Hello, stay ahead with CISO Brief 🚀

🏥 A new RunSafe Security index found that 24% of healthcare organizations experienced cyber-attacks affecting medical devices in the past year, with 80% of those incidents causing moderate or significant patient impact, from delayed imaging to interruptions in critical care. The survey of 551 professionals across the US, UK and Germany shows growing integration of security into procurement—82% deploying runtime exploit protection and 84% including cyber requirements in vendor RFPs—yet legacy devices remain a major exposure.

🛡️ Generative AI enables defenders to deploy large numbers of convincing, adaptive honeypots — from Linux shells to IoT devices — using simple text prompts. These AI-driven decoys are particularly effective against automated attackers that favor speed over stealth, allowing analysts to observe tactics and tooling in real time within a controlled environment. By exploiting the lack of awareness in AI agents, organizations can shift from passive detection to active manipulation, turning attacker automation into a defensive liability. Prototype implementations show how a listener, simulated vulnerability, and an AI responder combine to emulate targeted systems at scale.

🔒AWS says long-standing infrastructure and cryptographic choices position it to address emerging AI and quantum threats. The company highlights the Nitro hardware platform — enabled by a 2015 semiconductor acquisition and deployed from 2017 — to provide strong isolation, confidential compute, and a 'zero humans' maintenance model. By favoring symmetric cryptography in KMS (launched 2013) and adding S3 controls like an 'active defense' that returns 'Bucket not found', AWS argues most customer data will not require immediate mass re-encryption while it pursues public-certificate post-quantum authentication by 2028–2029.

🔒 CISA has added two actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2024-1708, a path traversal flaw in ConnectWise ScreenConnect (CVSS 8.4), and CVE-2026-32202, a protection-mechanism failure in Windows Shell (CVSS 4.3). Patches were released in February 2024 and April 2026 respectively. The additions follow observed real-world exploitation, including chaining with other CVEs and activity attributed to both nation-state and criminal groups. Affected organizations and federal agencies should prioritize remediation and verify deployments of the relevant fixes.

⚠️ Microsoft is investigating a known issue that prevents some Teams Free users from chatting and calling others. A recently deployed backend change is skipping onboarding and privacy consent screens for affected users, leaving profiles incomplete and causing them to appear as 'Unknown users' to others. Microsoft has flagged the incident as an service degradation, says first reports emerged on April 8, and plans another status update later today.

⚠️ A critical SQL injection (CVE-2026-42208, CVSS 9.3) in the open-source LiteLLM Python gateway allowed unauthenticated attackers to inject SQL via a proxy API key check by placing crafted values in the Authorization header. Maintainers released 1.83.7-stable on April 19, 2026, to fix versions >=1.81.16 and <1.83.7. Security vendor Sysdig reported active exploitation within roughly 26–36 hours of disclosure, with probes focused on credential tables that store upstream LLM provider keys. Operators should update immediately or set disable_error_logs: true as a temporary mitigation.

🛡️ Security researchers at Socket uncovered 73 additional fraudulent Open VSX extensions impersonating trusted developer tools; many now include benign code to evade scanners and later fetch a GlassWorm loader. The extensions act as thin loaders, sometimes bundling native binaries, and connect to newly created repositories to download malicious updates. Of the 73, small subsets were activated in staged waves; Socket notified the Eclipse Foundation, and most have been removed.

⚠️ VECT 2.0 ransomware contains a nonce-handling defect that overwrites per-chunk nonces when encrypting files, leaving only the final nonce saved. As a result, files larger than about 128 KB are partially unrecoverable — roughly only the last quarter can be decrypted — causing the malware to act like a wiper for many enterprise assets. Check Point researchers report the flaw affects Windows, Linux and ESXi builds and means victims cannot recover corrupted data even if they pay.

🔓 LiteLLM's proxy contains a pre-auth SQL injection in its API key verification, tracked as CVE-2026-42208. An attacker can send a crafted Authorization header to any LLM API route to read and modify the proxy database, exposing API keys, master keys, provider credentials, and environment secrets. Exploitation was observed about 36 hours after public disclosure and targeted '/chat/completions'. Upgrade to 1.83.7 or apply the suggested workaround and rotate any exposed credentials.

🔒 Vimeo says an unauthorized actor accessed certain user and customer data following the breach at Anodot. Initial findings indicate the impacted databases primarily contained technical data, video titles and metadata, and, in some cases, customer email addresses. Vimeo confirmed that uploaded video content, account credentials, and payment card information were not exposed, and that platform operations were unaffected. The company has disabled Anodot credentials, removed the integration, and engaged third-party security experts and law enforcement to investigate.

