Hello, stay ahead with CISO Brief 🚀

🛡️ AWS announces Continuum for code vulnerabilities in gated preview, designed to manage the full lifecycle of code vulnerabilities at machine speed. The service reasons over structured AWS data and unstructured organizational context, is model‑agnostic, and operates in continuous phases from discovery to remediation. It begins in a human‑in‑the‑loop learn mode and can be graduated to enforce mode for automated remediation, and incorporates pen testing, code scanning, and threat modeling capabilities.

🔒 A newly discovered data leak called FortiBleed appears to expose Fortinet and FortiGate VPN credentials for 73,932 firewall URLs worldwide. Researcher Bob Diachenko discovered a server containing usernames, emails, and plaintext passwords and linked the collection to a Russian-speaking multi-operator group that performed massive credential harvesting and cracking. Hudson Rock and other researchers validated the dataset, noting impacts across many industries and countries, and urged affected organizations to rotate credentials and enforce MFA.

🛠️ AWS DevOps Agent now includes a release management capability in preview that reviews code changes for release readiness and runs autonomous release testing to improve production deployments. The feature evaluates drift from internal standards, dependency impacts, and access controls, and maps cross-repository dependencies to surface breaking changes. It also generates and executes test plans for web and API applications in customer environments to catch regressions and integration issues. The preview is available in US East (N. Virginia) at no additional cost.

🛡️ The Estonian AI Council proposes government-backed digital identities for AI agents to define delegated powers and responsibilities. Prime Minister Kristen Michal emphasized that clear attribution, rights, and accountability are essential as AI increasingly acts on behalf of people and organizations. The ID could specify permissions such as data viewing, document editing, or making payments with defined limits. Estonia aims to leverage its digital ID leadership and become the first country to formalize agent identities.

🛡️ New research from Group-IB describes the GitBait campaign, a multi-year phishing operation targeting Mexican banks that used GitHub Pages for hosting and SheetBest to exfiltrate credentials into Google Sheets. The operation relied on modular phishing kits, automated publishing, and crafted Open Graph tags to spread links via messaging apps while evading search indexing. Group-IB reported over 100 GitHub-hosted domains and urges banks to monitor brand abuse and suspicious traffic to cloud services.

📈 The Zscaler 2026 AI Threat Report warns that sensitive enterprise data uploaded to AI and ML applications nearly doubled year-over-year, driven largely by tools like Grammarly and ChatGPT. The report found a 93% increase in enterprise data transfers and identified over 410 million DLP violations tied to ChatGPT and 242 million for Codium, exposing PII, financials, source code and healthcare data. Zscaler recommends inventorying GenAI apps, disabling risky defaults, enforcing zero trust for model interactions and applying inline inspection to protect sensitive information.

📰 India blocked Telegram until June 22 after leaked exam materials circulated on the platform, prompting Telegram CEO Pavel Durov to allege BGP hijacking by Reliance that affected users as far as the UAE. The ban, and an additional restriction on message editing, prompted legal challenges and criticism from digital-rights groups calling the move disproportionate. Analysts confirmed a routing leak from AS18101 via FLAG Telecom but dispute claims of deliberate sabotage; MTProto proxies are recommended to restore access.

🔍 Check Point Research uncovered a coordinated campaign that built a cross-platform false reputation to push a crypto clipboard hijacker. The actor used WordPress phishing hubs, multiple GitHub and SourceForge projects, AI-narrated YouTube tutorials, and forum posts to manufacture trust and inflate engagement. The campaign targeted Windows and macOS, including a macOS persistence mechanism, and manipulated reputation systems like VirusTotal to make malicious files appear safe.

🔍 A Filigran survey of 168 security leaders at Infosecurity Europe 2026 found AI-powered attacks are the leading worry, cited by 41% of respondents, outpacing supply chain and unknown threats. Teams report alert fatigue as a major time sink, with chasing false positives (26%) and validating risks (25%) common. Trust in threat intelligence and AI decision-making remains low, and only 28% have a continuous exposure management program.

