Hello, stay ahead with CISO Brief 🚀

Every day the cybersecurity world moves fast — new incidents, evolving AI risks, changing regulations, and critical vendor updates. We cut through the noise to deliver only what matters most for your business and security strategy.

CISO Brief brings you a daily digest of high-signal news: major breaches, hyperscaler security releases, AI and compliance shifts, and the latest threat intelligence — all in one concise update.

Built for CISOs, CTOs, and architects, our goal is to save you time, reduce distraction, and keep you always on pulse with the risks and opportunities that shape tomorrow.

👉 Join our Telegram channel for your daily update — stay informed, stay ready.

Cybersecurity News Digest — Daily Briefings

Latest News

all posts →

May 29, 2026

Fake IPTV Android apps used to deliver malware

🛡️ Cybercriminals are exploiting demand for live sports streaming by distributing fake Android IPTV apps that hide malware. These malicious APKs often mimic legitimate services and load real sites in a built-in browser to avoid suspicion while performing background theft. Researchers observed strains like Massiv and the more advanced Perseus, which abuse Android Accessibility Services to steal banking and crypto credentials. Users in Portugal, Spain, France and Türkiye have been targeted; avoid third-party APKs and keep devices updated.

Malware Infostealer Credential Access

May 29, 2026

Silent Ransom Group Escalates Law Firm Attacks

🔒 The FBI warns that the Silent Ransom Group (SRG), also known as Luna Moth and UNC3753, has increasingly targeted US law firms since 2023 using advanced social engineering. SRG has shifted from phishing and callback tactics to impersonating IT staff via phone and in-person visits to gain remote or physical access. Once inside, actors use legitimate tools like WinSCP or renamed Rclone to exfiltrate data without encrypting systems. The FBI recommends stronger cyber hygiene, phishing-resistant MFA, visitor verification, and limiting remote access and external drive installation on sensitive endpoints.

Ransomware Spear Phishing Data Exfiltration Lateral Movement

May 29, 2026

Chrome rolls out device‑bound session cookie protection

🔒 Google has made the Chrome Device Bound Session Credentials (DBSC) feature generally available and is rolling it out to all users to prevent account takeovers. DBSC, in beta since April 2024, cryptographically binds session cookies to device hardware such as TPM and Secure Enclave, ensuring stolen cookies cannot be reused. The feature will be enabled by default for Google Workspace customers and cannot be disabled by administrators. DBSC aims to block previously exploited techniques that restored or reused expired authentication cookies.

Google

May 29, 2026

Chilling Effects: How Fear Is Reshaping Speech

📰 Chilling effects—the self-censorship and restraint people adopt under threat—are spreading across U.S. campuses and institutions in response to the Trump administration’s punitive tactics. Students, professors, journalists, researchers and cultural organizations report altering speech, research and programming to avoid legal, immigration, and institutional reprisals. The authors argue these effects are intentional, part of a broader strategy that leverages surveillance, uncertainty, and abuse of power to produce conformity and weaken democratic checks.

Security Awareness Human Risk Management

May 29, 2026

Shadow AI and the Rise of Vibe‑Coded Application Risk

🔎 Shadow AI now describes employees building full applications with AI and publishing them without IT or security involvement. Red Access' Shadow Builders report found over 380,000 public assets on vibe‑coding platforms, with more than 2,000 exposing sensitive corporate or personal data. Existing security controls miss these builds because the entire lifecycle — OAuth grants, data movement, and publishing — occurs inside web sessions that traditional tools only partially observe.

SaaS Security AI Application Security OAuth App Abuse

May 29, 2026

CyCOS expands UK SME cyber support ahead of CIISec handover

🛡️ The Cybersecurity Communities of Support (CyCOS) pilot, launched by academics from UK universities, is expanding from two to seven small peer-led communities to help SMEs improve cyber resilience. The program combines webinars, AMAs, an online support platform and shared resources, and will transition operational leadership to the Chartered Institute of Information Security (CIISec). New communities are being founded by volunteer SME facilitators and supported by a Community Toolkit to ensure replicability.

Security Awareness UK GDPR

May 29, 2026

Notepad++ XML flaws allow local arbitrary code execution

🔒 Two High-severity vulnerabilities in Notepad++ (CVE-2026-48778 and CVE-2026-48800, CVSS 7.8) let local attackers run arbitrary commands by tampering with the editor’s XML configuration files. Both issues affected versions up to 8.9.6 and were patched in 8.9.6.1 along with a lower-severity crash bug (CVE-2026-48770). The flaws stem from unvalidated values in shortcuts.xml and config.xml, enabling persistence and stealthy execution if an attacker can write to a user’s AppData or supply a poisoned settings folder.

Remote Code Execution Vulnerability Disclosure Patch Release

May 29, 2026

Malicious NuGet package steals Sicoob banking credentials

🔍 Security researchers found a malicious NuGet package named Sicoob.Sdk that impersonated a C# SDK for Brazil's Sicoob banking APIs and exfiltrated client IDs and PFX certificates. Versions 2.0.0–2.0.4 encoded PFX files and sent them, along with PFX passwords and client IDs, to a hardcoded third‑party Sentry endpoint while also capturing raw Boleto API responses. The package has been blocked by NuGet after responsible disclosure, and organizations are urged to rotate affected credentials and audit logs.

