Hello, stay ahead with CISO Brief 🚀

🔒 ThreatFabric uncovered a new TrickMo Android banker variant that communicates with operators via The Open Network (TON) using .adnl identities and an embedded local TON proxy on infected devices. Disguised as TikTok or streaming apps, it targets banking and crypto wallets in France, Italy, and Austria. The modular malware adds several remote networking commands and proxying capabilities. Android users should restrict app sources and enable Play Protect.

🤖 DXC Technology, Accenture, and other organizations are actively retraining SOC teams to integrate agentic AI by embedding vendor experts and building secure sandboxes. CISOs emphasize top-down leadership, rapid experimentation, and formal learning tracks to shift mindsets and roles. Governance, humans-in-the-loop, and clear escalation and audit paths are required while agents take on L1/L2 tasks.

🔒 Knostic’s internet-wide reconnaissance discovered 1,862 exposed MCP servers, and manual checks of 119 instances showed every sampled server returned internal tool listings without authentication. High-impact flaws like EchoLeak (CVE-2025-32711) and mcp-remote (CVE-2025-6514) illustrate how poisoned documents and command-injection in widely used packages can enable silent data exfiltration or full system compromise. The article prescribes immediate adoption of zero-trust controls: authentication on every interaction, network segmentation, cryptographic signing for tool definitions, continuous integrity monitoring, and human approval for sensitive actions.

🔒 A ShinyHunters campaign has compromised data for over 197,000 Zara customers, according to HaveIBeenPwned. Stolen items include unique email addresses, product SKUs, order IDs and support ticket data after stolen authentication tokens from analytics provider Anodot were used to access BigQuery and Snowflake instances; the group leaked a claimed 140GB trove. Inditex says no names, passwords or payment details were affected and operations remained unaffected. Other reported victims include Vimeo, Rockstar Games and McGraw Hill.

🔒 Spanish and German authorities have shut down a relaunch of Crimenetwork, arresting a 35-year-old German national in Mallorca after coordination with the Frankfurt prosecutors and the BKA. The rebuilt marketplace attracted over 22,000 users and 100+ vendors, trading stolen data, narcotics and forged documents while generating more than €3.6m in revenue. Police seized €194,000 and user transaction data to support further investigations.

🚨 A malicious Hugging Face repository impersonating OpenAI's Privacy Filter model reached #1 trending before being disabled after delivering a Rust-based information stealer to Windows users. The attacker typosquatted the legitimate release and copied its model card, instructing victims to run a loader.py or Windows start.bat to fetch payloads via a JSON Keeper dead drop. The multi-stage chain used PowerShell to download secondary loaders, set Defender exclusions, and install a one-shot scheduled task that launched a stealer collecting browser, wallet and app data for exfiltration.

⚠️ Attackers are using Google Ads to direct macOS users to malicious instructions hosted inside Claude.ai shared chats. The chats disguise themselves as official installation guides and prompt users to paste Terminal commands that download compressed shell scripts and execute them in memory. Some variants profile victims (including keyboard locale) before running a second-stage payload via osascript, while others immediately steal browser credentials, cookies, and Keychain items. Avoid pasting terminal commands and visit the official site directly.

🚨 German authorities dismantled a relaunch of the criminal marketplace Crimenetwork and arrested its alleged operator after the reboot reportedly generated more than €3.6 million. The new instance had attracted roughly 22,000 users and over 100 vendors before investigators seized user and transaction data along with about €194,000 in assets. The arrest of a 35-year-old German was executed in Mallorca under a European arrest warrant, following coordinated actions by the Public Prosecutor's Office in Frankfurt am Main, the Central Office for Combating Cybercrime (ZIT), and the BKA.

⚠️ Security researchers disclosed a critical out-of-bounds read in Ollama that can leak process memory and is tracked as CVE-2026-7482 (CVSS 9.1), dubbed "Bleeding Llama". The flaw arises in the GGUF model loader's WriteTo() flow due to use of the unsafe package, allowing a crafted model upload to read past heap bounds. Successful exploitation can reveal environment variables, API keys, prompts, and user conversation data and exfiltrate it via the /api/push endpoint. Users are urged to apply fixes, restrict network exposure, and place an authentication proxy before Ollama instances.

