< ciso
brief />

Hello, stay ahead with CISO Brief 🚀

Every day the cybersecurity world moves fast — new incidents, evolving AI risks, changing regulations, and critical vendor updates. We cut through the noise to deliver only what matters most for your business and security strategy.

CISO Brief brings you a daily digest of high-signal news: major breaches, hyperscaler security releases, AI and compliance shifts, and the latest threat intelligence — all in one concise update.

Built for CISOs, CTOs, and architects, our goal is to save you time, reduce distraction, and keep you always on pulse with the risks and opportunities that shape tomorrow.

👉 Join our Telegram channel for your daily update — stay informed, stay ready.

Cybersecurity News Digest — Daily Briefings

Google Gemini CLI abused to operate malware botnet

🔍 A Russian-speaking actor called "bandcampro" leveraged Google's open-source Gemini CLI as an AI hacking agent and to run a small botnet targeting at least eight systems in a dental clinic. Over 200 sessions between May and April, the AI executed migration, troubleshooting, and operational improvements, storing credentials and following a built-in C2 playbook. Trend Micro found the setup tiny and unsophisticated, with Python HTTP and PowerShell agents and persistence via scheduled tasks, WMI, and registry changes.
read more →

AWS expands R8gd and M8gd instances by region

🚀 Amazon RDS now supports R8gd instances in 12 additional regions and M8gd instances in 6 more regions, offering Optimized Reads for Amazon Aurora PostgreSQL, RDS for PostgreSQL, RDS for MySQL, and RDS for MariaDB. These R8gd and M8gd instances provide up to 165% better throughput and up to 120% improved price-performance over R6g for Aurora PostgreSQL by using local NVMe SSDs for ephemeral data and extended caching. Customers can enable Optimized Reads via the AWS Console, CLI, or SDK by creating or modifying databases to use these instance types. Regional availability lists and engine version compatibility are provided in the Aurora and RDS documentation.
read more →

AWS launches Graviton4 R8g and M8g for RDS

⚙️ AWS has expanded availability of Graviton4-based R8g instances for Amazon Aurora (MySQL and PostgreSQL compatible) and Amazon RDS for PostgreSQL, MySQL, and MariaDB across multiple regions, and added M8g support in additional regions. These instances offer up to 40% better performance and up to 29% improved price/performance versus Graviton3 equivalents, with new 24xlarge and 48xlarge sizes providing up to 192 vCPUs, DDR5 memory at an 8:1 memory-to-vCPU ratio, and enhanced networking and EBS bandwidth. R8g and M8g instances can be launched via the RDS console or AWS CLI; engine version, pricing, and regional details are available in the Aurora/RDS documentation and pricing pages.
read more →

Amazon MSK Express adds Apache Kafka 4.2 support

🚀 Amazon Managed Streaming for Apache Kafka (Amazon MSK) Express Brokers now supports Apache Kafka version 4.2. This update brings Eligible Leader Replicas (ELR) enhancements for improved leader election correctness, a new consumer rebalance protocol for faster group rebalances, and a Streams Rebalance Protocol to extend broker coordination to Kafka Streams. MSK Express delivers up to three times more throughput per broker, faster scaling, and reduced recovery time; version 4.2 is available today and can be selected when creating or upgrading clusters via the AWS Console, CLI, or SDKs.
read more →

Amazon RDS supports four storage modifications daily

đź”§ Amazon RDS now permits up to four storage modifications per database instance within a rolling 24-hour window. These changes let you increase size, change volume type, and adjust performance without incurring downtime, and a new modification can begin once the previous optimization completes. The feature is automatically enabled across Amazon RDS for PostgreSQL, MariaDB, MySQL, Db2, Oracle, and SQL Server in all commercial AWS Regions and AWS GovCloud (US).
read more →

Defender Experts Close the Intelligence‑to‑Action Gap

🛡️ Microsoft announces Defender Experts Threat Intelligence and expands Defender Experts MDR to include third-party and multi-cloud coverage. The expert-led services translate global signals into prioritized, environment-specific guidance and integrate Microsoft Defender Threat Intelligence into the Defender portal for real-time use across detection, investigation, response, and hunting. Defender Experts MDR Plan 2 extends managed detection and response beyond Microsoft products using Microsoft Sentinel, enabling experts to follow threats across heterogeneous estates. These offerings aim to shorten the time from signal to decisive action and will be showcased at Black Hat.
read more →

AlloyDB enables accurate multilingual search with AI

đź§­ AlloyDB introduces native AI Functions to solve tokenization issues for logographical languages like Chinese, Japanese, and Korean. By calling Gemini models from SQL via ai.generate(), developers can perform in-database segmentation, stop-word removal, and embedding generation without ETL pipelines or external services. The approach uses stored-procedure batching, generated columns for search vectors and embeddings, and RUM plus ScaNN indexes to enable fast hybrid lexical and semantic search.
read more →

Why AI Applications Fail to Reach Production

🧭 This article explores why most AI prototypes never reach production and how enterprise constraints create a huge validation bottleneck. It describes YouTube’s approach—using a decoupled prototyping stack and Google AI Studio templates—to enable rapid, safe experimentation with read-only access to live metadata and client-side wrappers for realistic validation. The result is faster, lower-risk product validation and a cultural shift toward disposable prototypes.
read more →