🔒 The AWS Customer Incident Response Team (AWS CIRT) released the March 2026 update to the Threat Technique Catalog for AWS, adding three new entries that address identity abuse, persistence, infrastructure destruction, and privilege escalation. The update highlights concrete, real-world techniques — Cognito refresh token abuse, AMI deregistration, and misuse of UpdateAssumeRolePolicy — that let attackers hide in legitimate operations. Each entry includes detection guidance and straightforward mitigations you can apply today, such as enabling refresh token rotation, protecting AMIs with Recycle Bin retention rules, and monitoring trust-policy changes.

🤖 At Google Cloud Next, public sector leaders showcased how they are using AI agents to boost productivity and mission impact across government and research organizations. Google introduced the Gemini Enterprise Agent Platform—an evolution of Vertex AI—plus the Gemini Enterprise App with Gemini 3.1 Pro and an Agent Designer for inspectable, schedule‑based workflows. The announcement also covered AI infrastructure (TPU 8 series), an Agentic Data Cloud, enhanced security and Agentic Defense, partner initiatives, and upskilling through the GEAR program.

🚀 AWS Glue 5.1 is now generally available across commercial and AWS GovCloud (US) Regions, bringing updated runtimes, open-table-format support, and enhanced security controls. This release upgrades core engines to Apache Spark 3.5.6, Python 3.11, and Scala 2.12.18, and refreshes support for Apache Hudi 1.0.2, Apache Iceberg 1.10.0, and Delta Lake 3.3.2. It also adds Apache Iceberg format v3.0 features and extends AWS Lake Formation fine-grained access control to include write DML and DDL for Spark DataFrames and Spark SQL, plus full-table access control for Hudi and Delta tables.

🔒 GitHub patched a critical command-injection vulnerability, CVE-2026-3854, that allowed an authenticated user with push access to achieve remote code execution via a single git push. Researchers at Wiz disclosed the issue on March 4, 2026, and GitHub deployed a fix to GitHub.com within two hours while releasing updates for GitHub Enterprise Server. The flaw resulted from insufficient sanitization of git push options incorporated into the internal X-Stat header, enabling injection of metadata fields to override execution controls. Administrators should apply the provided GHES updates immediately.

🛡️ A Brazil-based cybercrime group known as LofyGang has resurfaced after more than three years, deploying a new infostealer called LofyStealer (aka GrabBot) that specifically targets Minecraft players. The malware is disguised as a game cheat called 'Slinky' and uses a JavaScript loader to drop and execute chromelevator.exe in memory to harvest browser data. It captures cookies, passwords, tokens, payment cards and IBANs across multiple browsers and exfiltrates them to a C2 at 24.152.36[.]241. ZenoX highlights a strategic shift to a malware-as-a-service model with free and premium tiers and warns that attackers are increasingly abusing GitHub, SEO-poisoned lures and other trusted platforms to distribute malicious payloads.

📥 AWS Cost Optimization Hub now offers a one-click CSV download in the console, allowing users to export cost optimization recommendations directly to their local machine. Exports respect current filters, sorting, and grouping and begin immediately for offline analysis or stakeholder sharing. This complements existing automated Data Export to Amazon S3 and is available in all supported regions.

🔌 At Google Cloud Next ’26, Google announced that more than 50 Google-managed MCP servers are generally available or in preview, enabling AI agents to connect securely to Google and Google Cloud services without local MCP deployments. The managed endpoints integrate with major agent runtimes and frameworks including Gemini CLI, LangChain, ADK, and others, supporting Resources and Prompts as protocol primitives in addition to Tools. The offering emphasizes enterprise-grade security, governance, and observability through native IAM controls, Model Armor content safety, OpenTelemetry tracing, and Cloud Audit Logs.

⚙️ Administrators can now migrate Amazon WorkSpaces Personal from PCoIP to Amazon DCV using a guided, single‑click console action in addition to existing CLI and API methods. WorkSpaces take an automatic checkpoint snapshot before migration to enable rollback and protect against data loss, and session provisioning is blocked during the process with clear end‑user messaging. By moving to DCV, customers gain broader OS support—including Windows 11 and Windows Server 2025—along with enhanced security options such as certificate‑based authentication and WebAuthN, and improved streaming performance.