Hello, stay ahead with CISO Brief 🚀

🤖 Agents can now provision Cloudflare resources and complete billing through Stripe Projects, enabling end-to-end deployment without manual dashboard steps. Using a co-designed protocol, an agent can discover available services, create or link a Cloudflare account, and receive API credentials to deploy code and register domains. Stripe supplies a payment token (not raw card data) with a default $100/month cap, and human approval can be requested when needed. Any platform with signed-in users can adopt the same orchestration flow.

🔎 Europol announced arrests and seizures after a two‑year probe into professionalised Albanian scam call centres that ran an investment fraud operation estimated to have cost victims at least €50m. Authorities arrested 10 suspects and searched three call centres and nine homes, seizing nearly €900,000, 443 computers, 238 mobile phones and multiple storage devices. Victims were lured via misleading ads and pressured by retention agents posing as investment advisors.

🔒 A supply-chain campaign dubbed "mini Shai-Hulud" infected SAP-related npm packages in late April, inserting install-time malware that harvested developer credentials, GitHub and npm tokens, GitHub Actions secrets, and cloud credentials across AWS, Azure, GCP and Kubernetes. Researchers identified affected packages including mbt@1.2.48 and several @cap-js modules. The malicious releases were later replaced with safe versions.

🔒 Security researchers Xint.io and Theori disclosed a high-severity Linux local privilege escalation tracked as CVE-2026-31431 and dubbed Copy Fail, which lets an unprivileged user write four controlled bytes into the page cache of any readable file to gain root. The defect stems from a logic flaw in the kernel cryptographic algif_aead module introduced in 2017. A compact 732‑byte Python exploit can inject shellcode into a setuid binary such as /usr/bin/su and spawn a root shell, and major distributions have issued advisories.

🛡️ Marsh's 2026 People Risks report, compiled from interviews with over 4,500 HR and risk professionals across 26 markets, finds cyber-threat literacy is the top global people risk, with technological change, tech skills shortages and AI-related mindset barriers also ranking highly. The report highlights mishandling of data and low employee security awareness as persistent threats that can increase exposure to breaches and reputational damage. Marsh recommends reframing cyber risk to cover OT, HR and third-party systems, recruiting cyber talent, building a cyber-centric culture, reducing fatigue, and ensuring human oversight with robust governance and insurance cover.

⚖️ Re-permissioning aligns AI agents' access with clear operational needs so they execute tasks safely rather than accumulate unnecessary powers that enable unauthorized actions. As agents evolve from responders into execution engines, interoperability standards like MCP and agent-to-agent flows expand reach but also multiply where things can go wrong. Organizations should enforce continuous permission audits, mandatory human-in-the-loop checks for sensitive operations, strict least-privilege context sharing, and vet integrations, libraries and third parties while running tabletop prompt-injection exercises to validate controls and prevent data exposure or integrity-impacting changes.

🔍 The ODNI’s 2026 Annual Threat Assessment pivots from long-term, global forecasting to active operational reporting and a homeland-centric focus. This shift de-emphasizes detailed tracking of state-led infrastructure campaigns and named operations, leaving gaps in visibility on pre-positioned access. CISOs and CROs are urged to fund a resilience premium and prioritize identity, infrastructure continuity, algorithmic defense, and intelligence integration.

🚨 US Marines stationed near the Persian Gulf reported receiving chilling WhatsApp messages beginning Monday that urged them to call home and make final goodbyes. The messages were signed by the Iran-linked Handala hacking group and allegedly originated from a Bahraini phone number that was likely spoofed or hijacked. A day later, Handala posted that it had published names and phone numbers of 2,379 Marines and boasted of possessing addresses, family details and daily routines. While authorities caution that such claims may rely on scraped or recycled data rather than a fresh breach, the campaign’s intent to intimidate service members is clear.

🔒 Google patched a maximum-severity remote code execution vulnerability in @google/gemini-cli and the google-github-actions/run-gemini-cli workflow that could allow attackers to run arbitrary commands on host systems. Novee Security reported the flaw, which carries a CVSS score of 10.0, and Google says the impact is limited to headless CI usage where workspace folders were auto-trusted. Affected versions include @google/gemini-cli prior to 0.39.1 (and preview releases) and run-gemini-cli prior to 0.1.22; users should update to the patched releases, explicitly set GEMINI_TRUST_WORKSPACE when inputs are trusted, or follow Google’s hardening guidance for untrusted inputs. Google also tightened allowlisting checks for --yolo mode to prevent auto-approved tool calls from bypassing restrictions.

