Hello, stay ahead with CISO Brief 🚀

🛠️ AWS announces that DevOps Agent now supports custom SRE agents, bring-your-own sub-agents, and headless access via MCP and A2A protocols. These features let teams automate recurring SRE workflows, extend the agent by connecting external sub-agents, and invoke DevOps Agent from familiar tools such as Kiro and Claude. Additional updates include chat enhancements, incident-skip rules, enhanced knowledge with memories and Git-managed skills, human labeling, dashboards for task quality, and availability in five new Regions.

🛡️ The FBI warned that criminals are using couriers to collect cash from victims of cryptocurrency investment scams, often after banks block suspicious transfers. Scammers build trust through social media or dating platforms, then instruct victims to hand over money to couriers who authenticate with passwords or dollar bill serial numbers. Victims are then shown fake wallet increases and pressured for more funds for alleged taxes or penalties. The FBI urges due diligence on crypto platforms, avoiding cash deliveries, and immediate reporting of incidents.

🔎 Researchers at Varonis chained three bugs into a one-click exfiltration path dubbed SearchLeak that could have pulled emails, calendar entries, and indexed files from Microsoft 365 Copilot Enterprise Search. Because the malicious link used a legitimate microsoft.com domain, URL filters and anti-phishing tools were unlikely to block it. Microsoft assigned CVE-2026-42824, mitigated the issue on its backend, and Varonis released a proof-of-concept without observed exploitation.

🔒 Google Threat Intelligence Group attributes a long-running espionage campaign to UNC6508, a China-linked actor, which exploited exposed REDCap servers to deploy the custom Infinitered malware and exfiltrate sensitive medical research. The intrusion began in September 2023 and persisted through November 2025, with attackers harvesting credentials, maintaining persistent backdoors, and using enterprise email compliance rules to siphon data. Administrators are urged to update REDCap, enable MFA/2SV, and apply provided YARA rules and IoCs to detect infections.

⚠️ Google issued fixes for 74 Chrome flaws, including an actively exploited V8 out-of-bounds memory access (CVE-2026-11645). This week's recap highlights exploited enterprise bugs like Oracle PeopleSoft and Check Point VPN, large-scale supply-chain and package abuse in Arch's AUR, and the takedown of a major phishing-as-a-service operation. Practical guidance and trending CVEs round out the update.

📊 Check Point Research found that organizations in the Central US faced higher weekly cyber attack volumes through May 2026 compared with the national average. The region averaged about 1,552 attacks per week, rising to 1,612 in May versus a national 1,442. Energy, healthcare, and financial services drove the regional increases, with energy up 45% and healthcare the most targeted by volume.

📈 Check Point Research warns of a sharp seasonal surge in travel-related cyberattacks ahead of summer 2026, with the hospitality sector experiencing a 24% year-over-year increase in weekly attacks and a 122% rise over three years. The team found nearly 50,000 new travel-related domains in May 2026—many linked to coordinated bulk-registration campaigns—and active phishing sites impersonating major booking platforms to harvest credentials and payments. Travelers are urged to verify domains, use credit cards, enable two-factor authentication, and avoid clicking links in unsolicited messages.

🔒 Microsoft fixed a critical vulnerability chain named SearchLeak in Microsoft 365 Copilot Enterprise that could let attackers exfiltrate mailbox, OneDrive, and SharePoint data via a single crafted URL. Researchers at Varonis chained a parameter-to-prompt injection, an HTML rendering race condition, and a Bing SSRF-based CSP bypass to make Copilot fetch and leak sensitive content. The issue was addressed as CVE-2026-42824 and requires no user action now that Microsoft patched it.

🔒 Fortinet highlights World Economic Forum guidance showing how AI is transforming cybersecurity and why public-private cooperation matters. The piece notes that while 91% of organizations are using or testing AI security tools, skill shortages persist and create risk. The Forum’s “Empowering Defenders” paper, to which Fortinet contributed, emphasizes operational integration, governance, workforce readiness, and practical pilot-to-scale approaches for AI in security.

