< ciso
brief />
Telegram

Hello, stay ahead with CISO Brief 🚀

Every day the cybersecurity world moves fast — new incidents, evolving AI risks, changing regulations, and critical vendor updates. We cut through the noise to deliver only what matters most for your business and security strategy.

CISO Brief brings you a daily digest of high-signal news: major breaches, hyperscaler security releases, AI and compliance shifts, and the latest threat intelligence — all in one concise update.

Built for CISOs, CTOs, and architects, our goal is to save you time, reduce distraction, and keep you always on pulse with the risks and opportunities that shape tomorrow.

👉 Join our Telegram channel for your daily update — stay informed, stay ready.

Cybersecurity News Digest — Daily Briefings

Latest News

all posts →

Swiss team claims certifiable perfect randomness

🔬 Researchers at ETH Zurich report creating a device that generates provably perfect random numbers using two superconducting qubits, a 30-meter microwave guide, and specialized software. The setup leverages quantum entanglement and an amplification algorithm to remove bias common in classical and many quantum sources. The team says the output can be certified and could serve cryptographic key generation or public randomness services.
Post-Quantum CryptographyResearch
read more →

DDoS-as-a-Service: Evolution of a Paid Market

🔍 DDoS attacks are increasingly packaged and sold as polished online services, lowering barriers for would-be attackers and reshaping the underground market. Flare researchers compared DDoS-related underground activity from early 2023 and early 2026, finding a marked rise in service ads, actors, and professionalized offerings. Ads now emphasize panels, APIs, botnet backing, pricing tiers, and reseller programs, while public mitigations report multi-terabit attacks. The market’s shift toward productized services means defenders must assume easier access to disruptive capabilities.
DDoSThreat ReportCybercriminal
read more →

Fake IPTV Android apps used to deliver malware

🛡️ Cybercriminals are exploiting demand for live sports streaming by distributing fake Android IPTV apps that hide malware. These malicious APKs often mimic legitimate services and load real sites in a built-in browser to avoid suspicion while performing background theft. Researchers observed strains like Massiv and the more advanced Perseus, which abuse Android Accessibility Services to steal banking and crypto credentials. Users in Portugal, Spain, France and Türkiye have been targeted; avoid third-party APKs and keep devices updated.
MalwareInfostealerCredential Access
read more →

Silent Ransom Group Escalates Law Firm Attacks

🔒 The FBI warns that the Silent Ransom Group (SRG), also known as Luna Moth and UNC3753, has increasingly targeted US law firms since 2023 using advanced social engineering. SRG has shifted from phishing and callback tactics to impersonating IT staff via phone and in-person visits to gain remote or physical access. Once inside, actors use legitimate tools like WinSCP or renamed Rclone to exfiltrate data without encrypting systems. The FBI recommends stronger cyber hygiene, phishing-resistant MFA, visitor verification, and limiting remote access and external drive installation on sensitive endpoints.
RansomwareSpear PhishingData ExfiltrationLateral Movement
read more →

Chrome rolls out device‑bound session cookie protection

🔒 Google has made the Chrome Device Bound Session Credentials (DBSC) feature generally available and is rolling it out to all users to prevent account takeovers. DBSC, in beta since April 2024, cryptographically binds session cookies to device hardware such as TPM and Secure Enclave, ensuring stolen cookies cannot be reused. The feature will be enabled by default for Google Workspace customers and cannot be disabled by administrators. DBSC aims to block previously exploited techniques that restored or reused expired authentication cookies.
Google
read more →

Chilling Effects: How Fear Is Reshaping Speech

📰 Chilling effects—the self-censorship and restraint people adopt under threat—are spreading across U.S. campuses and institutions in response to the Trump administration’s punitive tactics. Students, professors, journalists, researchers and cultural organizations report altering speech, research and programming to avoid legal, immigration, and institutional reprisals. The authors argue these effects are intentional, part of a broader strategy that leverages surveillance, uncertainty, and abuse of power to produce conformity and weaken democratic checks.
Security AwarenessHuman Risk Management
read more →

Shadow AI and the Rise of Vibe‑Coded Application Risk

🔎 Shadow AI now describes employees building full applications with AI and publishing them without IT or security involvement. Red Access' Shadow Builders report found over 380,000 public assets on vibe‑coding platforms, with more than 2,000 exposing sensitive corporate or personal data. Existing security controls miss these builds because the entire lifecycle — OAuth grants, data movement, and publishing — occurs inside web sessions that traditional tools only partially observe.
SaaS SecurityAI Application SecurityOAuth App Abuse
read more →

CyCOS expands UK SME cyber support ahead of CIISec handover

🛡️ The Cybersecurity Communities of Support (CyCOS) pilot, launched by academics from UK universities, is expanding from two to seven small peer-led communities to help SMEs improve cyber resilience. The program combines webinars, AMAs, an online support platform and shared resources, and will transition operational leadership to the Chartered Institute of Information Security (CIISec). New communities are being founded by volunteer SME facilitators and supported by a Community Toolkit to ensure replicability.
Security AwarenessUK GDPR
read more →

Notepad++ XML flaws allow local arbitrary code execution

🔒 Two High-severity vulnerabilities in Notepad++ (CVE-2026-48778 and CVE-2026-48800, CVSS 7.8) let local attackers run arbitrary commands by tampering with the editor’s XML configuration files. Both issues affected versions up to 8.9.6 and were patched in 8.9.6.1 along with a lower-severity crash bug (CVE-2026-48770). The flaws stem from unvalidated values in shortcuts.xml and config.xml, enabling persistence and stealthy execution if an attacker can write to a user’s AppData or supply a poisoned settings folder.
Remote Code ExecutionVulnerability DisclosurePatch Release
read more →