🛡️ Amazon Web Services announced that Amazon Bedrock AgentCore now supports Bedrock Guardrails in policy, enabling enterprises to enforce safety and security controls on AI agents in production. AgentCore policy authorizes which actions agents can take and now evaluates outputs and gateway inputs in real time to detect and block prompt injection, harmful content, and sensitive data exposure. Guardrail enforcement occurs at the AgentCore gateway perimeter, with all evaluations logged via AgentCore observability for auditing and optimization. The capability integrates with existing gateway deployments, supports natural language or policy-as-code authoring, uses consumption-based pricing, and is available in multiple global AWS regions.

🚀 Amazon Bedrock AgentCore announces general availability of its managed agent harness, enabling teams to deploy production-grade agents in minutes. The harness handles orchestration, tool execution, session isolation, persistent memory, failure recovery, and context management so customers define agents via configuration rather than coding the loop. It supports any model, mid-session model switching, integrated security and observability, and exports to code for custom orchestration, and is available today in all AWS Commercial Regions where AgentCore is offered.

🛠️ Microsoft is investigating reports that certain third-party applications may be unable to launch Word, Excel, PowerPoint, Access, and other Office apps or open documents after installing Windows updates released on or after June 9, 2026. The problem affects apps that use OLE automation, sometimes causing Office apps or documents to fail to open without an error. Microsoft advises opening Office files directly or contacting Microsoft Support for Business for enterprise workarounds while a fix is developed.

🔒 A design flaw in the Vertex AI SDK for Python allowed attackers to hijack model staging buckets across projects by predicting bucket names derived from project ID and region. Unit 42 researchers called this class of issue Bucket Squatting, where global bucket name uniqueness enabled pre-creation and silent takeover. The flaw could lead to cross-tenant model poisoning and remote code execution via pickle deserialization. Google issued fixes in SDK versions 1.144.0 and 1.148.0 and users should upgrade.

🔍 AI red teaming identifies how deployed AI systems can be manipulated or misused in real operational contexts. It tests the interaction of models with prompts, retrieval, tools, and workflows to produce actionable attack paths rather than isolated examples. This adversarial, continuous approach complements traditional security by focusing on intent, context, policy, and business impact. Teams should inventory systems, threat model by risk, red team early and often, and re-test after changes.

📰 The Trump administration disclosed an inventory of 3,611 active or planned AI use cases across the federal government, a 70% increase from the Biden-era list, including controversial proposals ranging from grant screening to inmate risk assessment and nuclear reactor control. The brief disclosures lack meaningful context, public consultation, and consistent impact labeling, limiting oversight. The authors argue for rigorous transparency, public comment, and risk assessment frameworks, citing France and Canada as stronger models, while acknowledging some beneficial uses like machine translation.

🔍 Intruder analyzed 3,000 internet-facing attack surfaces to identify services that have no business being publicly reachable. Their 2026 Attack Surface Management Index found widespread exposure: 60% had at least one HTTP admin panel exposed, 49% had risky ports/services, 42% had internet-accessible databases, and 30% had publicly accessible files or documentation. The report lists the ten most common exposures and urges a shift from pure patching to active attack surface reduction.

🛡️ The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity vulnerability in the Widget Factory Joomla Content Editor (JCE) plugin, tracked as CVE-2026-48907, which is being actively exploited in the wild. The flaw allows unauthenticated attackers to upload and execute PHP code via new editor profiles in affected Joomla deployments. JCE released version 2.9.99.6 in early June and urged immediate updates, noting that updates do not remove existing compromises and outlining remediation steps for infected sites.

🛡️ The Council of the EU approved Ukraine’s inclusion in the EU Cybersecurity Reserve on June 16, allowing the Ukrainian government to request emergency EU cyber support for large-scale incidents. Managed by ENISA, the reserve leverages 47 trusted private providers who passed an ownership control assessment. The initiative is funded under the Digital Europe Work Programme 2025–2027 and grounded in the EU Cyber Solidarity Act.