Hello, stay ahead with CISO Brief 🚀

Every day the cybersecurity world moves fast — new incidents, evolving AI risks, changing regulations, and critical vendor updates. We cut through the noise to deliver only what matters most for your business and security strategy.

CISO Brief brings you a daily digest of high-signal news: major breaches, hyperscaler security releases, AI and compliance shifts, and the latest threat intelligence — all in one concise update.

Built for CISOs, CTOs, and architects, our goal is to save you time, reduce distraction, and keep you always on pulse with the risks and opportunities that shape tomorrow.

👉 Join our Telegram channel for your daily update — stay informed, stay ready.

Cybersecurity News Digest — Daily Briefings

Latest News

all posts →

June 18, 2026

Ray Serve LLM on GKE: Major performance gains

🚀 Developers using Ray Serve for LLM inference on Google Kubernetes Engine (GKE) now get significantly better performance thanks to a joint effort with Anyscale. Three architectural changes — HAProxy integration for internal routing, a direct token streaming path, and a v2 Ray executor backend for vLLM — reduce overhead and latency. Benchmarks on A4 VMs with NVIDIA HGX B200 hardware show up to 5x higher throughput and 8x lower latency, while preserving Ray's developer-friendly features.

Google Kubernetes Engine Vertex AI Product Update

June 18, 2026

World Cup 2026 Scams: Watch for Fake Streams

⚠️ Scammers are exploiting World Cup hype with fake streaming sites, fraudulent betting platforms, and counterfeit merchandise stores that harvest payments and personal data. Many sites demand extensive personal information or up-front payments, sometimes even in cryptocurrency, and use professional-looking pages to trick victims. Fans and bettors risk losing money and having credentials reused across accounts stolen; strong security measures and unique passwords are advised.

Phishing Credential Stuffing News

June 18, 2026

ICO cautions healthcare worker over royal records

🔒 The ICO has issued a formal caution to a former London Clinic healthcare worker who attempted to access and sell the Princess of Wales’ medical records. The regulator opened a criminal investigation in 2024 but concluded a caution under section 170(5) of the Data Protection Act 2018 was an appropriate enforcement response. The ICO found no wider organisational failings meeting the threshold for further action and emphasised its readiness to pursue prosecution when necessary.

Data Breach UK GDPR Insider Threat

June 18, 2026

Law enforcement disrupts SocGholish infections at scale

🛡️ International law enforcement agencies cleaned nearly 15,000 WordPress sites and took down over 100 servers tied to the SocGholish botnet and the Evil Corp cybercrime group as part of Operation Endgame. Authorities from the Netherlands, Canada, the United States, and Germany removed malware and backdoors from 14,971 compromised sites, advised remediation steps, and decommissioned 106 servers and domains. The action aims to deny criminals access, limit malware spread, and reduce risks to critical infrastructure.

Botnet Malware Incident Response

June 18, 2026

Cybercriminals Worried AI Will Displace Roles

🔎 Sophos CTU research finds cybercriminals debating the risks and benefits of AI tools across underground forums, marketplaces and messaging apps. Sellers are offering AI kits for phishing, malware automation, deepfake creation and social engineering, while some threat actors fear losing work to automated toolsets. The research highlights divided views, a spike in discussion after the release of Claude Mythos Preview, and advice for defenders to prioritize patching, MFA and visibility.

Sophos AI Security Threat Actor Phishing

June 18, 2026

Attackers exploit trusted AI platforms and ads

🔐 Threat actors abused trusted services — Google Ads, GitLab Pages, and Claude’s shared-chat feature — to trick developers into executing malicious PowerShell and terminal commands via ClickFix social engineering. Researchers at TrendAI observed a six-wave campaign that funnelled over 2,000 victims from sponsored search results to malicious pages and then to weaponized Claude shared chats. By impersonating popular developer tools and brands, the attackers leveraged reputation stacking to make their lures appear legitimate and evade detection.

Google GitLab Anthropic ClickFix

June 18, 2026

Apple patches Beats Studio Buds eavesdropping flaw

🔒 Apple released a security update to fix a high-severity vulnerability in Beats Studio Buds that could let attackers within Bluetooth range listen through an unpaired device's microphone. The flaw (CVE-2025-20701) was found in Airoha SoC open-source code and disclosed by ERNW researchers at TROOPERS. Apple deployed Beats Firmware Update 1B211, which installs automatically when paired and in range; users can verify the firmware via Bluetooth settings. Chained with related CVEs, attackers could hijack HFP connections to issue phone commands or access contacts, though practical attacks are complex and require proximity.

Patch Release Authentication Bypass

June 18, 2026

Telegram admits limits detecting exam leak channels

📄 India's government told the Delhi High Court that it warned Telegram roughly two weeks before blocking the app amid allegations channels were selling leaked NEET-UG 2026 exam papers. The Ministry of Electronics and Information Technology and the National Testing Agency identified groups, channels and bots circulating stolen material and reported them to Telegram. The affidavit says Telegram acknowledged limited proactive detection and relied on reported content, while India's block—initially framed as a measured step—remains in effect pending the court's ruling.

Data Breach Regulatory Action News

June 18, 2026

F5 issues out‑of‑band patches for critical NGINX flaws

🔒 F5 released out-of-band updates to fix multiple NGINX vulnerabilities, including two critical flaws in the ngx_http_v3_module and ngx_http_proxy_v2/_grpc modules that can lead to DoS or code execution. The bugs cause use‑after‑free or heap buffer overflow in worker processes and affect NGINX Plus, Open Source, Gateway Fabric, and Instance Manager. Mitigations include disabling HTTP/3 and adjusting header buffer directives until patches are applied.

