Hello, stay ahead with CISO Brief 🚀

⚠ Forescout's BRIDGE:BREAK study finds serial-to-Ethernet adapters widely shipped with outdated kernels and insecure open-source components, exposing industrial, healthcare, and retail equipment to attack. Researchers report firmware images averaged roughly 80 OSS components and nearly 2,500 known vulnerabilities with public exploits present. Manual analysis uncovered 22 new flaws in Lantronix and Silex devices enabling RCE, authentication bypass, firmware tampering, and device takeover. Vendors released patches; operators should patch, remove internet exposure, enforce strong credentials, segment networks, and monitor for misuse.

🔍 Claude Mythos Preview uncovered 271 security flaws in Firefox 148, all addressed in Firefox 150, prompting claims that the model can match human researchers in vulnerability discovery. Mozilla and security experts say Mythos closed significant gaps left by fuzzing and automation, though Anthropic is investigating reported unauthorized access to the model. Teams are urged to adopt continuous AI-assisted testing and treat models as privileged infrastructure.

🛡️ Security researchers at Socket and StepSecurity have identified malicious versions of pgserve and automagik published to the npm registry that execute a credential-harvesting payload during installation. The trojans collect tokens, SSH keys, cloud credentials (AWS, Azure, GCP), browser passwords and crypto wallet funds, and attempt to propagate by using any npm publish tokens found on infected machines. Stolen data is encrypted and exfiltrated to a decentralized ICP canister, chosen specifically to resist takedown. Developers are urged to rotate all credentials immediately, disable automatic postinstall scripts (npm config set ignore-scripts true), harden CI/CD egress and tighten token scopes.

🚀 At Google Cloud Next ’26, Google presented a unified stack to move AI into enterprise production, anchored by Gemini Enterprise as the connective tissue between data, people, and goals. Key launches include the Gemini Enterprise Agent Platform for building, scaling, governing, and optimizing agents, and the AI Hypercomputer with next-generation TPU 8 chips. Google also outlined the Agentic Data Cloud to ground agents in enterprise context, expanded security agents in Agentic Defense, Workspace Intelligence enhancements, and cross-cloud data capabilities to accelerate real-world deployment.

🔐 A tip‑line operator that handled anonymous reports for 35,000 U.S. schools suffered a major breach after an attacker exploited an XSS flaw in a LeverTip chat box and stole a staff session cookie via social engineering. The intruder exfiltrated 91 GB (≈8.3M tip records), some dating back decades, and offered the dataset for sale. Separately, Rockstar Games experienced a third‑party compromise that exposed partial data, including internal financial figures. Both incidents underscore failures in basic web hygiene, third‑party controls, and incident transparency.

🔒 Apple released out-of-band updates for iPhone and iPad to address a Notification Services flaw that could leave deleted notifications stored on the device. The bug, tracked as CVE-2026-28950, was patched on April 22, 2026 in iOS 26.4.2, iPadOS 26.4.2, iOS 18.7.8 and iPadOS 18.7.8. Apple says the issue was resolved through improved data redaction but provided no further technical details or confirmation of exploitation. Users are advised to install the updates promptly.

🧑‍💻 Amazon SageMaker Unified Studio now lets data workers create and manage multiple code spaces within a single project for IAM domains. Each space maintains its own persistent Amazon EBS volume and independent compute and storage settings, and can be paused, resumed, or connected to a local IDE while preserving files and session state. This enables parallel workstreams and isolated experiments with tailored runtimes and is available in all Regions where SageMaker Unified Studio is offered.

🔒 A new Mirai-based campaign is actively exploiting CVE-2025-29635, a command-injection RCE that affects D-Link DIR-823X routers, to enlist devices into a botnet. Akamai's SIRT observed the activity in March 2026 and found attackers downloading and executing a shell script that installs a multi-architecture Mirai variant called tuxnokill. The affected DIR-823X line reached end of life in November 2024 and is unlikely to receive a vendor patch. Users are advised to replace EoL devices, disable remote administration, change default passwords, and monitor for configuration changes.

🚀 Amazon has launched EC2 C8i-flex instances in Europe (Ireland, London) and Asia Pacific (New Zealand). Powered by custom Intel Xeon 6 processors exclusive to AWS, C8i-flex deliver up to 15% better price-performance and 2.5x the memory bandwidth versus prior Intel-based instances, and up to 20% higher throughput than C7i-flex. AWS reports workload-specific gains — up to 60% faster NGINX, 40% for deep learning recommendation models, and 35% for Memcached — and offers sizes from large to 16xlarge purchasable via Savings Plans, On-Demand, and Spot.

