< ciso
brief />

Hello, stay ahead with CISO Brief 🚀

Every day the cybersecurity world moves fast — new incidents, evolving AI risks, changing regulations, and critical vendor updates. We cut through the noise to deliver only what matters most for your business and security strategy.

CISO Brief brings you a daily digest of high-signal news: major breaches, hyperscaler security releases, AI and compliance shifts, and the latest threat intelligence — all in one concise update.

Built for CISOs, CTOs, and architects, our goal is to save you time, reduce distraction, and keep you always on pulse with the risks and opportunities that shape tomorrow.

👉 Join our Telegram channel for your daily update — stay informed, stay ready.

Cybersecurity News Digest — Daily Briefings

HollowByte DoS in OpenSSL bloats server memory

🛡️ Okta researchers disclosed a DoS flaw named HollowByte that lets unauthenticated attackers bloat OpenSSL server memory by sending an 11-byte payload with a forged header. Vulnerable OpenSSL versions allocate memory based on the claimed message length before receiving the payload, then block waiting for data that never arrives, causing heavy heap fragmentation and long-lived RSS growth. The OpenSSL team silently fixed the issue and backported the patch to multiple release lines; administrators are urged to upgrade to the patched versions immediately.
read more →

OnlyFans creators help CISOs curb site abuse

🔒 Security researchers report that OnlyFans creators are using DMCA takedown rights and search engine mechanisms to disrupt scam networks that host stolen adult content on compromised government and university websites. These operations — called SEO parasites — route traffic from hijacked entry pages to monetized scam or malware sites. The takedowns not only remove illicit content from search results but also prompt site owners to investigate and remediate vulnerabilities.
read more →

One‑click migration to Amazon OpenSearch UI

🔄 Amazon OpenSearch Service now provides one‑click migration from legacy OpenSearch Dashboards to the new OpenSearch UI for both domains and serverless collections. This serverless, zero‑downtime interface enables unified observability and search across data sources while preserving tenants and saved objects. You can migrate into new or existing OpenSearch UI workspaces and choose whether to consolidate or retain multiple tenants per team. The capability is available in all Regions where OpenSearch UI is offered and is documented in the OpenSearch UI Help and Amazon OpenSearch Service Developer Guide.
read more →

Shadow Token via Remote Debug: OAuth mailbox hijack

đź”’ Kaspersky researchers describe a covert technique named Shadow Token via Remote Debug (STRD) used by the ToddyCat APT to gain persistent access to Google Workspace mailboxes without user interaction. The attackers deploy malware (Umbrij) that duplicates a browser profile, launches a headless debugging browser, and programmatically authorizes a third-party OAuth app to obtain an access token. This approach can survive password resets and evades endpoint detection when properly executed.
read more →

Global IAM Data Governance Tags for BigQuery

đź”’ This post introduces the preview of IAM data governance tags for BigQuery column-level security. Built on Google Cloud Resource Manager tags with purpose=DATA_GOVERNANCE, these tags are global, support hierarchical classification up to five levels, and are replicated for disaster recovery. The article explains creating tag keys/values, attaching tags to columns via JSON or SQL, and defining regional BigQuery data policies for masking or raw access. It highlights decoupled governance, regional policy enforcement, and layered security requirements.
read more →

Thirteen demos for Gemini Enterprise Agent Platform

🔎 This post introduces 13 code-first demos for the Gemini Enterprise Agent Platform, showing how to build, scale, govern, and optimize agents using the ADK and Agents CLI. The demos range from an ADK foundation codelab and MCP data connectors to stateful deployment on Agent Runtime, event-driven long-running workflows, and production-grade governance with Agent Gateway and Model Armor. Each demo teaches practical patterns — from UI generation and multi-language A2A pipelines to test-driven security, AutoRater evaluations, and cross-framework orchestration — so teams can prototype locally and then deploy and monitor agents at enterprise scale.
read more →

Microsoft at Black Hat USA 2026: Defending Trust

🔒 At Black Hat USA 2026, Microsoft Security highlights how threat actors exploit trusted systems—software, developer workflows, identities, and AI—to scale attacks. Sessions and briefings across August 4–6 focus on supply chain compromises, AI security, and practical defense strategies. Visit booth #2144 for demonstrations, expert-led services, and community events including a reception on August 5.
read more →

Ransomware Now Disrupts a Government Every Day

đź”’ Analysis from Comparitech finds ransomware attacks on government agencies rose in early 2026, averaging one incident per day. The study recorded 187 attacks from January to June 2026, a 13% increase from late 2025, with just over half publicly confirmed. The US was the most targeted country (31%), mean demands were around $100,000, and groups like The Gentlemen, Qilin and LockBit were prominent. Experts stress timely patching, backups and staff training to reduce risk.
read more →

Ernst & Young discloses support system data breach

đź”’ Ernst & Young has notified clients of a data breach after a third-party support ticket system used by its IT staff was compromised. The company says support tickets may have contained documents with client tax information and that unauthorized access occurred between March 28 and April 12. EY detected anomalous activity on April 23, engaged external cybersecurity experts, secured systems, and notified law enforcement. Affected clients are offered 24 months of identity monitoring through Experian.
read more →

