< ciso
brief />

Hello, stay ahead with CISO Brief ๐Ÿš€

Every day the cybersecurity world moves fast โ€” new incidents, evolving AI risks, changing regulations, and critical vendor updates. We cut through the noise to deliver only what matters most for your business and security strategy.

CISO Brief brings you a daily digest of high-signal news: major breaches, hyperscaler security releases, AI and compliance shifts, and the latest threat intelligence โ€” all in one concise update.

Built for CISOs, CTOs, and architects, our goal is to save you time, reduce distraction, and keep you always on pulse with the risks and opportunities that shape tomorrow.

๐Ÿ‘‰ Join our Telegram channel for your daily update โ€” stay informed, stay ready.

Cybersecurity News Digest โ€” Daily Briefings

U.S. Orders Anthropic to Suspend Claude Fable 5 Access

๐Ÿ”’ Anthropic said it will "abruptly disable" its latest models, Claude Fable 5 and Mythos 5, for all users after receiving a U.S. government directive to suspend access for foreign nationals due to national security concerns. The company said it believes the order reflects a "misunderstanding" and is working to restore access while noting other models remain available. Anthropic said a demonstrated narrow jailbreak identified minor, publicly discoverable vulnerabilities, and emphasized its safety classifiers and guardrails to limit misuse. The move follows findings that Mythos-class models can rapidly convert disclosed software flaws into working exploits, raising concerns about fast weaponization of vulnerabilities.
read more โ†’

New macOS Biome App.MenuItem Artifact Discovered

๐Ÿ”Ž This report details the discovery of a new macOS Tahoe 26 Biome stream, App.MenuItem, which records specific menu selections made by users across the OS. It explains the artifact's location at ~/Library/Biome/streams/restricted/App.MenuItem/local, the SEGB-encapsulated protobuf format, and recommended processing steps using ccl-segb. The article highlights how the stream reconstructs user intent and workflow, and notes limitations when menu text is non-descriptive.
read more โ†’

Amazon Lightsail expands into three new AWS Regions

๐Ÿš€ Starting today, Amazon Lightsail is available in three additional AWS Regions: Asia Pacific (Hong Kong), South America (Sรฃo Paulo), and Europe (Spain). This expansion delivers lower latency and improved performance for customers in these geographies while supporting local data residency requirements. The new Regions provide access to Lightsail's full feature set, including instances (general purpose, compute-optimized, memory-optimized), managed databases, container services, and load balancers with predictable pricing.
read more โ†’

Maine Shuts Public Breach Portal After Hoax Filings

๐Ÿ”’ Maine has taken its public data breach reporting portal offline after fraudulent disclosures impersonating Discord and VRChat were published. The Attorney General's Office confirmed the reports were hoaxes and removed them, stating there is no evidence of actual breaches by the named companies. Public access to the database is temporarily disabled while the office reviews procedures; companies may still submit notices but the public must request disclosures directly.
read more โ†’

phpBB fixes decade-old authentication bypass

๐Ÿ”’ Researchers discovered a 10-year-old authentication bypass in phpBB that allows logging in as any user, including administrators. The flaw affects versions 4.0.0-a2 and 3.3.16 and below and can be exploited with a single HTTP request on default configurations. Aikido reported the issue on June 2 and phpBB patched it in version 3.3.17 on June 6; 4.x users must await a safe release.
read more โ†’

China-linked hackers backdoor Linux login components

๐Ÿ”’Sygnia reports a China-nexus group, tracked as Velvet Ant, backdoored Linux login components including PAM and OpenSSH, embedding long-term access where routine cleanup would not reach. The actor altered trusted login programs to capture credentials, record sessions, or allow secret logins, with traces dating back to 2016. Isolation was bypassed by staging through internet-facing systems and bridging into air-gapped segments.
read more โ†’

Check Point expands Claude compliance coverage

๐Ÿ”’ Check Point now integrates its Workforce AI governance with Claudeโ€™s Compliance API to close substantial visibility gaps in enterprise AI usage. The integration provides continuous, audit-grade records across web, desktop, and mobile surfaces, addressing a critical mobile blind spot that proxies, CASBs, and endpoint DLP cannot cover. It combines content-level exposure analysis, per-user adoption analytics, and unified policy enforcement to enable secure, frictionless AI adoption across the organization.
read more โ†’

SageMaker Adds Serverless Fine-Tuning for Nemotron 3

๐Ÿš€ Amazon SageMaker AI now supports serverless customization for Nvidia Nemotron 3 Nano via supervised fine-tuning (SFT) and reinforcement fine-tuning (RFT). This open-weight 30B-parameter model can be deployed and adapted to specific domains and workflows directly within SageMaker. Serverless customization handles infrastructure and training orchestration, enabling teams to focus on data and evaluation while paying only for usage. The feature is available in US East (N. Virginia), US West (Oregon), Asia Pacific (Tokyo), and Europe (Ireland), and can be launched from SageMaker Studio or via the SageMaker Python SDK.
read more โ†’