⚡ Starting today, Amazon EC2 C8i instances are available in Europe (Ireland) and Asia Pacific (New Zealand). Powered by AWS-exclusive custom Intel Xeon 6 processors, C8i delivers up to 15% better price-performance and 2.5x the memory bandwidth versus previous Intel-based instances, and up to 20% higher performance than C7i. AWS reports workload-specific gains — up to 60% faster for NGINX, 40% for deep learning recommendation models, and 35% for Memcached. The family includes 13 sizes (two bare metal and a new 96xlarge) and can be purchased via Savings Plans, On-Demand, or Spot.

🔒 Rapid7 analyzed two Kyber ransomware variants discovered in March 2026 that were deployed on the same network: one targeting VMware ESXi and one targeting Windows file servers. The ESXi build advertises post‑quantum Kyber1024 but instead uses ChaCha8 for file encryption and RSA‑4096 for key wrapping. The Windows variant, written in Rust, implements Kyber1024 and X25519 to protect symmetric keys while using AES‑CTR for bulk file encryption, and includes destructive routines such as service termination, backup deletion and an experimental Hyper‑V shutdown.

🔒 Microsoft released an out-of-band fix after an April 14 .NET update (10.0.6) introduced a critical regression in the ASP.NET Core Data Protection NuGet package (CVE-2026-40372, CVSS 9.1). A bug in the ManagedAuthenticatedEncryptor caused HMAC validation tags to be computed with an incorrect offset, allowing forged cookies and tokens to be treated as valid. Developers should upgrade to 10.0.7, rebuild embedded apps (including Docker images), expire affected cookies and tokens, and rotate protection keys to remove potential forgeries.

🔒 AWS Network Firewall supports expanded managed rule groups from AWS Marketplace partners, allowing rule groups to include up to 10 million domain indicators and 1 million IP addresses. Partners including Infoblox, Lumen, and ThreatSTOP are adding protections for high-risk domains, command-and-control blocking, and sanctions compliance. Managed rules from sellers like Check Point, Fortinet, Rapid7, and Trend Micro provide ready-to-deploy, continuously updated protections and are now available in additional regions.

⚠️ Cybersecurity researchers warn that unknown actors pushed malicious images to the official checkmarx/kics Docker Hub repository, overwriting tags and introducing a non-official release. Socket's analysis shows the bundled KICS binary was modified to collect, encrypt, and exfiltrate uncensored scan reports to an external endpoint, posing a high risk for IaC scans that may include credentials. Related Checkmarx Microsoft Visual Studio Code extensions (versions 1.17.0 and 1.19.0) were also found to contain code that downloads and runs a remote addon via the Bun runtime using a hardcoded GitHub URL without integrity checks. Organizations that used the affected images or extensions should assume exposed secrets are compromised and treat the event as a broader supply chain compromise.

🧩 Amazon SageMaker AI now supports serverless model customization for Qwen3.5, enabling supervised fine-tuning (SFT) and reinforcement fine-tuning (RFT) of 4B, 9B, and 27B parameter models. With serverless customization, SageMaker handles infrastructure provisioning and training orchestration so teams can focus on data, evaluation, and domain adaptation while paying only for consumed resources. This capability is available in US East (N. Virginia), US West (Oregon), Asia Pacific (Tokyo), and EU (Ireland) and can be launched from SageMaker Studio or the SageMaker Python SDK.

🔒 Amazon EC2 now lets you control whether resources provisioned by managed instance offerings appear in console views and API list responses. New managed EC2 instances — provisioned by services such as Amazon EKS, Amazon ECS, AWS Lambda, and Amazon WorkSpaces — are hidden by default to better align with the shared responsibility model. You can adjust visibility settings via the EC2 console or the AWS CLI, affecting views like the EC2 console and describe-instances API results.

🔐 Researchers warn of a self-propagating supply-chain worm that infected multiple npm packages to harvest developer credentials and reuse stolen npm tokens to publish poisoned releases. Tracked as CanisterSprawl by Socket and StepSecurity, the campaign uses malicious postinstall hooks and exfiltrates data to both an HTTPS webhook and an ICP canister. The malware also includes PyPI propagation via a .pth payload that runs on interpreter start; JFrog reported compromised xinference Python packages with a Base64 second-stage collector. Recommended mitigations include restricting token scope, rotating and revoking exposed tokens, avoiding unsafe CI triggers like pull_request_target, and monitoring package publishes and postinstall behavior.

🔧 Amazon Elastic Container Service now includes NVIDIA GPU health monitoring and auto repair for ECS Managed Instances. The capability leverages NVIDIA Data Center GPU Manager (DCGM) to detect critical GPU hardware failures and proactively replace impaired instances to maintain availability for GPU-accelerated container workloads. You can view GPU health via the DescribeContainerInstances API and receive notifications through Amazon EventBridge. Auto repair is enabled by default on supported instances at no additional cost and is available in all AWS Commercial Regions.