Hello, stay ahead with CISO Brief 🚀

⚠️ A fake Claude website pushed a 505MB archive named 'Claude-Pro-windows-x64.zip' that installs a trojanized MSI and drops three Startup files: NOVupdate.exe, NOVupdate.exe.dat, and avk.dll. Sophos and Malwarebytes analysis shows the signed G Data updater is abused to sideload avk.dll and an encrypted payload, which decrypts an in-memory DonutLoader that deploys the new Beagle backdoor. Beagle runs in memory, communicates with C2 at license.claude-pro[.]com (8.217.190[.]58) over TCP/443 or UDP/8080 using a hardcoded AES key, and supports basic file and command operations.

🛡️ Disc Soft has confirmed that certain Daemon Tools Lite installers were Trojanized and released in a compromised build (version 12.5.1) after unauthorized interference in its build environment. The company released a malware-free update, Version 12.6, within 12 hours of notification and says the incident is contained. Users who installed the impacted release are advised to uninstall the application, run a full system scan with trusted security software, and reinstall only the verified package from the official site.

🛡️ Kaspersky researchers found three malicious PyPI wheel packages — uuid32-utils, colorinal and termncolor — that covertly delivered a new malware family named ZiChatBot to Windows and Linux hosts. The packages drop platform-specific loaders (terminate.dll or terminate.so) that persist via a Registry autorun entry or a crontab and act as droppers for the main payload. ZiChatBot uses public Zulip REST APIs as its command-and-control channel, executes shellcode received from the service, and signals success by sending a heart emoji. The packages were uploaded in July 2025 and have been removed; organizations should audit dependencies, verify build environments, and monitor the published indicators.

🔍 Security leaders must translate technical risk into clear business decisions to gain board support. Boards want concise, data-driven briefings that link exposures to financial impact, operational disruption and regulatory consequences rather than technical status updates. The most effective conversations prioritize a few high-impact issues, explain trade-offs and show exactly where resources will measurably reduce loss.

⚠️ Cofense warns that low-skilled threat actors are increasingly abusing Vercel's v0.dev GenAI tools to generate convincing phishing pages with minimal effort. Attackers can prototype for free, purchase tokens to build pages, and use Vercel hosting—its pro tier is roughly $20/month—to deploy and tear down sites quickly. Integrations with services like Telegram, AWS, Stripe and xAI further simplify operations. Cofense advises security teams to verify sender domains, watch for urgency cues and report malicious Vercel sites for takedown.

🔒 Ten years after the EU adopted the General Data Protection Regulation (GDPR), experts say it fundamentally reshaped corporate privacy culture but left important gaps. Analysts credit the GDPR with embedding privacy into daily operations, raising standards, and creating accountability by forcing organizations to know and document their processing. Yet enforcement inconsistencies, international transfer disputes, widespread consent fatigue and the rise of generative AI expose legal and practical tensions that require clarification and coordination with newer digital rules.

⚠️ Multiple critical vulnerabilities have been disclosed in the vm2 Node.js library that allow untrusted code to break out of sandboxes and execute arbitrary host commands. The defects include numerous sandbox escapes, code injection vectors, and an allowlist bypass, with several issues rated CVSS 9.8–10.0. Affected releases span multiple 3.9.x–3.11.x builds; maintainers recommend upgrading to v3.11.2 and auditing any vm2-based sandbox deployments. The project lead has acknowledged that further bypasses are likely as research continues.

🔒 The Center for AI Standards and Innovation (CAISI), part of the Department of Commerce’s NIST, has secured agreements with Google DeepMind, Microsoft, and xAI to conduct pre-deployment evaluations and targeted research on frontier AI models. These accords expand an existing program that already includes Anthropic and OpenAI and are intended to provide vendors with safety feedback before public release. Microsoft described the partnerships as essential to building trust in advanced systems, while CAISI emphasized continuous evaluation to advance AI security and standards.

🔒 Unit 42 details exploitation of a buffer overflow vulnerability (CVE-2026-0300) in the PAN-OS User-ID Authentication Portal that permits unauthenticated remote code execution as root on affected PA‑Series and VM‑Series firewalls. Observed adversary activity included shellcode injection into an nginx worker, rapid log and evidence cleanup, and deployment of tunneling tools such as EarthWorm and ReverseSocks5. Immediate mitigations are to restrict or disable the portal, apply vendor guidance, and enable available threat signatures and protections.