Malware Supply Chain Compromise Data Exfiltration

May 29, 2026

SEC 10-K Cybersecurity Trends and Governance 2025

📝 This article analyzes the new SEC 10-K cybersecurity disclosure section (1.C) across the top 200 S&P companies, summarizing governance, reporting lines, standards, and trends between 2024 and 2025. It highlights that the CISO remains the principal cybersecurity role, with the CIO commonly as the reporting executive and audit committees most frequently overseeing cyber risk. The piece also reviews common practices such as TPRM, proactive testing, human-centric training, AI risks, and the author’s AI-assisted data collection and analysis methods.

SEC Cyber Disclosure Rules GRC AI Governance

May 29, 2026

Chinese-linked Hackers Exploit Middle East Conflict

🔎 ESET warns that China-aligned APT groups have been exploiting the Middle East war to target maritime, energy and political organizations, while continuing global espionage aligned with Beijing’s strategic priorities. The report covers October 2025–March 2026 and highlights activity against Syria, Central and South America, and an attempted intrusion into an AI and robotics firm in South Korea. Russia-aligned actors focused on Ukraine and destructive campaigns, while Iran-aligned activity shifted to proxy and hacktivist actions amid internet disruptions.

China-nexus APT Threat Actor Nation-State Actor

May 29, 2026

Charter Communications breach exposes 4.9M accounts

🔒 The ShinyHunters extortion gang claims to have stolen personal details from 4.9 million Charter Communications accounts after a vishing attack in early April that compromised an employee's Microsoft Entra account. Charter confirmed the incident but says no sensitive PII or CPNI was exfiltrated, while Have I Been Pwned verified leaked records containing names, emails, addresses, phone numbers and some job titles. The group published stolen Salesforce data after a ransom was refused.

ShinyHunters Data Breach Vishing Salesforce

May 29, 2026

Dutch police arrest suspect in Ajax app hack

🔒 Dutch police arrested a 35-year-old suspect in Buren for allegedly accessing Ajax football club IT systems, after vulnerabilities in the official Ajax app exposed supporter data. The breach, initially described as affecting a few hundred fans, may have put around 300,000 registered supporters at risk, including email addresses and ticket information. The flaw also allowed manipulation of the club's ban list, potentially harming innocent people, and Ajax says it has patched the vulnerabilities with external help.

Data Breach Authentication Bypass Breach

May 29, 2026

GDPR’s legacy and the coming AI regulatory battles

📰 Over eight years GDPR set global data-protection norms, notably the 72-hour breach notification standard, but nearly 40% of announced EU fines by value are annulled or under appeal. Experts say large tech firms contesting fines isn’t surprising and that rulings provide practical guidance for compliance teams. As the EU’s AI Act and proposed GDPR reforms arrive, regulators must shore up procedural robustness while organisations adapt governance to evolving AI risks.

GDPR EU AI Act AI Governance AI Compliance

May 29, 2026

Amazon S3 Tables expand to two Asia Pacific regions

🟦 Amazon S3 Tables are now available in the Asia Pacific (Taipei) and Asia Pacific (New Zealand) AWS Regions. S3 Tables provide an object store with built-in Apache Iceberg support, enabling scalable tabular data storage and making data queryable by AWS and third-party engines. They perform continual table maintenance to optimize queries and reduce storage costs, and integrate with the Intelligent-Tiering storage class for automated cost management without operational overhead.

AWS S3 AWS Product Update

May 29, 2026

IBM and Red Hat Launch Project Lightwell Security Clearinghouse

🔐 IBM and Red Hat announced Project Lightwell, a $5 billion initiative backed by 20,000 engineers to create an AI-powered enterprise clearinghouse for discovering and remediating open source vulnerabilities. Initially focused on Java/Maven and designed with 11 financial partners, the service will backport validated fixes into deployed dependency versions without requiring upgrades. The project emphasizes a secure intermediary model for embargoed disclosures, aims to return fixes upstream to communities, and will be offered as a commercial subscription.

IBM Red Hat Supply Chain Vulnerability Vulnerability Management

May 29, 2026

Unpatched critical Gogs vulnerability highlights open-source risks

🔒 A critical argument-injection vulnerability in the self-hosted Git service Gogs allows any authenticated user to execute code remotely by submitting a pull request with a malicious branch name. Discovered by a Rapid7 researcher, the flaw remains unpatched after months and the Gogs maintainer did not respond to disclosure requests. Rapid7 warns default configurations permit easy account and repo creation, enabling exploitation without admin privileges. Organizations using Gogs should restrict network access and disable self-registration until a fix is available.

Rapid7 Active Exploitation

May 29, 2026

Anthropic to Roll Out Mythos-Class Models Publicly

🤖 Anthropic confirmed plans to release its Mythos-class AI models to the general public after previously restricting access because of security risks to public and private software. Initially available only to select organizations and researchers, Mythos was held back while Anthropic developed stronger safeguards. The company says it’s making swift progress and expects to offer Mythos-class models to customers in the coming weeks, noting significant gains in code reasoning and autonomy over its Opus 4.8 flagship.

Anthropic Claude AI Safety

May 28, 2026

Migrating to Transit Gateway‑Attached AWS Network Firewall

🔐 This post explains AWS Network Firewall's new native attachment to Transit Gateway and how it replaces the traditional inspection VPC model. It outlines benefits such as simplified architecture, centralized control, and flexible cost allocation via Transit Gateway metering policies. The article summarizes preparation steps, two common centralized architectures, a phased migration approach, and best practices for testing, rollback, and preserving NAT Elastic IPs.

AWS Network Security Infrastructure Security