Hello, stay ahead with CISO Brief 🚀

⚠️ Enterprise AI deployments face a quiet but serious integrity risk when models learn or retrieve false information: data poisoning and widespread data pollution can make LLMs produce plausible but incorrect outputs. This threat spans training datasets, RAG and retrieval layers, agent memory, and internal knowledge bases — and often originates from stale, conflicting, or poorly governed sources rather than deliberate attacks. Security leaders are urged to map all context sources, treat AI inputs as a supply chain, tighten data hygiene, and assign clear governance to identify and remediate corrupted truth.

🔔 Cybersecurity detection is improving, but response effectiveness hinges on how people perform under real stress. The article argues that scheduled, announced exercises leave teams neurologically unprepared because threat-induced arousal suppresses executive function. No-notice drills, informed by stress inoculation science, raise teams' tolerance for pressure and build practical outcomes: faster instinctive response, stronger cross-team trust and organizational honesty. Practical steps include anomaly injection, full-chain activation and rapid, blameless debriefs to close gaps.

🔒 A Cifas survey of 2,000 UK employees at firms with 1,000+ staff found 13% admitted to selling corporate logins in the past year or knew someone who had. The report highlights even higher tolerance among senior managers and executives, with justification rates rising to 32-43% and 81% for business owners. Cifas urges organisations to build fraud-aware cultures and deliver counter-fraud training to curb insider risk.

⚠️ Palo Alto Networks has warned of a critical buffer overflow (CVE-2026-0300) in the User-ID Authentication Portal component of PAN-OS, allowing unauthenticated remote code execution as root. The flaw carries a CVSS of 9.3 when the portal is internet-accessible (8.7 for internal-only access). Palo Alto reports limited in-the-wild exploitation targeting publicly accessible portals; fixes are scheduled to begin May 13, 2026. Administrators should restrict or disable the portal until patches are applied.

🔒 On April 29, 2026 researchers disclosed CVE-2026-31431, dubbed Copy Fail, a deterministic local privilege escalation impacting Linux kernels 4.14–6.19.12. The flaw resides in the AF_ALG crypto interface's algif_aead module and permits a controlled four-byte overwrite into the kernel page cache. A standalone 732-byte Python proof-of-concept reliably escalates to root across major distributions. Apply vendor kernel updates immediately or temporarily disable algif_aead; Cortex XDR and XSIAM provide layered detection and mitigation.

🐧 Trend Micro researchers revealed a previously undocumented Linux implant named Quasar Linux (QLNX) that targets software developers by compromising development and DevOps environments such as npm, PyPI, GitHub, AWS, Docker, and Kubernetes. QLNX dynamically compiles rootkit and PAM backdoor modules on the host, runs fileless in memory, and employs multiple persistence methods while wiping logs and spoofing process names to remain stealthy. The toolkit includes a 58-command RAT, credential harvesting (SSH keys, cloud configs, and /etc/shadow), kernel eBPF hiding, surveillance, lateral movement, and in-memory injection; Trend Micro provided IoCs but attribution and prevalence remain unclear.

🔒 AWS Elemental MediaTailor now automatically authenticates server-to-server connections with Google Ad Manager (GAM), Google Campaign Manager (GCM), and Display & Video 360 (DV360), streamlining SSAI integration for customers. The service auto-detects requests to Google's ad servers and establishes the required secure, authenticated connection — no support case or allow-listing needed. GAM ad requests are secured to support access to Authorized Buyers, and GCM/DV360 impression tracking is routed through Google's authenticated endpoints to improve reporting and reduce rejected impressions. The feature is available in all Regions where MediaTailor runs and incurs no additional charge.

🔒 Instructure says it is investigating a breach after the extortion group ShinyHunters claimed to have stolen 280 million records tied to students, teachers, and staff across 8,809 colleges, school districts, and online education platforms. The actors allege they accessed names, email addresses, private messages and enrollment data by abusing Canvas export features such as DAP queries, provisioning reports and user APIs. Instructure has acknowledged the incident but has not provided detailed public answers; several universities have begun their own inquiries.

⚠️ ReversingLabs researchers describe an ongoing supply‑chain campaign called PromptMink that manipulates AI coding agents into installing malicious dependencies. Attackers publish bait packages with persuasive READMEs and LLM‑optimized documentation on registries like NPM and PyPI to increase discovery by autonomous agents and developers. The operation, attributed to North Korea’s Famous Chollima, paired legitimate‑looking SDKs with second‑layer packages carrying infostealers, later evolving to compiled Rust add‑ons, SEAs, SSH backdoors, and project exfiltration.