🔍 Meta’s smart glasses were found to upload audio and video to contractors in Nairobi for human labelling, prompting the dismissal of 1,108 workers after whistleblowers exposed the practice. The episode contrasts that privacy failure with a measured analysis of the Linux Copy Fail privilege‑escalation issue and an experiment by Jake Moore demonstrating how a convincing deepfake passed a remote job interview. Practical takeaways include patching kernels promptly, strengthening hiring verification, and demanding clearer vendor transparency.

🔒 A phishing campaign abused Google sponsored search results to deliver a live adversary-in-the-middle (AitM) proxy that mimics ManageWP's sign-in page, placing the fake result above the legitimate one for the "managewp" query. Any credentials entered are exfiltrated to a Telegram channel and used in real time to bypass 2FA. Guardio Labs infiltrated the attackers' C2, observed an operator-driven phishing framework, and confirmed around 200 unique victims.

🔧 AWS announced that AWS Site-to-Site VPN now supports modifying tunnel bandwidth on existing VPN connections, enabling customers to switch between standard (up to 1.25 Gbps) and large (up to 5 Gbps) tunnel sizes without recreating connections. The upgrade preserves tunnel IP addresses, CIDR blocks, pre-shared keys, and all configuration settings, removing the need to update on-premises VPN devices or firewall rules. This capability is available across a broad set of AWS Regions to simplify bandwidth scaling for hybrid and multi-site deployments.

🛡️ Hunt.io has uncovered a Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge (ADB) to conscript them into DDoS campaigns. The malware supports 21 flood variants across TCP, UDP, and raw protocols and is offered as a DDoS-for-hire service aimed at game servers and Minecraft hosts. It targets devices with ADB enabled by default—such as Android TV boxes, set-top boxes, smart TVs—and includes multi-architecture binaries for routers and IoT hardware. The bot probes device bandwidth to tier victims and uses a "killer" subsystem to evict competing malware.

🔒 AWS published a practical compliance guide, ISO/IEC 42001:2023 on AWS, to help organizations design and operate an Artificial Intelligence Management System (AIMS) using AWS services. The guide maps ISO 42001 clauses 4–10 and the Annex A controls to AWS services and architectural patterns, and it explains scoping, shared responsibility, and audit readiness. It highlights automation, evidence collection, monitoring, and responsible AI features to reduce effort in preparing for certification.

🚀 Amazon Web Services announced that Amazon EC2 P6-B300 instances are now available in the US East (N. Virginia) Region. The p6-b300.48xlarge ships with 8x NVIDIA Blackwell Ultra GPUs, 2.1 TB high-bandwidth GPU memory, 6.4 Tbps EFA networking, 300 Gbps ENA throughput and 4 TB system memory. Compared with P6-B200, P6-B300 delivers 2x networking bandwidth and 1.5x GPU memory and TFLOPS (FP4, without sparsity), making it suited for training and serving large trillion-parameter foundation models and LLMs with improved token throughput and faster distributed training.

🚨 A critical vulnerability in the Node.js sandbox library vm2 (CVE-2026-26956) can be exploited to escape the sandbox and execute arbitrary code on the host. The issue has been confirmed in vm2 3.10.4 on Node.js 25 (tested on 25.6.1) when WebAssembly exception handling and JSTag support are enabled. A proof-of-concept exploit is public; users should upgrade to vm2 3.10.5 or later (latest 3.11.2) immediately.

⚠️ Cisco released patches for a high-severity denial-of-service vulnerability (CVE-2026-20188) affecting Crosswork Network Controller (CNC) and Network Services Orchestrator (NSO). The issue stems from inadequate rate limiting on incoming connections and can be exploited remotely by unauthenticated actors to exhaust connection resources and crash systems. Affected releases include CNC 7.1 and earlier and NSO 6.3 and earlier; fixed releases and mitigations are detailed in Cisco's advisory. Cisco's PSIRT says it is not aware of active exploitation but strongly urges customers to upgrade to patched software to avoid manual reboots and service disruption.

🛒 AWS Marketplace announces the Agreements API, enabling programmatic procurement and agreement management for Marketplace products. With this API you can generate estimates, accept offers, track charges and entitlements, update purchase orders, and manage agreements within your existing tools and workflows. Combined with the Discovery API, it supports an end-to-end procurement journey from product discovery to purchase and allows partners to build custom storefronts. The Agreements API is available in the US East (N. Virginia) Region; get started by configuring AWS Identity and Access Management permissions and calling the API via the AWS SDK.