Hello, stay ahead with CISO Brief 🚀

🛡️ Multiple npm packages under the @mastra/* namespace were mass-published with a malicious dependency on June 16–17, 2026, enabling a supply-chain campaign named easy-day-js. The injected library, easy-day-js, executes an obfuscated postinstall payload that downloads a second-stage trojan from attacker infrastructure and disables TLS validation. Victims should treat any systems that installed the affected versions as potentially compromised, roll back to safe releases, rotate secrets, and audit hosts for signs of the stealer.

🔒 Kodak has confirmed an investigation after an unauthorized third party gained temporary access to a limited amount of company data. The company engaged external cybersecurity experts and is working with law enforcement, asserting there is no threat to systems or operations. The ShinyHunters extortion group has claimed responsibility, alleging over 2.2 million records were stolen and threatening to leak the data.

🔒 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a maximum-severity flaw in Widget Factory's Joomla Content Editor (JCE) to its Known Exploited Vulnerabilities catalog, citing active exploitation. Tracked as CVE-2026-48907 (CVSS 10.0), the improper access control bug allows unauthenticated creation of editor profiles and potential PHP code upload and execution. The flaw affects JCE versions 1.0.0 through 2.9.99.4 and was patched in 2.9.99.5 on June 3, 2026; FCEB agencies must apply fixes by June 19, 2026.

📧 Microsoft’s benchmarking suggests Defender for Office 365 catches most malicious and spam email pre-delivery and removes nearly all threats that reach inboxes, with integrated partners adding negligible improvement. Experts caution against interpreting raw catch rates as proof that one-vendor stacks suffice, noting that small percentages can still represent high-impact incidents and that diverse tools and detection methods remain valuable.

🛡️ Amazon Bedrock Guardrails introduces the InvokeGuardrailChecks API, a resourceless endpoint that lets you apply individual safeguards at any step of agentic AI workflows without creating guardrail resources. The API returns numeric severity and confidence scores so you can set custom thresholds and actions — block, pass, retry, or log — per request. It supports content filters, prompt attack detection, and sensitive information filters and is available in multiple AWS Regions.

🔍 AWS Transform now provides a model-to-model migration custom transformation that evaluates generative AI workloads and generates a migration plan to Amazon Bedrock. The agent scans codebases to identify AI SDKs and models, collects migration requirements interactively, and maps models to Bedrock equivalents with cost comparisons and production-ready code changes. It preserves application architecture while recommending routing, caching, and Bedrock integrations for secure, consolidated deployment.

🛡️ A coordinated campaign on the JetBrains Marketplace used at least 15 malicious IDE plugins to exfiltrate developers' AI provider API keys. Discovered by Aikido Security, the plugins—posing as AI assistants, code-review tools, and Git utilities—sent keys to a hardcoded server when users clicked "Apply" after entering credentials. Published from October 2025 through June 2026, these plugins were installed nearly 70,000 times and remain available on the Marketplace at the time of reporting.

🔍 Amazon S3 Vectors now returns up to 10,000 similarity search results per query, a 100x increase from the prior limit. This larger topK helps applications retrieve a more comprehensive candidate set for multi-stage pipelines that perform reranking, aggregations, or deduplication. Use the latest AWS SDK and specify up to 10,000 results in QueryVectors; results are paginated so you can process the first page while additional pages are fetched. A small data-returned fee applies beyond the free 512 KB per query.

🛡️ A new Android banking trojan called Rokarolla targets 217 banking and cryptocurrency apps and supports 137 commands. Distributed via malicious sites posing as Chrome or TikTok installers, it requests Accessibility and other sensitive permissions to gain near-complete control of infected devices. Researchers at Zimperium report it harvests SMS, contacts, keystrokes, screenshots, and lock-screen credentials while displaying phishing overlays and disabling protections like Google Play Protect.

🛡️ Palo Alto Networks Unit 42 disclosed a flaw in the Google Cloud Vertex AI Python SDK that let an attacker with only their own Google Cloud project and a victim's project ID hijack model uploads and execute code in Vertex AI serving containers. Google fixed the issue; users must update to google-cloud-aiplatform version 1.148.0 or later and explicitly set a staging_bucket. The bug arose from predictable default bucket names and lack of ownership checks, enabling an attacker to precreate the bucket, swap uploaded model files (often pickled), and run malicious code when Vertex AI loaded the model.

