Hello, stay ahead with CISO Brief 🚀

🔧 Google announces Brazos, a rack-mounted, closed-loop liquid-to-air cooling solution designed to enable high-density AI and HPC gear within traditional air-cooled data centers. Brazos separates the internal IT liquid loop from facility water, enabling one-rack-at-a-time deployment and avoiding costly chilled-water retrofits. The modular design features three cooling units, integrated rack manifolds, and hot-swappable FRUs for field serviceability, and it fits OCP ORv3 form-factor racks. Google plans to open-source Brazos specifications and encourage industry adoption through forums like the Open Compute Project.

🔍 Google is updating Looker Explore with integrated AI assistants and a refreshed interface to help users surface insights faster. The release includes ad hoc Quick Starts powered by Gemini models, a Conversational Analytics-powered Insight Assistant for natural-language prompts, and automatic translation of user descriptions into Looker Expression syntax. The UI improvements include a resizable field picker, contextual data table menus, visual pivots, and a redesigned Merge Query workflow with smart joins and higher row limits.

🔒 The UK will ban under-16s from social media and require age checks for new accounts, likely via ID upload or facial age scans, with regulations due before Christmas and rules effective spring 2027. Longstanding accounts are largely grandfathered, but new account creation will typically need verification. Experts warn checks are easy to circumvent, risk exposing ID/biometric data, and were pushed through with limited scrutiny. The government cites parental support and aims to restrict high-risk features and certain AI chatbot functions.

🛡️ Attackers abuse NTFS junctions to create recursive directory loops that generate effectively infinite file paths, causing recursive scans and EDR products to hang. With only write access, an attacker can create junctions that point back to parent folders, producing GhostBranch or the more expansive GhostTree structures. These loops multiply possible paths exponentially, preventing file scanners from reaching malicious files and enabling evasion. Microsoft was notified and later patched the issue.

🛠️ Siemens and Google Cloud built Knowledge Fabric, an AI system using knowledge graphs on Spanner Graph, the Google Agent Development Kit, and LLM APIs to modernize large industrial codebases. The platform models code relationships with GQL, uses embeddings and ANN for semantic search, and combines full-text search to deliver precise impact analysis. By "slicing the elephant," agentic workflows break large refactors into smaller tasks with human oversight, reducing engineering effort and preserving system integrity.

📰 The FTC reports Americans lost $3.5 billion to imposter scams in 2025, with these schemes comprising nearly one in three fraud reports. Scammers used texts, calls, emails, social media, and search results, with social platforms driving over $2.1 billion in losses. Business and government impersonators caused the largest harms, and the FTC has pursued enforcement under its Impersonation Rule to seek redress.

🔒 Researchers have detailed Rokarolla, an Android banking trojan that not only steals credentials but effectively seizes control of phones to isolate victims from banks. The malware spreads via fake sites posing as TikTok or Chrome and uses a dropper impersonating Google Play Protect to install a second-stage payload. Rokarolla abuses Android Accessibility Services, makes itself the default call and SMS handler, hides its icon, mutes alerts and captures screenshots and overlays fake login screens to harvest bank and crypto credentials.

🤖 Starting today, AWS Partner Central agents qualify every co-sell opportunity in real time and make actionable recommendations to accelerate AWS engagement and deal progression. Building on agents released March 16, 2026, the agent can act on the partner's behalf via conversation to enrich opportunity details, removing manual review delays. Each opportunity now receives an Opportunity Quality Score and is matched to a co-sell motion—AWS field-engaged, Agent-engaged, or Partner-led—with the score and motion recalculated in real time as recommendations are applied.

🤖 AWS Marketplace introduces AI-assisted product listing within the Partner Assistant chat to help Independent Software Vendors (ISVs) and Consulting Partners create optimized product listings using existing digital assets. The assistant imports content from websites, PDFs, case studies, and documentation, then generates, validates, and formats listing fields to meet AWS Marketplace requirements and improve search discoverability. Field-level recommendations and a quality score help partners align listings with best practices. Available via AWS Partner Central, the AWS Marketplace Management Portal, and programmatically through the Partner Agent MCP server; not available in AWS GovCloud (US) or China Regions.