Short lapse in Section 702 surveillance affects US monitoring

๐Ÿ” Congress failed to extend Section 702 of the Foreign Intelligence Surveillance Act, creating a short pause in warrantless monitoring of foreign communications. The extension vote was rejected, leaving surveillance put on hold until the next possible vote on June 28, and creating uncertainty about immediate intelligence collection practices. CISOs should note potential impacts on cross-border communications and legal challenges ahead.
read more โ†’

AWS launches EC2 I7i storage-optimized instances in Paris

โš™๏ธ AWS has launched Storage optimized Amazon EC2 I7i instances in the Europe (Paris) region, powered by 5th Gen Intel Xeon processors and 3rd generation AWS Nitro SSDs. These instances deliver up to 23% better compute performance and over 10% improved price performance versus I4i, with up to 45TB NVMe storage and significant reductions in storage I/O latency and variability. I7i supports torn write prevention up to 16KB and comes in eleven sizes, including bare metal options, with up to 100Gbps network and 60Gbps EBS bandwidth.
read more โ†’

French governmentโ€™s Tchap messaging breach disclosed

๐Ÿ”’ The French governmentโ€™s secure messaging platform, Tchap, was breached after an intruder took over a user account, according to DINUM. The agency blocked the compromised access and is investigating the extent of exposed information. While encryption was not broken, public chat rooms are unencrypted and the intruder reportedly accessed thousands of messages and files. DINUM reminded users that public rooms are visible to any account and should not contain sensitive content.
read more โ†’

Fortinet and MITRE CTID Strengthen Threat-Informed Defense

๐Ÿ” Fortinet highlights its role as a research partner with the MITRE Center for Threat-Informed Defense (CTID), contributing threat intelligence, operational expertise, and research to practical R&D projects. The CTID impact report (2019โ€“2025) demonstrates collaborative efforts to map adversary behavior to detection, controls, and cloud security. Fortinetโ€™s contributions focus on operationalizing ATT&CK-based frameworks, improving detection quality, and advancing program maturity across cloud, identity, and AI-driven workflows.
read more โ†’

EC2 Capacity Blocks for ML now in AWS GovCloud

๐Ÿ”’ Amazon EC2 Capacity Blocks for ML is now available in AWS GovCloud (US-West) and AWS GovCloud (US-East), enabling government and regulated-industry customers to reserve GPU capacity for machine learning workloads. The service lets customers reserve GPU instances in advance for defined durations, providing assured access to accelerated compute for pre-training, fine-tuning, rapid prototyping, and surge inference. Reservations can be made up to eight weeks ahead for durations up to six months, in clusters of one to 64 instances, and can be shared across accounts using AWS Resource Access Manager.
read more โ†’

International takedown of AudiA6 crypto laundering service

๐Ÿ”Ž An international law enforcement operation dismantled the AudiA6 cryptocurrency laundering service, suspected of moving more than โ‚ฌ336m for ransomware gangs and other cybercriminals between 2022 and 2025. The probe identified an industrial-scale laundering scheme that used thousands of stolen identities and money mules to obfuscate funds. Arrests, domain seizures and frozen crypto followed coordinated actions across Europe, the US and Georgia.
read more โ†’

Public Sector Security: AI as the New Battlefield

๐Ÿ›ก๏ธ At Check Point Engage Public Sector 2026, leaders and practitioners convened to examine how AI is transforming cyber defense and offense for government organizations. Panels highlighted that AI enables automated, fast, and scalable attacks while also becoming core infrastructure for missions. Speakers urged a shift from reactive models to proactive, prevention-first strategies, emphasizing visibility, governance, and workforce controls to secure AI adoption.
read more โ†’

GitHubโ€™s npm v12 Changes Aim to Harden Supply Chain

๐Ÿ›ก๏ธ GitHub announced npm v12 will flip three permissive defaults to opt-in behavior to reduce software supply chain risk. Starting July 2026, npm will block install scripts, Git dependencies, and remote URL-sourced packages by default. Developers can upgrade to npm 11.16.0+ to receive warnings and use npm approve-scripts to build local allowlists in package.json. Experts praise stronger defaults but warn attackers may shift to private registries and maintainers may approve scripts to avoid build friction.
read more โ†’

Open Knowledge Format: Portable AI Knowledge Standard

๐Ÿ“˜ Today Google Cloud introduces the Open Knowledge Format (OKF), an open, vendor-neutral specification that formalizes the LLM-wiki pattern into a portable directory of markdown files with YAML frontmatter. OKF v0.1 defines a small set of conventions so different producersโ€™ wikis can be consumed by agents without translation. The spec is intentionally minimal โ€” one required type field per concept โ€” and is accompanied by reference producer and consumer implementations and sample bundles.
read more โ†’

Agentjacking: AI coding agents tricked into execution

๐Ÿ›ก๏ธ Cybersecurity researchers at Tenet Security disclosed a new attack class called Agentjacking that tricks AI coding agents into executing arbitrary code. The exploit leverages Sentry's public DSN and its MCP interaction to inject crafted error events, which agents like Claude Code and Cursor interpret as trusted resolution steps. Successful exploitation can expose sensitive data and run code with developers' privileges.
read more โ†’