Hello, stay ahead with CISO Brief 🚀

🔍 Flare researchers analyzed ~700 underground posts on the "Lucifer DaaS" between Jan 2025 and early 2026 to reveal how modern crypto drainers evolved into professionalized, service-like platforms. The study highlights affiliate-driven distribution, automation, website cloning, Permit2 abuse, and multichain support, showing how DaaS lowers technical barriers and increases resilience. It also lists practical indicators to help users avoid wallet-draining scams.

🔒 Cisco released patches for a maximum-severity vulnerability in Secure Workload (formerly Tetration) that allowed unauthenticated attackers to gain Site Admin privileges by abusing internal REST APIs. The flaw, tracked as CVE-2026-20223, stems from insufficient validation and authentication of API endpoints and could let attackers read sensitive data and change configurations across tenant boundaries. Cisco provided fixed releases for on-premises deployments and has already remediated the issue in the SaaS offering; no workarounds exist.

🛡️ Check Point explains why GenAI chatbots create new security risks by acting as a front door to internal systems and data. The post highlights real incidents—prompt injection, data exposure, and misleading responses—that demonstrate legal, financial, and reputational impacts. It describes how Check Point WAF extends unified application and API security into the conversational layer to detect and block malicious prompts, prevent data leaks, and control unsafe outputs.

🛡️ New studies reveal that 75% of organizations often or sometimes deploy code they know is vulnerable, down from 81% last year but still alarmingly high. Checkmarx warns that AI-augmented attackers are dramatically shortening time-to-exploit, while Verizon’s DBIR links increased initial access to vulnerability exploitation aided by AI. A QBE survey found UK firms are worried about suppliers' AI use, yet few audit third-party AI or maintain formal AI governance.

🔒 A nine‑year logic flaw in the Linux kernel's ptrace path (CVE‑2026‑46333) lets unprivileged local users read sensitive files on default Debian, Fedora and Ubuntu installations. Qualys TRU found the bug in __ptrace_may_access(), exploitable when a privileged process drops credentials and remains briefly reachable; pidfd_getfd() expanded the attack surface. Upstream patches and distro updates are available; mitigations include raising kernel.yama.ptrace_scope to 2.

🛡️ This week's ThreatsDay bulletin highlights a string of notable cybersecurity developments, from 47 zero-day exploits revealed at Pwn2Own Berlin 2026 to active Linux rootkit evolution. It summarizes warnings about agentic AI, targeted intrusions using AI agents, and advisories on token and dependency leaks. The report also covers nation-state tensions, ransomware activity, encrypted communications, and campaigns abusing identity recovery flows.

🚀 Flipper Devices is soliciting community help to develop Flipper One, a high-performance, ARM Linux platform for networking, SDR analysis, and local LLMs. Unlike the Flipper Zero, One is a different project built around a Rockchip RK3576 SoC paired with an RP2350 MCU in a dual-processor design. It targets modular expansion via M.2, PCIe, USB 3.1 and other interfaces. Prototypes exist but significant kernel, firmware, and hardware work remains.

🔒 Microsoft disclosed two Microsoft Defender vulnerabilities under active exploitation: CVE-2026-41091, a local privilege escalation rated 7.8 that can allow an attacker to gain SYSTEM privileges via improper link resolution, and CVE-2026-45498, a denial-of-service issue rated 4.0. Both are addressed in Defender Antimalware Platform versions 1.1.26040.8 and 4.18.26040.7. Systems with Defender disabled are not affected; updates are applied automatically through malware definitions and the Microsoft Malware Protection Engine.

🔐 This article examines how identities — user, machine, and AI agent credentials — have become primary attack paths across hybrid environments. It uses real-world examples like cached access keys and forgotten role assignments to show how isolated identity weaknesses chain into exploitable routes. The piece explains why traditional IGA and PAM tools miss these cross-boundary paths and calls for unified mapping of identity, permissions, and environment context to prevent breaches.