Malicious NuGet package steals Sicoob banking credentials

🔍 Security researchers found a malicious NuGet package named Sicoob.Sdk that impersonated a C# SDK for Brazil's Sicoob banking APIs and exfiltrated client IDs and PFX certificates. Versions 2.0.0–2.0.4 encoded PFX files and sent them, along with PFX passwords and client IDs, to a hardcoded third‑party Sentry endpoint while also capturing raw Boleto API responses. The package has been blocked by NuGet after responsible disclosure, and organizations are urged to rotate affected credentials and audit logs.
MalwareSupply Chain CompromiseData Exfiltration
read more →

SEC 10-K Cybersecurity Trends and Governance 2025

📝 This article analyzes the new SEC 10-K cybersecurity disclosure section (1.C) across the top 200 S&P companies, summarizing governance, reporting lines, standards, and trends between 2024 and 2025. It highlights that the CISO remains the principal cybersecurity role, with the CIO commonly as the reporting executive and audit committees most frequently overseeing cyber risk. The piece also reviews common practices such as TPRM, proactive testing, human-centric training, AI risks, and the author’s AI-assisted data collection and analysis methods.
SEC Cyber Disclosure RulesGRCAI Governance
read more →

Chinese-linked Hackers Exploit Middle East Conflict

🔎 ESET warns that China-aligned APT groups have been exploiting the Middle East war to target maritime, energy and political organizations, while continuing global espionage aligned with Beijing’s strategic priorities. The report covers October 2025–March 2026 and highlights activity against Syria, Central and South America, and an attempted intrusion into an AI and robotics firm in South Korea. Russia-aligned actors focused on Ukraine and destructive campaigns, while Iran-aligned activity shifted to proxy and hacktivist actions amid internet disruptions.
China-nexusAPTThreat ActorNation-State Actor
read more →

Charter Communications breach exposes 4.9M accounts

🔒 The ShinyHunters extortion gang claims to have stolen personal details from 4.9 million Charter Communications accounts after a vishing attack in early April that compromised an employee's Microsoft Entra account. Charter confirmed the incident but says no sensitive PII or CPNI was exfiltrated, while Have I Been Pwned verified leaked records containing names, emails, addresses, phone numbers and some job titles. The group published stolen Salesforce data after a ransom was refused.
ShinyHuntersData BreachVishingSalesforce
read more →

Dutch police arrest suspect in Ajax app hack

🔒 Dutch police arrested a 35-year-old suspect in Buren for allegedly accessing Ajax football club IT systems, after vulnerabilities in the official Ajax app exposed supporter data. The breach, initially described as affecting a few hundred fans, may have put around 300,000 registered supporters at risk, including email addresses and ticket information. The flaw also allowed manipulation of the club's ban list, potentially harming innocent people, and Ajax says it has patched the vulnerabilities with external help.
Data BreachAuthentication BypassBreach
read more →

Palo Alto Networks Unifies AI Gateway for Agents

🔒 Palo Alto Networks has completed its acquisition of Portkey and will integrate Portkey’s AI Gateway into Prisma AIRS to provide a centralized control plane that secures and governs AI agents at scale. The integrated Prisma AIRS AI Gateway will offer unified APIs, an agent registry, semantic routing, artifact scanning, automated red teaming and runtime security to identify, authenticate and authorize agent interactions in real time. This aims to give enterprises a single enforcement point to manage agent identity, least-privilege access and consistent policies across autonomous workloads.
Palo Alto NetworksAgent SecurityAgentic AI
read more →

GDPR’s legacy and the coming AI regulatory battles

📰 Over eight years GDPR set global data-protection norms, notably the 72-hour breach notification standard, but nearly 40% of announced EU fines by value are annulled or under appeal. Experts say large tech firms contesting fines isn’t surprising and that rulings provide practical guidance for compliance teams. As the EU’s AI Act and proposed GDPR reforms arrive, regulators must shore up procedural robustness while organisations adapt governance to evolving AI risks.
GDPREU AI ActAI GovernanceAI Compliance
read more →

Amazon S3 Tables expand to two Asia Pacific regions

🟦 Amazon S3 Tables are now available in the Asia Pacific (Taipei) and Asia Pacific (New Zealand) AWS Regions. S3 Tables provide an object store with built-in Apache Iceberg support, enabling scalable tabular data storage and making data queryable by AWS and third-party engines. They perform continual table maintenance to optimize queries and reduce storage costs, and integrate with the Intelligent-Tiering storage class for automated cost management without operational overhead.
AWS S3AWSProduct Update
read more →

IBM and Red Hat Launch Project Lightwell Security Clearinghouse

🔐 IBM and Red Hat announced Project Lightwell, a $5 billion initiative backed by 20,000 engineers to create an AI-powered enterprise clearinghouse for discovering and remediating open source vulnerabilities. Initially focused on Java/Maven and designed with 11 financial partners, the service will backport validated fixes into deployed dependency versions without requiring upgrades. The project emphasizes a secure intermediary model for embargoed disclosures, aims to return fixes upstream to communities, and will be offered as a commercial subscription.
IBMRed HatSupply Chain VulnerabilityVulnerability Management
read more →