< ciso
brief />

Hello, stay ahead with CISO Brief 🚀

Every day the cybersecurity world moves fast — new incidents, evolving AI risks, changing regulations, and critical vendor updates. We cut through the noise to deliver only what matters most for your business and security strategy.

CISO Brief brings you a daily digest of high-signal news: major breaches, hyperscaler security releases, AI and compliance shifts, and the latest threat intelligence — all in one concise update.

Built for CISOs, CTOs, and architects, our goal is to save you time, reduce distraction, and keep you always on pulse with the risks and opportunities that shape tomorrow.

👉 Join our Telegram channel for your daily update — stay informed, stay ready.

Cybersecurity News Digest — Daily Briefings

Latest News

all posts →

Forg365 PhaaS Targets Microsoft 365 with AI

🛡️ Forg365 is a phishing-as-a-service platform that targets Microsoft 365 accounts by combining adversary-in-the-middle (AiTM) and device-code phishing with integrated AI-assisted lure generation. The service offers an admin dashboard for campaign management, OAuth and SMTP configuration, token handling, and a browser extension called ForgCookie for persistent cookie harvesting. Researchers at ZeroBEC found the operation uses legitimate delivery services like Amazon SES and SendGrid-hosted resources to blend malicious emails into normal traffic.
read more →

Meta’s NameTag controversy raises privacy alarms

🕶️ Meta’s Ray‑Ban smart glasses, boosted by AI, have sparked privacy concerns after leaked documents revealed a facial‑recognition feature called NameTag. The tool could match faces seen by the glasses to contacts or public profiles across Meta platforms and store unmatched faces in a “Pending” folder. Wired later reported that NameTag code and third‑party facial recognition components from Rank One Computing were embedded in the Meta AI companion app before being partially removed following public outcry.
read more →

Cloudflare on ML‑DSA and the PQ signature landscape

🔒 Cloudflare explains why ML‑DSA, the NIST‑standardized post‑quantum signature, must be used for the initial migration even though better schemes may arrive later. The post‑quantum transition is underway: most traffic already uses ML‑KEM encryption, and Cloudflare targets full post‑quantum protection by 2029. The post outlines tradeoffs among candidate signature families — size, speed, and implementation risks — and highlights why specialization and generalist schemes will both be needed.
read more →

Phishing job interviews steal Google credentials

🔒 Security teams have uncovered a targeted phishing campaign impersonating over 30 major brands to lure candidates into fake job interviews and harvest Google account passwords. Attackers use realistic recruiter names, photos and PeopleForce-sent messages to appear legitimate, and links redirect through trusted domains to a calendar booking page that prompts a Google sign-in. The scheme leverages a browser-in-the-browser trick where a fake Google auth pop-up captures credentials, though password managers can often block autofill. The campaign has operated for months and highlights growing sophistication in recruitment scams amid workplace uncertainty.
read more →

June 2026: Global Cyber Attacks and Ransomware Shift

📈 June 2026 saw a notable rebound in global cyber attacks, with weekly incidents per organization averaging 2,270, up 10% from May and 17% year over year. Education, Government, and Telecommunications were the most targeted industries, while Latin America recorded the largest regional increase. Ransomware incidents surged 33% year over year, and The Gentlemen overtook Qilin as the most active ransomware group.
read more →

AI gateway compromise raises cloud security concerns

🔒 Researchers report an AWS EC2 instance acting as a LiteLLM proxy for Amazon Bedrock was compromised and used to deploy XMRig cryptomining malware. The intrusion highlights risk from AI gateways that centralize identities, permissions, and model access, making them high-value targets. Analysts observed SSH exposure, probable brute-force attempts, and suspicious IAM activity tied to model enumeration and persistence efforts. Darktrace assisted in timely detection and containment while urging tighter controls and telemetry correlation.
read more →

UK unveils AI-driven national Cyber Shield

🔒 The UK’s NCSC and DSIT unveiled a blueprint called Cyber Shield to deploy autonomous AI agents that detect and neutralize cyberattacks at machine speed. The plan uses cooperating “red” and “blue” agents to identify weaknesses, detect threats and progressively automate remediation while operating under organizational control. The initiative emphasizes explainable and federated AI, industry partnerships, and a staged rollout beginning with government and critical sectors.
read more →

CISOs Warn Executives Lack Understanding of Cyber Risk

🔒 A MetaCompliance report (July 9) based on responses from over 200 European CISOs finds 78% believe C-level executives do not fully grasp cybersecurity risks tied to employee behaviour. The survey highlights fading leadership support for security awareness, with 79% saying backing wanes over time and 40% worried employees share sensitive data with generative AI tools. AI-driven social engineering is cited as a key factor eroding confidence in organisational cyber resilience.
read more →

