Hello, stay ahead with CISO Brief 🚀

🛡️ Researchers at Graz University of Technology describe FROST, a novel side-channel technique that uses the browser's origin private file system (OPFS) to monitor SSD timing and infer user activity. A malicious webpage leveraging OPFS can repeatedly access storage, measuring micro-delays that reveal what apps or websites are active. The team demonstrated data transmission rates around 660–720 bits/s with ~90% accuracy and used AI to classify app and site fingerprints. Practical constraints — RAM caching, large file creation, and likely EDR/XDR detection — limit FROST to targeted attacks, but it highlights hardware-level blind spots in modern security.

🔒 Check Point announced it has joined OpenAI’s Trusted Access for Cyber (TAC) program and the Daybreak initiative to access advanced cyber-capable models. The company will use GPT-5.5, OpenAI’s Codex agentic framework, and direct support from OpenAI to enhance threat analysis, incident investigation, detection engineering, and secure code review. Check Point emphasizes disciplined, focused application of these models to strengthen prevention, speed delivery, and maintain product security for enterprise customers.

🔒 CISA has issued Binding Operational Directive 26-04 requiring US federal agencies to shift from rigid, deadline-driven patching to a risk-based remediation model that prioritizes actively exploited threats. The directive ties remediation windows to risk — including a three-day forensic and patching requirement for the most critical flaws — and consolidates previous mandates into a single framework. It replaces CVSS-based prioritization with a four-factor risk assessment and gives agencies 180 days to meet the new timelines.

🛡️ Fortinet researchers uncovered a campaign where threat actors disguise malware as AI study guides and developer resources to deliver a multi-stage attack culminating in the AsyncRAT trojan. The booby-trapped archives contain shortcut (LNK) files and hidden documents that trigger staged scripts, using trusted system tools and AutoHotkey repurposed as an execution engine to evade detection. Attackers deploy scheduled tasks disguised as Realtek services, process hollowing to run payloads inside legitimate .NET processes, and hide components in decoy files to keep victims unaware while PowerShell stages execute silently.

🛡️This week’s briefing highlights a surge in polished, commodified cybercriminal tools and large-scale data exposures. Notable items include a public supply-chain attack toolkit, a $5,000/month RAT that clones browser profiles, and research showing AI agents can be induced to leak credentials. The roundup covers high-impact incidents, evolving malware-as-a-service offerings, targeted intrusion campaigns, and concerning platform privacy changes.

🔒 ServiceNow notified customers after remediating a vulnerability that allowed an unauthenticated API endpoint to return tenant data under certain configurations. The issue, first reported via the vendor’s bug bounty program in April, prompted hosted updates on June 5 and guidance for self-hosted deployments. ServiceNow says affected instances were a subset of tenants and that observed activity appears linked to security researchers, though investigation continues. Customers are urged to apply updates and review logs for signs of unauthorized access.

🔒 Check Point Research discovered a critical vulnerability chain in LangGraph, an open-source AI agent framework with ~46.5M monthly downloads, that can lead to full remote code execution. The issue centers on the checkpointer persistence layer where an SQL injection in get_state_history() can be chained with a msgpack deserialization flaw to execute attacker-controlled code. Three CVEs were assigned and patched; affected teams should upgrade and place authentication and network controls in front of self-hosted deployments.

🔒 The Personal Information Protection Commission (PIPC) fined e-commerce firm Coupang 624.6 billion won (~$409M) after a major data breach that exposed about 37.55 million people’s information. A subsidiary, Coupang Fulfillment Service, was also fined 248 million won for unlawful handling of personal and sensitive data. Investigators cited poor authentication key management, inadequate access controls, delayed breach disclosure, interference with the data protection officer’s independence, and obstruction of the probe.

🔒 The Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive 26-04 to require Federal Civilian Executive Branch agencies to prioritize and accelerate patching of high-risk vulnerabilities. The directive sets remediation timelines based on asset exposure, presence in CISA's Known Exploited Vulnerabilities (KEV) catalog, exploit automation risk, and potential for system control, with the shortest deadline as three days. It supersedes previous BODs and applies to on-premises, third-party hosted, and cloud environments, excluding certain military, intelligence, and contractor systems.