🔐 A new report from ISSA and Omdia, surveying 380 practitioners, finds 68% of cybersecurity professionals say their jobs have become harder in the past two years. The study highlights that >70% are excluded from key technology decisions, with rising involvement from IT operations and platform engineering (79%) and tech choices made without cyber input (72%). Work-related stress is significant: 69% report work-life balance challenges and 47% have considered leaving due to stress. Respondents point to leadership commitment, compensation, and career support as key factors for job satisfaction.

🔒 Google warns that a China-associated threat actor, UNC6508, ran a prolonged espionage campaign targeting US and Canadian research environments by abusing legacy versions of REDCap. The attackers trojanized upgrade processes with modular malware called INFINITERED to achieve persistence, harvest credentials, and maintain a backdoor. GTIG recommends inspecting REDCap files, validating upgrades, and enforcing stronger authentication and DLP controls.

🔍 A recent study of over 200 security practitioners by Spur Intelligence shows anonymizing infrastructure—VPNs and residential proxies—appears in nearly every incident, yet many teams lack the context and workflows to act on IP data. Analysts increasingly face noisy enrichment feeds without attribution, behavioral signals, or automation to inform real-time decisions. Organizations remain reactive, applying IP intelligence mainly during investigations, while internal risks from employee VPNs and proxy usage add blind spots that zero-trust must address.

🔒 Researchers report that DragonForce operators covertly used Microsoft Teams TURN relay servers to mask command-and-control traffic while infiltrating a major US services firm during a 2025 campaign. The attackers deployed a Go-based RAT, named Backdoor.Turn, which obtained anonymous Teams visitor tokens and established QUIC sessions to attacker-controlled servers. They also exploited an undocumented Huawei driver vulnerability and modified system settings to maintain persistence, exfiltrate data and deploy DragonForce ransomware.

📷 Multiple instances nationwide show police using the Flock surveillance camera system to obsessively and illegally stalk individuals. Reports indicate over a dozen cases where the system has been misapplied, raising privacy and civil rights concerns. The pattern highlights how persistent surveillance technologies can be abused without adequate oversight. Flock deployments and law enforcement practices are facing increased scrutiny.

🔒 Chainguard has launched Athena, an industry coalition announced on June 16 to protect open-source software from attacks facilitated by frontier AI models. Founding members include BNY, Cisco, Cloudflare, Docker, JPMorganChase, PwC and others. Athena pools vulnerability findings into a shared platform, applies private patches and provides mitigations to members before public disclosure. The initiative aims to coordinate upstream fixes and partner with the Linux Foundation for broader incident response support.

⚠️ CISA has ordered federal agencies to secure servers against an actively exploited LiteSpeed cPanel user-end plugin flaw (CVE-2026-48172 / CVE-2026-54420) that can allow privilege escalation to root on shared hosting with CloudLinux/CageFS. The vulnerability affects plugin versions prior to 2.4.8 and stems from a UNIX symlink following weakness; LiteSpeed released urgent updates and provided a command to check for compromises. Agencies must comply with BOD 26-04 and remediate systems within three days per the Known Exploited Vulnerabilities Catalog.

🔍 Threat intelligence firm Defused Cyber reports active exploitation of three high-severity Fortinet FortiSandbox vulnerabilities observed within 24 hours. The flaws — CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 — are high-severity (CVSS 9.1) issues involving path traversal and OS command injection that can enable unauthenticated attackers to bypass authentication or execute commands. Fortinet issued patches for the first two in April 2026 and fixed the third last week; defenders are cautioned to apply updates promptly.

🔒 Symantec warns that DragonForce ransomware used a custom Go-based backdoor, Backdoor.Turn, to hide command-and-control traffic by abusing Microsoft Teams' TURN relay infrastructure. The malware obtains anonymous Teams visitor tokens and tunnels C2 communications through legitimate TURN relays, making malicious traffic appear as normal Teams activity. The campaign, observed in December 2025, also used BYOVD drivers for kernel privileges and extensive post-exploitation tools to exfiltrate data and deploy ransomware.