the memory bandwidth versus prior Intel-based instances, and up to 20% higher throughput than C7i-flex. AWS reports workload-specific gains — up to 60% faster NGINX, 40% for deep learning recommendation models, and 35% for Memcached — and offers sizes from large to 16xlarge purchasable via Savings Plans, On-Demand, and Spot.
read more →

AWS launches EC2 C8i instances in Ireland and NZ regions

⚡ Starting today, Amazon EC2 C8i instances are available in Europe (Ireland) and Asia Pacific (New Zealand). Powered by AWS-exclusive custom Intel Xeon 6 processors, C8i delivers up to 15% better price-performance and 2.5x the memory bandwidth versus previous Intel-based instances, and up to 20% higher performance than C7i. AWS reports workload-specific gains — up to 60% faster for NGINX, 40% for deep learning recommendation models, and 35% for Memcached. The family includes 13 sizes (two bare metal and a new 96xlarge) and can be purchased via Savings Plans, On-Demand, or Spot.
read more →

Kyber Ransomware Uses Kyber1024 Post-Quantum on Windows

🔒 Rapid7 analyzed two Kyber ransomware variants discovered in March 2026 that were deployed on the same network: one targeting VMware ESXi and one targeting Windows file servers. The ESXi build advertises post‑quantum Kyber1024 but instead uses ChaCha8 for file encryption and RSA‑4096 for key wrapping. The Windows variant, written in Rust, implements Kyber1024 and X25519 to protect symmetric keys while using AES‑CTR for bulk file encryption, and includes destructive routines such as service termination, backup deletion and an experimental Hyper‑V shutdown.
read more →