🔍 AWS Transform for mainframe now provides a connected, traceable reimagine workflow that takes organizations from portfolio assessment through code generation. The service identifies discrete business functions in z/OS COBOL and PL/I workloads, generates development-ready requirements, and produces traceable cloud-native code. Integrations with IDEs such as Kiro via MCP enable requirements and code to flow directly into developer environments with full auditability.

🛡️ Researchers at Kaspersky report threat actors abusing Steam Workshop to distribute malware via the Wallpaper Engine app. Attackers upload malicious application-type wallpapers that execute payloads when installed, leading to account theft, backdoors, miners, and information stealers. Valve removed the identified items, but users are advised to only download from trusted creators and scan Workshop content with up-to-date antivirus.

🔎 This post explains how subdomain takeover occurs when dangling DNS CNAME records point to deleted AWS resources and how attackers can reclaim those names to serve malicious content. It describes which AWS services use globally claimable namespaces (notably S3, CloudFront, and Elastic Beanstalk), outlines potential impacts such as reputation damage and phishing, and recommends detection using AWS Config inventory checks rather than DNS resolution. The article also summarizes a reference implementation that deploys a Lambda-based Config rule, Security Hub findings, optional SNS alerts, and mitigation best practices including deleting DNS records before resources and adopting account regional S3 namespaces where applicable.

🛡️ Multiple ClickFix campaigns have been linked to three distinct loaders — BabaDeda Loader, Lorem Ipsum Loader, and Potemkin — delivering information stealers, backdoors, RATs, and other payloads against diverse sectors. The attacks rely on social-engineered ClickFix lures that trick victims into running PowerShell or command sequences, then use staged techniques such as hidden PowerShell, DLL side-loading, in-memory shellcode, and external payload storage to evade detection. Researchers from Morphisec, BlueVoyant, and Huntress attribute the campaigns to evolving, modular loader frameworks that separate delivery, storage, execution, and payload deployment for greater stealth.

🛡️ Google has been named a Leader in the 2026 IDC MarketScape for Worldwide SIEM, reflecting investments in Google Security Operations that combine Mandiant expertise, automation, and integrated AI agents. The report highlights strengths such as agentic alert triage, vertical AI integration with Gemini, curated Mandiant detection content mapped to MITRE ATT&CK, and high-performance search over large data volumes. These capabilities aim to reduce analyst workload and accelerate detection and response.

🔐 AWS Sign-in now supports resource-based policies and resource control policies (RCPs) for the AWS Management Console. These policies let administrators restrict console sign-in to expected networks and are evaluated during sign-in and when the console session requests new credentials. Resource-based policies target individual AWS accounts while RCPs apply organization-wide via AWS Organizations. Administrators can combine these controls with AWS Management Console Private Access to manage allowed sign-in networks and account access across their environment.

🚀 Amazon Redshift has made RG instances, powered by AWS Graviton processors, generally available in Africa (Cape Town), Asia Pacific (Bangkok), and Mexico (Central). These Graviton-based instances deliver up to 4.2X better price-performance for data warehouse workloads, run up to 2.4x faster than prior RA3 instances, and cost 30% less per vCPU. Customers can provision rg.xlarge and rg.4xlarge nodes, upgrade from RA3, and benefit from built-in savings including incremental snapshot metering by unique data blocks and elimination of Redshift Spectrum scanning charges.

🔧 Google announces Brazos, a rack-mounted, closed-loop liquid-to-air cooling solution designed to enable high-density AI and HPC gear within traditional air-cooled data centers. Brazos separates the internal IT liquid loop from facility water, enabling one-rack-at-a-time deployment and avoiding costly chilled-water retrofits. The modular design features three cooling units, integrated rack manifolds, and hot-swappable FRUs for field serviceability, and it fits OCP ORv3 form-factor racks. Google plans to open-source Brazos specifications and encourage industry adoption through forums like the Open Compute Project.