Hello, stay ahead with CISO Brief 🚀

🔔 Amazon Keyspaces (for Apache Cassandra) now includes an iterator position in the GetRecords response for CDC streams, indicating whether a consumer is AT_TIP or BEHIND_TIP. This enables consumers to reduce unnecessary polling and lower CDC consumption costs by adjusting polling frequency based on stream position. The feature is available in all Regions where Keyspaces CDC is supported and requires the latest AWS SDK.

🔒 CISA warns that threat actors are actively exploiting high-severity vulnerabilities in the Android Framework and the Linux kernel, now added to its Known Exploited Vulnerabilities catalog. Google confirms CVE-2025-48595 affects Android 14–16 and may be under limited targeted exploitation, addressed by June 2026 patches. The kernel flaw CVE-2022-0492 impacts multiple branches and can enable container escapes via cgroups v1, with fixes available in specified kernel releases. Federal agencies must remediate or mitigate by the June 5 deadline under BOD 22-01.

🧭 Amazon SageMaker AI introduces multi-turn reinforcement learning (RL), a serverless model customization method for fine-tuning models on multi-step, agentic tasks. The feature trains models against users' agent environments, rewarding entire decision sequences to improve task accuracy of smaller, cost‑effective models versus larger general-purpose models. It integrates with Amazon Bedrock AgentCore Runtime and other deployment targets, and handles rollout orchestration, trajectory collection, training, and checkpoints, with MLflow tracking and evaluation metrics. Multi-turn RL runs serverlessly and is available in SageMaker Studio and the SageMaker Python SDK, supporting several foundation models in specific regions.

🏆 Konvu, an AI-native vulnerability triage platform, won the inaugural Infosecurity Europe Cyber Startup competition live on stage at Infosecurity Europe 2026. The startup beat four rivals and receives an exhibition stand at Infosecurity Europe 2027, PR support from Origin Communications and a branding workshop from Dusted. CEO Lucas Masson highlighted Konvu's agent-driven checks and evidence-backed exploitability decisions that integrate into existing workflows.

🛡️ FortiGuard Labs details a new Gafgyt variant, C0XMO, which exploits CVE-2021-27137 in vulnerable DD-WRT firmware to gain remote control of devices. The malware separates scanning into a standalone Python scanner and distributes architecture-specific ELF payloads to multiple Linux platforms. C0XMO implements multi-stage persistence, kills competing botnets, supports extensive DDoS commands, and communicates with a C2 using a custom handshake. Organizations should update firmware, disable unnecessary remote services, and enforce strong credentials to mitigate risk.

🔒 Security researchers disclosed a one-click attack targeting GitHub.dev in the browser-hosted VS Code environment that can steal a user's GitHub OAuth token. The exploit abuses message passing between the main VS Code window and untrusted webviews to simulate keypresses, open the Command Palette, and install malicious extensions. By leveraging local workspace extensions and configurable keybindings, attackers can bypass trust prompts and extract tokens with access to private repositories. Microsoft has acknowledged the issue and is working on a fix; the vulnerability does not affect VS Code Desktop.

🛡️ Acer confirmed it's addressing two maximum-severity zero-day vulnerabilities in Wave 7 mesh routers. Reported by researcher Gergo Pap, both affect firmware T7c_GBL_1.01.000055 or earlier and permit remote, unauthenticated access to sensitive data and persistent backdoors. Acer plans firmware fixes by the end of June 2026 and urges users to update once patches are released and to disable or restrict remote management as a temporary mitigation.

🔒 Microsoft announced new controls to contain agentic AI workloads, including the Microsoft Execution Container (MXC) runtime and enhancements to the multi-agent vulnerability research system MDASH. MXC is a policy-driven sandbox for specifying and enforcing access to files, networks, credentials, and resources at runtime across Windows, Linux, and macOS. The company also highlighted Agent 365 SDK, Windows 365 for Agents, and two open-source standards—ASSERT and Agent Control Specifications—to govern agent behavior across platforms.

🧭 The post considers how historical plaintext-hiding techniques, traditionally done by hand, created patterns such as short key phrases that made ciphers vulnerable to statistical analysis. It argues that modern AI and LLMs, being fundamentally statistical models with some randomness, can exploit ciphertext statistics to reconstruct plaintext. The author notes this capability does not automatically make decryption trivial, but highlights the potential for AI to invert statistical patterns in encrypted text.

