Hello, stay ahead with CISO Brief 🚀

Every day the cybersecurity world moves fast — new incidents, evolving AI risks, changing regulations, and critical vendor updates. We cut through the noise to deliver only what matters most for your business and security strategy.

CISO Brief brings you a daily digest of high-signal news: major breaches, hyperscaler security releases, AI and compliance shifts, and the latest threat intelligence — all in one concise update.

Built for CISOs, CTOs, and architects, our goal is to save you time, reduce distraction, and keep you always on pulse with the risks and opportunities that shape tomorrow.

👉 Join our Telegram channel for your daily update — stay informed, stay ready.

Cybersecurity News Digest — Daily Briefings

Latest News

all posts →

May 21, 2026

The Art of Being Ungovernable: Career and Threats

📝 This edition of the Threat Source newsletter blends career reflection with active threat intelligence. The author argues that being ungovernable — intellectually curious and challenging — can accelerate growth when paired with the right peers. Cisco Talos also documents a Chinese-language BadIIS MaaS campaign, highlighting indicators like embedded demo.pdb strings and recommending IIS monitoring and updated endpoint detections.

Cisco Talos Threat Intelligence Malware

May 21, 2026

macOS Kernel Memory Corruption Exploit Reported

🔒 A security report details how a group used Anthropic’s Mythos AI model to discover a kernel memory corruption vulnerability and develop an exploit targeting Apple’s M5 platform. The article summarizes the incident and notes it was posted on May 21, 2026. It highlights implications for macOS security and the role of advanced AI tools in vulnerability discovery. The piece is concise and focused on the exploit’s origin and significance.

Anthropic Memory Corruption Exploit

May 21, 2026

Automating identity lifecycle with AWS Directory APIs

🔒 AWS Managed Microsoft AD now supports CRUD operations on users and groups through the Directory Service Data APIs, accessible via the AWS CLI, APIs, and Management Console. This enables automation of identity lifecycle management and tighter security controls by integrating with services like Amazon GuardDuty, AWS Step Functions, and Amazon EventBridge. The blog demonstrates a practical workflow that detects unusual AD user behavior and triggers automated remediation such as disabling accounts and notifying stakeholders.

AWS AWS GuardDuty IAM Joiner Mover Leaver

May 21, 2026

Microsoft Security updates and new capabilities — May 2026

🔒 Microsoft announced a set of security enhancements designed to protect agents, data, and identities as organizations scale AI. Highlights include the general availability of Microsoft Purview DSPM, expanded investigation capabilities with OCR and custom examinations, and a new Entra ID Account recovery flow for restoring organizational access. Public preview of Windows 365 for Agents and integration with Microsoft Agent 365 aim to govern and secure agent workloads in managed Cloud PCs.

Microsoft Microsoft Purview Azure Entra ID AI Security

May 21, 2026

Google Cloud launches AppLifecycle Manager Feature Flags

🔔 AppLifecycle Manager Feature Flags (ALM FF) enters public preview as a rule-based service to decouple feature releases from code deployments. By using toggles and the Common Expression Language (CEL), teams can perform gradual rollouts, instant kill-switches, and percentage-based traffic ramps. String-type flags enable dynamic configuration for applications, including LLM prompts, while OpenFeature compatibility avoids vendor lock-in.

Google Google Cloud DevSecOps CI/CD Security

May 21, 2026

AI Studio expands database choices and Starter Tier

🛠️ At Google I/O 2026, Google announced expanded integration between AI Studio and Google Cloud, allowing new users to deploy up to two full-stack apps on the Starter Tier without a billing account. Developers can now choose between Firestore (non-relational) and Cloud SQL (relational) with Firebase Auth for unified authentication. The AI agent can infer or provision the appropriate database, provision resources, generate schema and code, and deploy apps directly to Cloud Run for rapid prototyping.

Google Vertex AI Cloud SQL Product Update

May 21, 2026

Google Cloud I/O updates for startup founders

🚀 At Google I/O ‘26, Google Cloud announced expanded agentic capabilities, new frontier models, and developer tools to help startups move from prototype to production. Highlights include Gemini 3.5 Flash and Gemini Omni for multimodal content, Antigravity 2.0 as an agent control plane with CLI/SDK and dynamic subagents, and Managed Agents to run agent workloads securely in Google Cloud. The releases aim to accelerate development, reduce infrastructure overhead, and provide enterprise-grade security.

Google Gemini Agentic AI Agent Security

May 21, 2026

Apple Blocks Billions in Fraudulent App Store Activity

🛡️ Apple reported blocking more than $2.2 billion in potentially fraudulent App Store transactions in 2025, and over $11 billion across the past six years. The company rejected over 2 million problematic app submissions, terminated 193,000 developer accounts for fraud, and blocked more than 1.1 billion fraudulent account creations. Apple also prevented use of 5.4 million stolen credit cards, removed tens of thousands of deceptive apps, and blocked nearly 195 million fraudulent reviews and ratings.

Account Takeover

May 21, 2026

Inside modern crypto drainers and spotting signs

🔍 Flare researchers analyzed ~700 underground posts on the "Lucifer DaaS" between Jan 2025 and early 2026 to reveal how modern crypto drainers evolved into professionalized, service-like platforms. The study highlights affiliate-driven distribution, automation, website cloning, Permit2 abuse, and multichain support, showing how DaaS lowers technical barriers and increases resilience. It also lists practical indicators to help users avoid wallet-draining scams.