F5 Use-After-Free Buffer Overflow Denial of Service

June 18, 2026

Operation Escaneo exposes Latin American intrusions

🔍 New research from CloudSEK reveals Operation Escaneo, a coordinated campaign targeting government and financial entities across Latin America after attackers left a staging server exposed. The group exploited internet-facing appliances and known vulnerabilities in Fortinet and Ivanti devices, plus Apache Tomcat, Windows, and Log4Shell flaws. Attackers used custom reconnaissance (Kimera), webshells, reverse tunnels and a compromised Cisco router to exfiltrate large volumes of sensitive data.

Fortinet Ivanti Cisco Supply Chain Compromise

June 18, 2026

Fortibleed campaign exposes 75,000 Fortinet firewalls

🔒 Researchers have uncovered a large credential-compromise campaign called Fortibleed that exposed tens of thousands of Fortinet FortiGate devices worldwide. Analysis by SOCRadar, Hudson Rock, and independent researchers found stolen configuration files, administrator and SSL VPN credentials, and tooling used to automate collection and cracking. Affected devices span 194 countries, with roughly 75,000 devices reportedly compromised, prompting urgent remediation advice including credential rotation and upgrading to modern FortiOS hashes.

Fortinet Credential Dumping Breach Threat Report

June 18, 2026

Spyware embeds forbidden text to foil AI analysis

🛡️ At least one malware author is inserting large comment blocks with policy-triggering content about nuclear and biological weapons into JavaScript payloads to disrupt AI-driven analysis. The decoy text sits inside comments so execution is unchanged while early-stage LLM-based triage can be confused or refuse to process the file. Traditional detection methods like YARA rules, entropy checks, and deobfuscation remain effective. This tactic targets naive pipelines that expose untrusted file starts to language models.

Malware AI Security Detection Engineering Defense Evasion

June 18, 2026

New PCI Rules Force Runtime Script Controls

🔒 An independent PCI assessor evaluated Reflectiz against the updated PCI DSS requirements and found it effectively supports merchant compliance. Modern checkouts load many third-party scripts, any of which can be turned into skimmers, and PCI DSS v4.0.1 introduces controls to inventory, authorize, and detect tampering of payment-page scripts. The QSA highlighted Reflectiz’s behavior-based detection, agentless deployment, and one-click QSA-ready evidence as key strengths, while SAQ A exemptions remain limited for iframe integrations.

PCI DSS Web Skimming Magecart Regulatory Action

June 18, 2026

New CISO and CSO Appointments Across Industries

🔐 This column tracks recent senior security hires as companies strengthen defenses and expand leadership. It lists new CISO and CSO appointments from January through June 2026, noting prior roles and backgrounds. Entries include hires at SolarWinds, micro1, Green Impact Exchange, and Cohesity, highlighting experience in government, cloud, and enterprise security. The piece also invites readers to submit announcements to the editor.

News

June 18, 2026

Microsoft fixes Windows Server 2016 update failures

🔧 Microsoft resolved a known issue that caused the June 2026 security update (KB5094122) to fail on Windows Server 2016 systems that were missing the prior month's KB5087537 update. Administrators had reported 0x80070002 or FILE_NOT_FOUND errors during installation. Microsoft confirmed the installation issue is fixed and affected devices should no longer experience failures deploying the June 2026 update. This follows several recent fixes for update- and boot-related problems across Windows releases.

Microsoft Patch Release

June 18, 2026

Automating Disassembly with Local AI Agents

🛠️ This blog demonstrates using AI agents to automate a VB6 disassembler by exposing its parsed model through the Windows Running Object Table and providing an operator briefing plus auto-generated prototypes. The agent (Claude Code in the examples) binds to the COM object, runs scripts to extract P-code, reconstruct source, generate call graphs, and export function metadata to SQLite, all locally without uploading binaries. The approach decouples tool features from fixed menus, enables repeatable exhaustive analysis, and preserves sensitive data on the analyst's workstation.

Agent Security Agentic AI Claude Malware Analysis

June 18, 2026

NCSC: 75% of CNI Incidents Linked to Hostile States

🛡️ Richard Horne, CEO of the UK National Cyber Security Centre, told the RUSI Annual Security Lecture that three-quarters of cyber incidents affecting UK critical national infrastructure over the past year were traced to nation-state actors or hostile states. The NCSC handled around 200 incidents between June 2025 and May 2026, with threats described across three contested digital spaces: far, mid and near. Horne warned that AI and cloud supply-chain exploitation increase attacker scale and urged organisations to prioritise continuous defence, fix legacy vulnerabilities and close IT-OT knowledge gaps.

Critical Infrastructure Nation-State Actor Cloud Security

June 18, 2026

Five new SOC roles emerging from AI evolution

🔒 The rise of AI-driven SOCs is reshaping security operations and creating new specialist roles rather than simply replacing people. Today's AI-SOC automates Tier 1 triage and is moving into Tier 2 investigation and remediation, prompting demand for skills in data engineering, agent orchestration, model training, threat hunting, and AI-savvy red teaming. Organizations will need professionals who can integrate diverse telemetry, manage agent swarms, fine-tune models, hunt adversary intent, and test AI-specific weaknesses.

SOC AI Security Threat Hunting AI Risk Management