🔒 Microsoft has open-sourced two tools, Rampart and Clarity, intended to embed safety engineering into the AI agent development lifecycle rather than leaving it as a periodic checkpoint. Rampart converts red-team findings into structured, repeatable tests that can be automated in CI/CD pipelines and is built on top of PyRIT for continuous adversarial and benign scenario execution. Clarity targets an earlier phase, guiding engineers through structured conversations to clarify assumptions, expected behaviors, permissions and trust boundaries, storing outcomes as markdown in a .clarity-protocol/ directory for review. Both projects join Microsoft’s broader open-source agent governance stack to address risks such as prompt injection, unsafe tool use, privilege escalation, and unintended autonomous actions.

🛡️ Microsoft released emergency updates on Wednesday to address two actively exploited Microsoft Defender zero-day vulnerabilities. The first, CVE-2026-41091, affects the Microsoft Malware Protection Engine and can be abused to achieve SYSTEM privileges via improper link resolution before file access. The second, CVE-2026-45498, impacts the Defender Antimalware Platform and may be used to trigger denial-of-service; Microsoft says updates should deploy automatically but advises administrators to verify platform and signature versions and confirm successful installation.

🔒 Qualys disclosed a nine-year-old Linux kernel vulnerability tracked as CVE-2026-46333 (ssh-keysign-pwn) that stems from the __ptrace_may_access() code path. The flaw can allow an unprivileged local user to disclose sensitive files such as /etc/shadow and SSH host private keys and to execute arbitrary commands as root on default installs of Debian, Fedora, and Ubuntu. A public proof-of-concept appeared after a kernel commit; vendors have issued patches and recommend raising kernel.yama.ptrace_scope to 2 as a temporary mitigation.

🛡️ Security professionals at DTX argued that integrating AI into SOCs is now essential to counter autonomous attacker tooling and AI-accelerated threats. Panelists stressed sustaining core cyberdefence fundamentals—system hardening, patching, access control and monitoring—before deploying AI, and preserving human oversight to manage model risk. They noted role shifts toward validation, prompt engineering and GRC, and urged rigorous testing and SDLC-like deployment controls.

🔒 GitHub said hackers accessed approximately 3,800 internal repositories after a developer installed a malicious version of the Nx Console Visual Studio Code extension that was poisoned during last week's TanStack npm supply-chain attack. The intrusion, linked to the actor known as TeamPCP, used stolen CI/CD credentials to move into multiple projects including UiPath, Guardrails AI and OpenSearch. GitHub secured the compromised device, rotated high-impact secrets and continues log analysis and monitoring to detect follow-on activity.

🛡️ Attackers have started embedding QR codes as ASCII art in phishing emails to bypass image and link scanners. The lure often impersonates services like DocuSign, instructing victims to scan and enter corporate credentials on mobile devices. Deploying secure email gateways with ASCII-decoding and endpoint protections helps detect and block these campaigns and reduce risk.

🔒 GitHub confirmed an intrusion into internal repositories after an employee device was compromised by a poisoned version of the Nx Console VS Code extension published as nrwl.angular-console. The attacker, tracked as TeamPCP, exfiltrated approximately 3,800 repositories; GitHub says it rotated critical secrets and is monitoring for follow-on activity. The trojanized release was available for only 18 minutes but delivered a credential stealer targeting 1Password, Anthropic Claude Code, npm, GitHub and AWS.

🛡️ Drupal issued emergency updates addressing a "highly critical" SQL injection flaw tracked as CVE-2026-9082 in its database abstraction API that can be exploited against sites using PostgreSQL, allowing information disclosure and in some cases privilege escalation or remote code execution. The vendor released patched builds for supported 11.x and 10.x branches and published manual patches for EOL versions. Upstream Symfony and Twig fixes are also included in recent releases.

🔒 Microsoft is evaluating a patch for a newly disclosed zero-day, YellowKey, which can bypass BitLocker encryption and allow local attackers to read and modify files. The company issued an advisory for CVE-2026-45585 and provided immediate mitigation guidance while a fix is considered. Organizations are urged to limit physical access to vulnerable devices, audit their environments, and strengthen Secure Boot and firmware integrity controls.