Analyze and Govern Gemini Enterprise with BigQuery

🔎 Google Cloud outlines how to integrate Gemini Enterprise telemetry into BigQuery to enable scalable analytics and governance. The article explains pre-computed dashboards, streaming log sinks, and five partitioned telemetry tables for prompts, model responses, user activity, and audit logs. It highlights BigQuery Conversational Analytics, auto-generated schema documentation, and techniques to build executive dashboards and compliance workflows.
read more →

Amazon OpenSearch Service integrates with Agent Toolkit

🛠️ Amazon OpenSearch Service integrates with the Agent Toolkit for AWS, enabling AI coding agents like Claude Code, Kiro, and Cursor to build, manage, and query OpenSearch Service domains and OpenSearch Serverless collections. The integration uses the AWS MCP server to execute API calls and the curated amazon-opensearch-service skill to translate natural-language requests into capabilities. It supports migration, operations, search, log analytics, and trace analytics across managed domains and serverless collections with no infrastructure changes and no additional charge.
read more →

Hardening Public Serverless Functions on Google Cloud

🛡️ This post from Mandiant highlights how publicly exposed serverless applications — often unauthenticated by design — are frequent targets for application-level attacks like LFI/RFI and command injection. It explains exploitation paths including file retrieval and service account token exfiltration, and demonstrates attack examples against Cloud Run Python functions. The article provides actionable hardening guidance such as using dedicated service accounts with least privilege, isolating public services in separate projects, enforcing S‑SDLC practices, and deploying Cloud Armor WAF and Layer 7 load balancing for centralized protection.
read more →

Microsoft‑signed UEFI shims allow Secure Boot bypass

🛡️ ESET found 11 Microsoft-signed UEFI shim bootloaders (version 0.9 or earlier) contain vulnerabilities that enable Secure Boot bypass across many systems. These shims trust outdated second-stage loaders like older GRUB 2 builds, allowing unsigned kernels or bootkits to load even with Secure Boot enabled. Microsoft issued dbx revocations on June 9; Windows will update automatically and Linux users should fetch revocations via the Linux Vendor Firmware Service. ESET cautions defenders to follow protection guidance rather than rely on IoCs.
read more →

Mozilla, Google, Adobe and VMware issue critical patches

🛡️ Mozilla, Google, Adobe and VMware released updates addressing multiple critical vulnerabilities across Firefox, Chrome, Adobe products, and VMware Avi Load Balancer. Mozilla patched two critical Firefox bugs (CVE-2026-15718, CVE-2026-15719) with exploit code publicly disclosed and fixed in Firefox 152.0.6. Google fixed 15 Chrome vulnerabilities including two critical Ozone use-after-free flaws, and Adobe addressed 88 issues across ColdFusion, Commerce, Experience Manager, and Illustrator. Broadcom remediated a critical authentication bypass in VMware Avi Load Balancer (CVE-2026-47865). Organizations are advised to apply updates promptly to mitigate risk.
read more →

Fortinet and INTERPOL Strengthen Cybercrime Response

🔍 Fortinet reinforced its decade-long partnership with INTERPOL at the INTERPOL Partners’ Conference in Lyon, stressing the need for faster, trust-based intelligence sharing to counter AI-accelerated cybercrime. Panel discussions highlighted how AI and agentic systems amplify threats across phishing, fraud, and cybercrime-as-a-service while underscoring the role of FortiGuard Labs in supporting coordinated disruption. The piece calls for sustained public-private collaboration, shared detection methods, and resource support for global law enforcement.
read more →

New Windows Bind Link techniques can evade EDR

🛡️ Bitdefender researchers disclosed three techniques abusing Windows Bind Links — File-Binding, Process-Binding, and Silo-Binding — that let attackers with admin rights redirect file paths in memory so security tools see benign files while malicious payloads run. The methods exploit the bindflt.sys driver and can blind EDRs and bypass defenses like AMSI and AppLocker, though Microsoft assessed the issues as low severity because admin privileges are required.
read more →

Compromised Logins Drive Most Ransomware Intrusions

🛡️ New Sophos analysis shows identity-based attacks and stolen credentials are now the leading initial access vector in ransomware incidents, responsible for 79% of cases. Malicious email and phishing remain significant contributors, while exploitation of known vulnerabilities has decreased. The report urges stronger identity controls, widespread MFA, and adoption of ITDR to reduce risk.
read more →

White House launches AI clearinghouse for vulnerabilities

🛡️ The White House has launched Gold Eagle, an AI-driven centralized clearinghouse to help government agencies, open-source communities, and critical infrastructure operators identify, prioritize, validate, and remediate software vulnerabilities faster. The program, directed by a June executive order on advanced AI innovation and security, aims to reduce duplicative scanning, coordinate reporting and validation, and deliver prioritized remediation guidance while preserving human judgment and enterprise context. Officials say Gold Eagle has already started receiving reports and coordinating remediation efforts across industries.
read more →

New Claude for Chrome bugs let extensions abuse privileges

🔒 Researchers at Manifold Security found two vulnerabilities in Anthropic’s Claude for Chrome extension that let a malicious extension trigger privileged AI actions, including reading Gmail, Google Docs, and Calendar data. The flaws are reproducible in version 1.0.80 and persist eight releases after initial reporting. One issue allows synthetic clicks to bypass user verification due to missing event.isTrusted checks; the other places the extension into an elevated mode via a URL parameter. Manifold urges fixes to validate genuine user interactions and to avoid URL-driven privilege transitions.
read more →