Global Operation First Light 2026 Targets Cybercrime

🛡️ A global anti-fraud operation, Operation First Light 2026, ran from January 15 to April 30, 2026, coordinated by Interpol with support from regional partners and funding from China’s Ministry of Public Security. The crackdown targeted social engineering scams such as romance fraud and BEC, leading to over 5,800 arrests, identification of 15,606 suspects and interception of $293m in illicit assets. Actions included raids, freezing 31,014 bank accounts, seizing devices and using Interpol’s I-GRIP stop-payment mechanism.
read more →

AI's accelerating role in cybersecurity risks

🛡️ Five Eyes agencies warned that AI's rapid development raises cyber risks, particularly autonomous hacking and automated attacks. Bruce Schneier explains that AI widens the gap between skill and ability, enabling less-skilled actors to cause greater harm while also offering defensive tools. He argues that guardrails on large platforms won't stop open-source models and urges using AI for defense across all heightened risks.
read more →

Microsoft to retire OWA Light from Exchange Server

📰 Microsoft will remove the OWA Light experience from on-premises Exchange Server in an upcoming update. The Exchange Team says retiring OWA Light reduces legacy surface area, simplifies engineering, and lets them focus on the full Outlook on the web experience. Administrators can proactively disable OWA Light via PowerShell using Set-OwaMailboxPolicy and Set-OwaVirtualDirectory commands. The change is expected in August 2026 after OWA Light was deprecated in August 2024.
read more →

Why clearinghouses aren’t the core solution

🛠️ Athena joins a crowded set of recently announced clearinghouses, but the author argues the clearinghouse itself is the least important part of the equation. Clearinghouses are simply pools of vulnerability data; the real value is in actuation — rebuilding, testing, signing, and delivering fixes where users will actually consume them. The rise of private pre-disclosure findings is a byproduct of models tested against running applications, and scale plus fast throughput matters more than the mere existence of another database.
read more →

GhostApproval: AI coding assistants allow hidden writes

🔒 Wiz Research disclosed GhostApproval, a flaw in six AI coding assistants that allows symlink tricks to make approval prompts misrepresent targets. The vulnerability can let a repository write attacker-supplied keys or files to sensitive locations, potentially enabling passwordless remote access or remote code execution. Amazon, Google and Cursor have patched the issue; Augment and Windsurf have yet to fix it, while Anthropic disputes that its behavior is a vulnerability. Wiz recommends resolving symlinks before approval and flagging writes outside the project.
read more →

GodDamn ransomware uses signed PoisonX kernel driver

🛡️ GodDamn is a newly observed ransomware family that employs a signed PoisonX kernel driver and a Symantec‑masquerading user‑mode tool to disable endpoint protections. First spotted on May 21, 2026, Broadcom's Threat Hunter Team attributes the lineage to the Hyadina developer and links it to earlier Beast and Monster variants. Attacks used AnyDesk, PsExec, credential harvesters and lateral movement to compromise multiple hosts before deploying the encryptor.
read more →

Six-stage maturity model for non-human identities

🔒 This article examines the risks of agentic AI and non-human identities in enterprise environments, illustrating incidents where LLM-based agents caused outages due to weak identity controls. It argues that existing IAM models are insufficient for agents that act autonomously, and cites industry guidance from Gartner, OWASP, CISA and NIST. The author proposes six minimum requirements and a cumulative six-stage NHI maturity model to ensure defensible production deployments.
read more →

INTERPOL-led Operation First Light nets global arrests

🕵️ Law enforcement agencies coordinated Operation First Light 2026 across 97 countries, arresting 5,811 suspects and seizing $293 million in illicit assets. The operation targeted social engineering fraud — including BEC, sextortion, impersonation, romance, and investment scams — and associated money laundering between January 15 and April 30. Authorities identified over 142,000 victims, blocked 31,014 bank accounts, and analyzed 152,808 cases while additional suspects were identified. INTERPOL coordinated the effort with regional policing bodies and funding support from China's Ministry of Public Security.
read more →

CREST launches AI charter for cybersecurity use

🔒 Over 70 cybersecurity organisations have signed the new CREST AI Charter, launched on July 9, committing to nine principles governing AI-enabled cybersecurity activities. The charter covers accountability and governance, transparency of use, documentation and auditability, boundaries and control, data handling and sovereignty, security and confidentiality, secure development, supply chain assurance and resilience. Signatories will maintain human oversight, document AI use, disclose data practices and implement secure development and supply chain controls. CREST intends the charter as a self-regulatory foundation to drive standards and harmonisation across industry and regulators.
read more →

Fixing data architecture vs. upgrading detection models

🔍 Security teams often default to retraining AI models when detections fail, but the real root cause is usually upstream data issues. Fragmented telemetry, inconsistent schemas and stale baselines degrade ML effectiveness long before models see events. Standardizing schemas, monitoring data quality at ingestion and applying governance to security telemetry are practical priorities that restore detection reliability without wholesale platform replacements.
read more →