🚨 Enterprises using the open-source AI orchestration platform Langflow are urged to apply a patch for a high-severity path traversal flaw that enables arbitrary file writes and, in some environments, remote code execution. The vulnerability stems from improper handling of uploaded filenames at the /api/v2/files endpoint and was fixed in version 1.9.0, though exploitation has been observed in the wild. Public proof-of-concept code and exposed instances increase risk for unpatched deployments.

🔒 Infinite Campus disclosed a Salesforce data theft in March that exposed personal information for school staff across its K‑12 customer base. The attacker, linked to groups known for targeting Salesforce instances, allegedly leaked a 1.2GB archive. Have I Been Pwned found data from 137,100 accounts, including names, emails, job titles and contact details. Infinite Campus said most exposed items appear to be directory information commonly published by schools.

🛡️ New research shows that reasoning-based AI agent guardrails can be weaponized into denial-of-service vectors by a single poisoned document that traps safety systems in extended thinking loops. The study, from the Hong Kong University of Science and Technology and collaborators, demonstrated large slowdowns across four agent frameworks, with LangGraph suffering the worst impact. The work highlights a tradeoff where stronger guardrail reasoning increases resource use and introduces concentration risk for shared governance.

🔎 Cybersecurity researchers uncovered 152 Chrome wallpaper extensions that distribute a potentially unwanted program (PUP) family across 38 publisher accounts and three brand backends, collectively installed 105,000 times. Each listing claims not to collect data, but linked privacy policies admit logging IPs, ISPs, clicks, and referrers, shared with Google AdSense, DoubleClick, and third-party partners. Some extensions hard-code install and uninstall URLs to fake organic Google search referrals and include dormant code to enumerate and delete IndexedDB databases. Socket assesses the cluster as a financially motivated adware and traffic-fraud affiliate operation with possible ties to Turkey.

🛡️ The FCC has proposed a rule that would eliminate so-called burner phones by requiring telecom providers to collect and retain detailed personal information from virtually all phone customers. The rule would mandate submission of government-issued ID numbers, physical addresses, and additional data for business and foreign accounts, raising alarm among privacy and civil rights advocates. Supporters argue the changes target scammers and illicit activity, while critics warn of significant privacy, surveillance, and cybersecurity consequences if carriers must store this expanded dataset.

🛡️ Over 50 cybersecurity professionals have urged the US government to lift its export-control directive that suspended access to Anthropic’s Mythos 5 and Fable 5 LLMs. The directive, issued on June 12, led Anthropic to suspend access to both models while it complies with the government order, which cited national security concerns tied to alleged guardrail bypass research. The signees argue the ban removes valuable defensive capabilities and call for a transparent, scientific AI risk-assessment process.

🛡️ Enterprises are facing an invisible workforce: non-human identities (bots, service accounts, API keys, tokens, certificates) that now often outnumber humans. These ghost identities authenticate constantly across environments and, when unmanaged, accumulate privileges and risks. The industry has seen incidents where forgotten or third-party machine identities enabled widespread breaches, and a looming 2026 certificate-expiration wave threatens cascading outages. Organisations must prioritise governance—discovering NHIs, assigning ownership, auditing privileges, and addressing imminent certificate expirations—before tool selection.

🛡️ An attacker served tampered JavaScript used by PushEngage, OptinMonster, and TrustPulse, executing only when a logged-in WordPress administrator loaded the files. The malicious code created an attacker-controlled admin account, installed a hidden plugin backdoor providing remote code execution, and exfiltrated credentials to a fake tidio[.]cc domain. Sansec disclosed the campaign on June 13; PushEngage confirmed exposures that lasted longer than the brief windows seen for the other plugins. Site owners should treat any site that loaded the affected scripts during the window as compromised and perform server-side scans and credential rotations immediately.

🔎 The UK government's GC3 ran weekly in-person hackathons using frontier AI models to scan public code repositories across nine departments, identifying 407 findings including authentication bypasses, data exposure and remote code execution. Teams built diverse pipelines combining models and traditional tools like Gitleaks, Trivy and Semgrep, and all exploitable critical and high-risk issues were remediated. The initiative highlighted the benefits of tightly scoped model components, the need for human triage, and cost-effective scanning, though export restrictions on some models may affect future work.