Malware Web Skimming Credential Access Data Exfiltration

May 21, 2026

Cisco fixes max-severity Secure Workload REST API flaw

🔒 Cisco released patches for a maximum-severity vulnerability in Secure Workload (formerly Tetration) that allowed unauthenticated attackers to gain Site Admin privileges by abusing internal REST APIs. The flaw, tracked as CVE-2026-20223, stems from insufficient validation and authentication of API endpoints and could let attackers read sensitive data and change configurations across tenant boundaries. Cisco provided fixed releases for on-premises deployments and has already remediated the issue in the SaaS offering; no workarounds exist.

Cisco API Authorization Flaw Authentication Bypass Vulnerability Disclosure

May 21, 2026

Protect GenAI Chatbots with Check Point WAF

🛡️ Check Point explains why GenAI chatbots create new security risks by acting as a front door to internal systems and data. The post highlights real incidents—prompt injection, data exposure, and misleading responses—that demonstrate legal, financial, and reputational impacts. It describes how Check Point WAF extends unified application and API security into the conversational layer to detect and block malicious prompts, prevent data leaks, and control unsafe outputs.

Check Point Prompt Injection Attack LLM Security Web Application Firewall

May 21, 2026

Three-Quarters Admit Shipping Vulnerable Code

🛡️ New studies reveal that 75% of organizations often or sometimes deploy code they know is vulnerable, down from 81% last year but still alarmingly high. Checkmarx warns that AI-augmented attackers are dramatically shortening time-to-exploit, while Verizon’s DBIR links increased initial access to vulnerability exploitation aided by AI. A QBE survey found UK firms are worried about suppliers' AI use, yet few audit third-party AI or maintain formal AI governance.

Vulnerability Management AppSec Third-Party Risk AI Security

May 21, 2026

Hitachi Energy GMS600 OpenSSL timing flaw

🔒 Hitachi Energy reported that GMS600 versions are affected by CVE-2022-4304, a timing-based side-channel in OpenSSL RSA decryption that can allow recovery of pre-master secrets after many trial messages. The flaw impacts all RSA padding modes and can enable decryption of TLS application data. Vendor mitigation is to upgrade to version 1.3.2; CISA reiterates network isolation and defensive best practices.

Vulnerability Disclosure Weak Cryptography Patch Release

May 21, 2026

ABB B&R UEFI PXE Vulnerabilities and Vendor Updates

🔒 ABB B&R reported multiple vulnerabilities in the UEFI PXE implementation of affected B&R PCs and controllers. EDK2 Network Package issues include out-of-bounds reads, buffer overflows, infinite loops, and weak PRNG usage that can lead to remote code execution, DoS, DNS poisoning, or data exposure. Vendor updates are available for many product versions and users are advised to apply patches or follow mitigations.

Vulnerability Disclosure Remote Code Execution Buffer Overflow

May 21, 2026

ABB Terra AC Wallbox Buffer Overflow Advisory

🔒 ABB reports heap, stack and classic buffer overflow vulnerabilities in select Terra AC Wallbox firmware. An attacker who hijacks Bluetooth and crafts oversized fields could corrupt memory and potentially alter firmware behavior. ABB has released firmware version 1.8.36 (JP) to address the issues and recommends updating as soon as possible.

Vulnerability Disclosure Buffer Overflow Patch Release

May 21, 2026

B&R Automation Runtime SDM Vulnerabilities Fix Released

🔒 An update resolves multiple vulnerabilities in B&R Automation Runtime SDM prior to 6.4 that could allow session takeover, reflected XSS, or CSV formula injection. The vendor corrected the issues in Automation Runtime 6.4 and notes SDM is disabled by default in AR 6. Customers should apply the update based on risk assessment and follow recommended network isolation and access-control practices.

Vulnerability Disclosure Patch Release Security Misconfiguration

May 21, 2026

ABB B&R Automation Studio: SQLite component vulnerabilities

🔒 ABB disclosed multiple vulnerabilities in affected versions of B&R Automation Studio stemming from an outdated third-party SQLite component. An update to Automation Studio 6.5 corrects these issues and the vendor urges customers to apply the update promptly. The advisory lists numerous memory safety and logic issues (heap overflows, integer overflows, use-after-free, NULL dereferences, improper input validation, and more) that could enable unauthorized access, data exposure, or remote code execution. Customers should follow the product manual to identify versions and install updates, and apply general security recommendations as mitigation.

Supply Chain Vulnerability Remote Code Execution Memory Corruption Advisory

May 21, 2026

Nine‑Year Linux ptrace Flaw Exposes SSH Keys

🔒 A nine‑year logic flaw in the Linux kernel's ptrace path (CVE‑2026‑46333) lets unprivileged local users read sensitive files on default Debian, Fedora and Ubuntu installations. Qualys TRU found the bug in __ptrace_may_access(), exploitable when a privileged process drops credentials and remains briefly reachable; pidfd_getfd() expanded the attack surface. Upstream patches and distro updates are available; mitigations include raising kernel.yama.ptrace_scope to 2.

Privilege Escalation Vulnerability Disclosure Qualys