🧩 Researchers at SentinelOne uncovered a modular malware framework compiled in 2005 that targeted engineering modeling software by corrupting high‑precision floating‑point arithmetic. The framework uses an embedded Lua VM inside a malicious service loader (svcmgmt.exe) and includes a kernel rootkit, fast16.sys, which applies 101 pattern rules to modify infected executables. The implant appears crafted for strategic sabotage, selectively altering simulation outputs and spreading across network shares to compromise multiple workstations.

🔒 A developer at an AI startup downloaded a dubious Roblox script onto a work laptop, a single error that cascaded into a costly breach and caused roughly $2 million in remediation. The episode also highlights the long-standing SS7 telecom weakness that enables pervasive mobile tracking and interception. Host Graham Cluley and guest James Ball interview Rob Edmondson of CoreView about how to lock down Microsoft 365 before misconfigurations are exploited.

🔒 Multiple official SAP npm packages were recently compromised in a supply-chain operation that installs a malicious preinstall script during package installation. The script downloads the Bun runtime and executes an obfuscated payload that harvests a wide range of secrets — including npm and GitHub tokens, SSH keys, cloud credentials, Kubernetes configs, and CI/CD environment variables — and exfiltrates them to public GitHub repositories. Researchers attribute the campaign with medium confidence to TeamPCP and warn it includes self-propagation logic to modify other packages using stolen credentials.

🛡️ The Quick Page/Post Redirect WordPress plugin, installed on more than 70,000 sites, contained a hidden backdoor introduced through a malicious self-update mechanism in versions 5.2.1 and 5.2.2. Researcher Austin Ginder discovered the issue after multiple infections on his Anchor hosting fleet led to a security alert; WordPress.org has temporarily pulled the plugin pending review. A tampered 5.2.3 build, delivered from an external anadnet[.]com server, added a passive backdoor that only triggers for logged-out users and appears to have been used for cloaked SEO spam. Impacted sites should uninstall the plugin and replace it with a clean copy of version 5.2.4 from WordPress.org when it is available.

🚨 Researchers at Snyk warn that two authentication-bypass bugs in the open-source Qinglong task scheduler (affecting versions ≤2.20.1) have been chained to achieve remote code execution. The issues — CVE-2026-3965 and CVE-2026-4047 — stem from middleware authorization mismatches with Express.js routing, enabling unauthenticated access to admin endpoints. Active exploitation since early February has resulted in cryptominer deployments that run as a hidden '.fullgc' process and pull multiple binary variants from an external host. Users should apply the patched release and verify middleware authentication enforcement immediately.

🚀 Amazon RDS for MySQL now supports the community MySQL 9.6 Innovation Release in the Amazon RDS Database Preview Environment. You can deploy MySQL 9.6 as fully managed Single‑AZ or Multi‑AZ instances on the latest-generation instance classes to evaluate new features, bug fixes, and security patches. Preview instances are retained for a maximum of 60 days and snapshots created there can only be used within the Preview Environment. Pricing for preview instances aligns with production RDS in the US East (Ohio) Region.

🛡️ This article outlines AWS guidance for integrating trust, safety, and responsible-AI practices into applications built on Amazon Bedrock. It defines core responsible AI dimensions—such as safety, controllability, fairness, explainability, security and privacy, robustness, governance, and transparency—and maps them to lifecycle stages: design, deployment, and operations. It recommends observability and guardrail tools like Amazon CloudWatch and Bedrock Guardrails for monitoring, abuse detection, configurable content filters, and hallucination controls, and describes an abuse response process for coordination with AWS Trust & Safety.

🚨 Ukrainian police arrested three individuals accused of hacking and selling over 610,000 Roblox accounts, reportedly generating about $225,000 in proceeds. The Lviv authorities executed ten searches, seizing $35,000 in cash and multiple devices including 37 mobile phones, 11 desktop PCs, seven laptops, five tablets, and four USB drives. Prosecutors say the suspects — aged 19, 21, and 22 — used info‑stealing malware disguised as a game-enhancer, harvested credentials, categorized accounts by value, and sold high‑value profiles via a Russian website and closed online communities.

🚀 Amazon DocumentDB (with MongoDB compatibility) is now available in the Canada West (Calgary) region. This fully managed, native JSON database delivers automatic storage scaling up to 128TiB, support for up to 15 low‑latency read replicas, and native integrations with AWS services such as AWS DMS, Amazon CloudWatch, AWS CloudTrail, AWS Lambda, and AWS Backup. You can create clusters via the AWS Management Console, CLI, or SDK to support mission‑critical document workloads at scale.