📎 Modern phishing now prioritizes speed over persuasion. By forcing immediate downloads via trusted cloud providers (for example Dropbox?s dl=1), attackers remove the preview step and exploit double extensions and hidden OS behavior to disguise executables. Cortex Email Security applies deep static analysis, behavioral signals, and LLM-based intent classification to detect forced-download parameters, identity-bound cloaking, and rotating social-engineering lures before they reach endpoints.

🤖 At Google Cloud Next '26, public sector leaders and academics demonstrated how the agentic era is moving from experimentation to enterprise-scale adoption across government, transportation, healthcare, and research. Featured speakers — including leaders from Google Public Sector, the City of Los Angeles, the FDA, and the Department of Transportation — shared blueprints for scaling AI and treating agents as force multipliers to improve productivity and mission outcomes. Hands-on demos, 28 Mission Talks and an interactive Public Sector Hub enabled attendees to create and test hundreds of agents across diverse use cases. Google invited organizations to continue engagement through follow-up webinars and partner pathways to accelerate adoption.

🔒 A Norwegian researcher discovered that Microsoft Edge decrypts saved passwords at startup and keeps them resident in process memory, leaving credentials retrievable in plain text on shared or compromised machines. German publication Heise reproduced the finding, locating passwords even after a browser restart. Microsoft reportedly treats the behavior as 'by design,' prompting calls for using alternative password managers.

⚠️ CISA is reportedly weighing a proposal to shorten the remediation window for critical government vulnerabilities from the current 14 days to just 72 hours. The Reuters-sourced report ties the consideration to concerns that AI tools such as Anthropic’s Claude Mythos could accelerate the discovery and weaponization of serious flaws, though CISA has not confirmed the discussion. Security practitioners warn the tighter window would strain testing, asset discovery, and patch deployment; others say it could be attainable with modern automation and processes.

⚠️ DAEMON Tools installers hosted on the official site were trojanized beginning April 8, delivering a backdoor to thousands of systems worldwide. Compromised, digitally signed installers (versions 12.5.0.2421–12.5.0.2434) contained malicious code in binaries such as DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. The initial payload is an information stealer used to profile victims; select hosts received a lightweight second-stage backdoor capable of executing commands and loading code in memory. In at least one targeted case researchers observed deployment of a more advanced QUIC RAT, and Kaspersky warns the campaign evaded detection for nearly a month.

🔍 The AWS blog announces AI Traffic Analysis dashboards for AWS WAF, adding AI-specific visibility into bot and agent activity across web ACLs. The dashboards extend WAF Bot Control detection to more than 650 named bots and provide identity, intent classification, organization breakdowns, top paths, and 14‑day temporal trends. Data is emitted to Amazon CloudWatch and is queryable via the GetTopPathStatisticsByTraffic API for custom dashboards, alerting, and automation. A reference sample demonstrates per-path monetization with CloudFront and Lambda@Edge, with usage guidance and cost warnings.

🛠️The SAM CLI now supports BuildKit for building container images from Dockerfiles, enabling faster, more efficient Lambda container builds. You can use multi-stage builds to produce smaller final images, improved caching to reduce rebuild times, and parallelized build steps for faster overall builds. BuildKit also enables cross-architecture targets (x86_64 and arm64) and secure build-time use of Docker secrets. To use it, update to SAM CLI v1.159.0+ and run sam build with the --use-buildkit flag; the feature works with both Docker and Finch.

🚀AWS Serverless Application Model (AWS SAM) now supports WebSocket APIs for Amazon API Gateway, enabling developers to declare complete WebSocket APIs with minimal configuration in a SAM template. SAM automatically generates the necessary resources and permissions, reducing the manual CloudFormation work and common IAM debugging issues. The new AWS::Serverless::WebSocketApi resource offers parity with API Gateway WebSocket features — including IAM and Lambda authorization, custom domains, RouteSettings, Models, StageVariables, and Globals support. Define routes by assigning Lambda handlers for $connect, $disconnect, $default, and custom routes; SAM wires up integrations and permissions automatically.

🔍 Amazon ElastiCache now publishes thirteen new Amazon CloudWatch metrics for node-based clusters to surface network throttling, memory fragmentation, and connection exhaustion without running INFO commands or manual baselining. The host- and engine-level diagnostics include network baseline percentages, allocator fragmentation, OS page-faults, connection rejects, pub/sub channel counts, and command throughput. Metrics are available in all commercial, China, and GovCloud regions at no additional cost and can be viewed in the ElastiCache monitoring tab or the AWS/ElastiCache namespace in CloudWatch.