🛡️ The Trump administration has issued an executive order establishing a voluntary framework for developers of powerful AI models to submit a "covered frontier model" to US agencies for up to 30 days of cybersecurity review before wider release. The order explicitly forbids mandatory licensing or preclearance, tasks NSA, CISA and NIST with creating a classified benchmark to define covered models, and directs agencies to harden federal systems and expand AI-enabled defensive tools for smaller operators. It also creates an AI cybersecurity clearinghouse under the Treasury and leaves effectiveness dependent on possible future congressional action.

🔒 Researchers disclosed an unpatched Windows issue that can expose a user's NTLMv2 hash via the search: URI handler. Similar to CVE-2026-33829 in the Snipping Tool, the flaw leverages a crumb=location: parameter to force an SMB connection and trigger NTLM authentication. The weakness produces the same Net-NTLMv2 leak and attack prerequisites, and Microsoft declined to patch it after responsible disclosure.

🔎 European and international law enforcement agencies concluded a seven-month operation that dismantled nine organised crime groups and arrested 29 suspects tied to illegal streaming services. Coordinated by Bulgaria with Europol support and involving 13 countries, the action identified over 18,000 IPs, 4,370 piracy-linked domains, and removed more than 27,000 illegal streaming URLs. Authorities conducted 148 searches, referred 59 cases for prosecution, and continue work on dozens of related investigations.

🔍 A panel at Infosecurity Europe 2026 advised that focusing on financial impact is an effective way to communicate cyber risk to boards. Using Cyber Risk Quantification (CRQ) and clear data helps translate technical threats into dollar values that executives understand. BP and NatWest speakers emphasized making outputs simple, trustworthy and aligned to board needs to secure support and decision-making.

🔒 The rapid rise of frontier and agentic AI is creating board-level urgency that may finally unlock sustained cybersecurity funding. Industry leaders at recent conferences noted that autonomous AI systems expose operational risk, widen attack surfaces, and outpace traditional security architectures. CISOs are reframing cybersecurity as an operational enabler for safe AI adoption, pushing for investments in visibility, identity, monitoring, and AI-specific controls. Vendors and experts caution that budget requests need clear business cases tied to measurable outcomes.

🛡️ Anthropic has broadened Project Glasswing, giving 150 additional organizations access to its most capable model, Claude Mythos Preview, to help find vulnerabilities in critical software. The program, first opened to roughly 50 partners in April, claims more than 10,000 high- or critical-severity flaws discovered to date. New participants span 15+ countries and underrepresented sectors like power, water, healthcare and hardware, chosen for the potential catastrophic impact of breaches. Anthropic warned that while discovery is accelerating, safe public release of Mythos-class models remains restricted due to incomplete safeguards.

📱 Google is rolling out a new fake call detection feature for Android 12+ devices, starting with Pixel phones and enabled by default. When both parties use Phone by Google and RCS-enabled Messages, the caller's device sends a silent encrypted confirmation to the recipient; if absent, the recipient's device pings the contact's phone to verify authenticity and shows a warning if the contact denies making the call. The feature aims to counter AI voice-cloning and number-spoofing scams.

🔒 As AI models like GPT5.5 and Claude Mythos accelerate exploit discovery, organisations face shrinking windows to patch vulnerabilities. Industry experts at Infosecurity Europe warn mean time to exploit has fallen from days to hours, prompting regulatory responses such as India’s 12-hour patch expectation. Analysts contrast vendor-centric EU rules with market-driven US approaches and recommend exploit-intelligence led patching, automation, segmentation and stronger producer SLAs.

🔒 Over May 6–7, 2026, Canvas LMS users encountered a defaced login page claiming a ShinyHunters extortion of Instructure, alleging theft of 3.65TB of data affecting about 275 million students, faculty, and staff across nearly 9,000 institutions. Instructure identified an exploited support-ticket vulnerability in its Free for Teacher environment and temporarily disabled that service while investigating. The incident disrupted finals and highlighted risks from centralized SaaS platforms, third-party dependencies, communications breakdowns and the evolving economics of extortion.