⚠ The official JDownloader website was compromised between May 6 and May 7, 2026, and attackers replaced alternative Windows and Linux installers with malicious payloads. The Windows binaries deploy a heavily obfuscated Python-based remote access trojan, while the Linux shell installer installs SUID-root components and persistence. Developers say the CMS was abused to alter download links without host-level access and have taken the site offline to investigate. Users who ran affected installers should treat systems as compromised, verify installers' digital signatures (AppWork GmbH) and consider reinstalling and rotating credentials.

⚠️A malicious Hugging Face repository impersonated OpenAI’s Privacy Filter and briefly reached #1, reportedly accumulating 244,000 downloads before removal. HiddenLayer found the repo used a typosquatted name and a loader.py that disabled SSL checks, decoded a base64 URL, and executed a PowerShell chain to deploy a Rust-based infostealer. The malware harvests browser credentials, tokens, wallets, SSH/FTP/VPN files and more, exfiltrating data to a C2 server. Users are urged to reimage affected machines, rotate credentials, and replace wallets and seed phrases.

🔒 cPanel has released updates to address three vulnerabilities in cPanel and Web Host Manager (WHM) that could enable privilege escalation, arbitrary code execution, and denial-of-service. The flaws are tracked as CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203, with CVSS scores up to 8.8. Multiple release lines and the WP Squared build are patched, and a direct 110.0.114 update is available for CentOS 6/CloudLinux 6 users. Administrators are advised to apply updates promptly.

🔒 AWS Client VPN now provides a Linux desktop client compatible with Ubuntu 26.04 LTS, expanding support beyond 22.04 and 24.04. The AWS-supplied client is free and available in all regions where the service is generally available. As a managed VPN service, AWS Client VPN securely connects remote employees to AWS and on-premises networks. Desktop support also includes MacOS (Sonoma 14.0, Sequoia 15.0, Tahoe 26.0) and Windows 11, with ARM64 builds available.

🔐 Ivanti disclosed five vulnerabilities in its on‑premises Endpoint Manager Mobile (EPMM) suite, and one—CVE-2026-6973—has been added to CISA’s Known Exploited Vulnerabilities Catalog due to active exploitation. Updated EPMM releases resolving the issues are available and administrators are urged to apply patches and rotate administrative credentials immediately. The defects include improper input validation, access control failures, and certificate validation errors, and Ivanti says it is using AI tools to help identify additional vulnerabilities. Organizations should also review enrollment settings such as Apple Device Enrollment and assess whether legacy on‑premises MDM fits a Zero Trust model.

📣 Amazon Connect now supports Default Guides for After Contact Work (ACW), automatically launching a Step-by-Step Guide when an agent enters ACW. This eliminates manual navigation to wrap-up tools and helps standardize post-contact workflows. The feature reduces handle time, lowers errors, and improves agent consistency and productivity. Step-by-Step Guides are available in multiple AWS regions.

🚀 The Gemini CLI CI/CD extension lets developers deploy functional apps directly from a terminal, closing the gap between local prototyping and production pipelines. It performs a pre-deployment secret scan, analyzes project files, and can containerize using buildpacks before deploying to Cloud Run or Cloud Storage. For production workflows it can design CI/CD pipelines, provision resources, and generate Cloud Build YAML and triggers.

🛡️Elastic Security Labs has detailed a previously undocumented Brazilian banking trojan named TCLBANKER, tracked as REF3076, which targets 59 banks, fintechs and cryptocurrency platforms. The campaign appears to be a major evolution of the Maverick family and bundles a robust loader, a full-featured trojan, and a worm that propagates via WhatsApp Web and Outlook. The loader abuses a signed Logitech installer and uses DLL side-loading, anti-analysis checks, and environment-gated payload decryption to evade detection.

⚠️Analysis by the Anti-Corruption Data Collective found significant insider activity on Polymarket. Long-shot wagers—bets of $2,500 or more at implied odds of 35% or less—had an average win rate of about 52% in markets on military and defense actions. By contrast, those long-shot bets won roughly 25% in politics-focused markets and only 14% platform-wide. Author Bruce Schneier warns that permitting such activity risks warping political and military outcomes far more severely than insider sports betting.