EU orders Google to open Android to rival AI agents

đź“° The European Commission issued two rulings under the Digital Markets Act requiring Google to open Android to third-party AI assistants and to share search data with rival engines. Google warned the measures could harm user privacy and security, while EU regulators said the steps are needed to ensure fair competition. Security leaders caution CISOs to reassess device and data governance as agents gain system-level reach.
read more →

23andMe Agrees $18M Settlement and New Security Terms

đź”’ A coalition of 42 US attorneys general has secured an $18m settlement with genetic testing firm 23andMe following the 2023 credential-stuffing breach that exposed profile and ancestry data for over six million individuals. The settlement, led by New York Attorney General Letitia James, includes more than $705,000 payable to New York and imposes new data protection requirements on the company and its successor. As 23andMe entered bankruptcy in March 2025, its customer data was transferred to TTAM Research; the agreement mandates risk analysis, an advisory board on data security, and continued consumer deletion rights to safeguard that information.
read more →

Search for Clean Residential Proxies in Carding

🔍 Flare researchers examined nearly 2,900 underground posts to map how carders assess residential proxies and build fraud-ready digital identities. The analysis shows proxies are judged by reputation and history rather than just being residential, and are commonly paired with antidetect browsers, device fingerprints, and billing consistency. Providers’ restrictions and takedowns have pushed demand for “finance-compatible” IPs and increased operational complexity for attackers.
read more →

EU orders Google to open Android sensors to rivals

🔎 The European Commission has ordered Google to grant rival AI assistants the same access to Android sensors and system features that Gemini enjoys, including camera, microphone, screen contents, background controls, and wake-word activation. Google must deliver the changes in the next major release, Android 18, or by 1 August 2027, with some concurrent hotword features delayed until Android 19. The decision, adopted under the Digital Markets Act on 16 July, also requires Google to provide anonymised Search query datasets to competing search engines and AI chatbots under strict safeguards and cost-based fees. The measures define a mix of restricted features requiring certification and open features available to all third-party apps, set up a Qualified AI Assistant Programme, and impose timelines and audit and anonymisation conditions.
read more →

New LegacyHive Windows zero-day enables privilege escalation

đź”’ A researcher known as Nightmare Eclipse published a proof-of-concept named LegacyHive after Microsoft's July 2026 Patch Tuesday, claiming it exploits a vulnerability in the Windows User Profile Service. The PoC has been intentionally modified to require additional credentials, making exploitation harder than earlier releases. Analysts note successful exploitation allows non-admin users to modify the classes registry hive and achieve code execution on admin login. Detection queries for Microsoft Defender for Endpoint were published shortly after.
read more →

Alan Turing’s World War II Voice Encryption Revealed

📜 Newly surfaced wartime papers, sold as the “Bayley papers” in November 2023, reveal details of Alan Turing’s top-secret 1943–1945 voice-encryption project called Delilah. The cache includes handwritten notes by Turing and annotations by his assistant Bayley, who preserved the documents until his death in 2020. The material outlines a portable system for encrypting speech and provides rare engineering insight into Turing’s wartime cryptologic work.
read more →

Armenia Detains Russian Tourist on U.S. Extradition Warrant

đź“° Armenian authorities have detained a Russian tourist, Aleksandr Ermakov, at Yerevan's Zvartnots airport on June 28 after a U.S. extradition request tied to a REvil/Sodinokibi investigation. His lawyers claim Washington has targeted the wrong man, asserting the detained individual is Aleksandr Yuryevich Ermakov of Omsk, not the sanctioned Aleksandr Gennadievich Ermakov. The U.S. charging documents and an Interpol notice allege extensive ransomware activity, but Armenian officials have not commented publicly.
read more →

Chained Zero-Day Flaws in Siemens ROX II Switches

🛡️ This Unit 42 advisory, developed in partnership with Siemens, describes a chained exploit of three zero-day vulnerabilities in Siemens ROX II OT switches. The chain (CVE-2025-40948, CVE-2025-40947, CVE-2025-40949) enables arbitrary file disclosure, root privilege escalation and persistent root execution, risking full device compromise. Siemens has issued advisories and a firmware update V2.17.1; Palo Alto Networks provides virtual patching and OT device protections.
read more →

CISA urges immediate patching of Fortinet FortiSandbox

🛡️ The US Cybersecurity and Infrastructure Security Agency (CISA) has added two critical FortiSandbox vulnerabilities, CVE-2026-39808 and CVE-2026-25089, to its Known Exploited Vulnerabilities catalog and ordered federal agencies to apply patches by July 19. Both flaws are OS command injection bugs with CVSS scores of 9.1 and have documented in-the-wild exploitation. Fortinet released fixes in FortiSandbox versions 4.4.9 and 5.0.6; CISA advised discontinuing cloud services where mitigations are unavailable.
read more →