🔒 A global ISC2 study of nearly 1,000 enterprise security leaders finds training budgets have risen but staff lack time to complete upskilling. AI is the top emerging skill organizations are addressing, yet practical barriers—competing workloads, outdated content, and trainer shortages—limit participation. Leaders urge protected, scheduled learning time and managerial support to make training effective.

🛡️ An Interpol-led operation, Operation Ramz, targeted cybercrime across 13 MENA countries from October 2025 to February 2026, yielding 201 arrests and the seizure of 53 servers. Group-IB disclosed that the crackdown resulted in the takedown of the SniperDz phishing-as-a-service platform and the arrest of its primary developer in Algeria. SniperDz operated since at least 2015, offering phishing kits and hosting, and was linked to tens of thousands of fake domains and hundreds of thousands of phishing pages. Investigators attributed the platform through OpSec failures, social media traces and shared intelligence that enabled law enforcement disruption.

🔎 A surveillance company proposes adding Bluetooth sensors to automatic license plate readers (ALPRs) so devices could capture both license plates and unique identifiers from phones, wearables, and other Bluetooth-enabled devices. Called SignalTrace, the technology would enable ALPRs to move from vehicle tracking to more direct tracking of specific people. ALPRs are widespread across the U.S., and SignalTrace would significantly increase the scope of data collected. While concerning, the proposal highlights broader issues given how much data smartphones already gather.

🔍 Insurers report a marked increase in extortion-only incidents where attackers rely on data theft rather than encryption. Resilience found that 65% of extortion claims in H2 2025 did not involve encryption, and data theft accounted for 87% of ransomware claims by year-end. The report warns that paying for data suppression is unreliable, with 30–40% of paid cases still resulting in leaks, and recommends prevention, tabletop exercises, and pre-incident legal and response retainers.

🔎 AI agent skills can install third-party capabilities with privileged access, yet registries lack automated audits. Palo Alto Networks introduces Behavioral Integrity Verification (BIV), which compares declared metadata, executable code and natural-language instructions to detect mismatches. Applied to the OpenClaw registry, BIV found widespread deviations and identified multi-stage attack chains that enable credential theft, RCE and exfiltration. The report recommends inventorying skills and requiring pre-install behavioral checks.

🔍 AI agents can help SRE teams with incident response, triage and automation, but trust is granted only when agents demonstrate reliability under real-world stress. Teams need robust observability, explicit guardrails, human-in-the-loop workflows and explainability so recommendations are evidence-backed rather than speculative. Progressive autonomy, post-incident evaluation and compatibility with existing tools are essential for safe adoption.

🔍 Lumen’s Black Lotus Labs reports a China-linked botnet called JDY has grown to over 1,500 compromised SOHO and IoT devices used to rapidly discover and fingerprint internet-facing systems after public vulnerability disclosures. The activity, tied to nation-state actors including Volt Typhoon, enables persistent, distributed reconnaissance that can evade geofencing and IP-reputation controls. Researchers warn this marks a shift toward industrialized pre-exploitation scanning and undermines traditional perimeter patch and monitoring assumptions.

🔍 ESET links the Vietnam-aligned APT group OceanLotus to two campaigns delivering the SPECTRALVIPER backdoor against a transport construction firm and stock investors via a FireAnt Metakit supply-chain compromise between mid-2024 and March 2026. The actor used DLL side-loading and update-server abuse to deploy loaders and steal host profiles, signaling a shift toward more selective domestic espionage.

🛡️ Researchers describe a new "agentjacking" attack that tricks AI coding agents into executing arbitrary code by injecting malicious instructions into Sentry error events. Tenet Security says the flaw leverages Sentry DSNs — public, write-only credentials — to post crafted markdown that appears as legitimate remediation guidance. Agents retrieving unresolved errors via MCP render the injected content as trusted and may execute the embedded commands with developer privileges. The report confirmed high exploitability across popular agents and thousands of exposed DSNs.