- Home
- Cybercrime and Ransomware
- Emerging Tech
- Threat Intelligence
- Expert Insights
- Careers and Learning
- Compliance
Subscribe to Updates
Subscribe to our newsletter and never miss our latest news
Subscribe my Newsletter for New Posts & tips Let's stay updated!
Author: Staff Writer
John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.
Summary Points Cybercriminals are exploiting npm and PyPI packages using compromised developer tokens and malicious postinstall hooks to deploy self-propagating worms that steal sensitive credentials and exfiltrate data to external servers. Attackers are leveraging malicious packages masquerading as legitimate tools, including Kubernetes utilities and LLM proxies, to secretly install backdoors, exfiltrate secrets, and hijack AI workflows. A recent AI-driven campaign targets GitHub pull request workflows to inject malicious code, primarily affecting small repositories, and aims to steal developer credentials while largely avoiding high-profile or sensitive environments. Threat, Attack Techniques, and Targets Cybersecurity researchers have identified a new malicious campaign involving…
Australia Tightens Cyber Reporting to Catch AI-Driven Critical Infrastructure Incidents
Summary Points Australia’s CISC mandates mandatory reporting of cyber incidents, including AI-related ones, to the Department of Home Affairs, to enhance real-time threat assessment and response for critical infrastructure. The cybersecurity regime varies by asset importance, with the most vital systems subject to stricter oversight, aiming to safeguard essential services from cyber threats, natural events, and system failures. AI introduces new cybersecurity risks, exemplified by incidents involving unauthorized access and data leaks via AI tools like ChatGPT, highlighting the need for rigorous governance and risk management. Effective mitigation relies on strong governance, secure system management, personnel training, and oversight by…
Quick Takeaways The ransomware and digital extortion threat landscape remains stable with over 2,059 incidents in Q1 2026, showing a slight decline from late 2025 but an overall increase year-over-year. Manufacturing continues to be the top targeted industry, comprising nearly 20% of attacks, due to its operational vulnerability and potential for quick financial impact. North America remains the primary target region, accounting for over half of incidents, driven by regional economic factors, technological integration, and geopolitical motives. Few ransomware groups dominate, with Qilin, Akira, and The Gentlemen emerging as the most active collectives, collectively responsible for nearly half of all…
Essential Insights North Korean threat actors are increasingly using compromised developer repositories in the software supply chain to spread malware, including remote access Trojans, via self-propagating infection chains. The attack exploits fake job interviews and malicious code execution within development environments like Visual Studio Code, leveraging trusted developer workflows to infect downstream projects. Payload delivery is enhanced through blockchain infrastructure, making detection and takedowns more difficult, and the infection can spread widely across open-source and organizational repositories, risking extensive compromise. Threat, Attack Techniques, and Targets The threat involves North Korean actors using fake job offers to infect software development systems.…
Quick Takeaways Moltbook exposed sensitive data, including email addresses and API tokens, highlighting risks from unsecured AI agent databases. Toxic security risks occur when AI agents or integrations bridge multiple applications via OAuth or API scopes without proper oversight. Traditional single-application reviews miss these complex, runtime-established trust relationships, increasing vulnerability. Dynamic SaaS security platforms like Reco monitor cross-application permissions continuously, identifying and mitigating toxic combinations in real-time. How Cross-App Permissions Create Hidden Risks In today’s digital environment, many organizations use multiple apps that work together through OAuth grants and API scopes. While each app might seem secure on its own,…
Top Highlights DinDoor employs the legitimate Deno JavaScript runtime and MSI installer files, leveraging trusted environments to bypass security detection and deliver malware. It is delivered via phishing or malicious downloads, executing obfuscated JavaScript to fingerprint the victim, establish command-and-control (C2) communication, and fetch additional payloads. The malware is linked to the Iranian APT group Seedworm and shares infrastructure with other cybercriminal groups, indicating a broader threat ecosystem. Detection strategies include monitoring unexpected deno.exe activity, restricting MSI execution, and analyzing network traffic for abnormal command-line patterns and C2 communications. What’s the Problem? Recently, cybersecurity researchers uncovered a sophisticated backdoor called…
Top Highlights Hostile nations like Russia, Iran, and China are now conducting the most serious cyberattacks targeting the UK, with state-linked hacking groups focusing on critical infrastructure and strategic assets. The UK’s NCSC handles about four significant cyber incidents weekly, with the most serious threats stemming from state-sponsored operations rather than criminal activities like ransomware. Russia, Iran, and China are displaying advanced cyber capabilities, with Russia applying tactics from its Ukraine conflict to target the UK and Europe at scale, while Iran represses dissidents and China exhibits military-grade sophistication. UK authorities warn that in a conflict scenario, organizations will face…
Fast Facts An expansive mobile proxy ecosystem powered by ProxySmart operates across 17 countries, utilizing physical smartphone farms with at least 94 locations to facilitate large-scale fraud and illicit activities. ProxySmart, a Belarus-based platform, manages over 87 exposed control panels globally, supporting SIM farms that leverage carrier networks, IP rotation, OS spoofing, and tunneling protocols to evade detection. These SIM farms enable widespread cybercrimes such as account takeovers, fake social media accounts, bot activities, geo-circumvention, and payment fraud, often marketed with minimal KYC security. The infrastructure exploits carrier-grade NAT, rapid IP reassignments, and multi-carrier access, significantly hindering detection efforts and…
Top Highlights Traditional security frameworks focused on static checkpoints are insufficient in the rapidly evolving AI-driven threat landscape, where attackers can exploit vulnerabilities in minutes without human intervention. Current risk measurement tools often reflect outdated threats, leaving CISOs with an incomplete and outdated picture of their organization’s true security posture. CISOs must ask vital questions about real-time visibility, identity management, permissions, AI-assisted decision-making, and incident response to adapt effectively to modern threats. Prioritizing runtime visibility, continuous identity inventory, outcome-based metrics, and response rehearsals are crucial strategies for organizations to detect, contain, and recover from threats swiftly in the AI age.…
Fast Facts Ransomware remains dominant with 702 incidents in March, driven by sophisticated groups like Qilin and Akira, targeting industries such as construction and healthcare. The growth of the underground access market facilitates ransomware attacks and espionage, with key brokers like vexin and holyduxy controlling over 55% of listings. Exploitation of known vulnerabilities (e.g., CVE-2026-20131, CVE-2025-53521) and AI-driven attacks (e.g., CyberStrikeAI targeting Fortinet devices) significantly increase breach risks. Threat, Attack Techniques, and Targets In March 2026, the cyber threat landscape continued to grow. Ransomware attacks led the scene with 702 incidents worldwide. Major ransomware groups included Qilin, Akira, The Gentlemen,…