Author: Staff Writer

Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Fast Facts A new, improved version of the LOTUSLITE malware targets India’s banking sector via malicious CHM files, using DLL side-loading for stealthy payload delivery. The malware communicates with a dynamic DNS command-and-control server over HTTPS, enabling remote control, file operations, and data exfiltration with an espionage focus. The threat group has expanded its targets from US government entities to South Korean diplomatic circles and India’s banking sector, employing sophisticated lures such as fake banking pop-ups and diplomatic impersonation. Threat, Attack Techniques, and Targets Cybersecurity researchers found a new version of the malware called LOTUSLITE. This malware is used in…

Read More

Top Highlights A ransomware negotiator, Angelo Martino, pleaded guilty to collaborating with the BlackCat ransomware gang, aiding in extorting millions from U.S. victims. Martino provided confidential victim information, including insurance limits and negotiation strategies, to maximize ransoms, earning substantial illicit gains. He helped deploy ransomware attacks and facilitated a $1.2 million extortion, laundering assets worth over $10 million, including cryptocurrency and luxury items. Facing up to 20 years in prison, Martino’s betrayal highlights the growing threat of insider involvement in cybercrimes, undermining trust in cybersecurity professionals. Ransomware Negotiator Pleads Guilty to Aiding Cyber Attacks A man working as a ransomware…

Read More

Verifiable Digital Credentials (VDCs) are cryptographically secure, digital versions of physical credentials like driver’s licenses or diplomas, stored in digital wallets for online or in-person verification. Key components of the VDC ecosystem include issuers, digital wallets, verifiers, relying parties, trust services, and identity management systems, each playing a distinct role in credential issuance, presentation, and validation. The deployment of VDCs involves complex protocols, data formats, and standards to ensure security, privacy, and usability, with ongoing efforts by organizations like NIST to develop and harmonize these standards. Practical use cases, such as digital driver’s licenses for online bank account opening, illustrate…

Read More

Quick Takeaways Angelo Martino, a ransomware negotiator for DigitalMint, pleaded guilty to conspiring with affiliates to extort and attack U.S. companies, including blackmail and ransom demands, benefiting personally from the crimes. Using his role, Martino leaked confidential negotiations and insurance details to cybercriminals, facilitating their extortion efforts and helping them collect over $75 million in ransom payments. Law enforcement seized $10 million in assets, including property, vehicles, and cryptocurrency, linked to Martino’s crimes, and he surrendered to authorities in Miami. Martino faces up to 20 years imprisonment, with sentencing scheduled for July 9, having admitted to obstructing commerce through extortion,…

Read More

Quick Takeaways A former ransomware negotiator pleaded guilty to collaborating with BlackCat/ALPHV, aiding attacks on US companies in 2023, and improperly shared sensitive client info to maximize payouts. Angelo Martino, along with two others, deployed BlackCat ransomware, extorted victims, and laundered around $10 million, with Martino facing up to 20 years in prison. Law enforcement seized various assets from Martino, including vehicles and digital currency, and he has a scheduled sentencing for July 9. Experts emphasize the need for strict separation of roles in ransomware negotiations to prevent conflicts of interest and insider threats, underscoring that trust must always be…

Read More

Essential Insights Threat actors linked to The Gentlemen RaaS are deploying SystemBC proxies, forming a botnet of over 1,570 victims worldwide, using sophisticated tactics like domain-wide GPO abuse and tailored reconnaissance. The group employs multi-platform ransomware targeting Windows, Linux, NAS, and BSD, with detailed lateral movement and defense evasion techniques, including disabling Windows Defender and manipulating virtual machine environments. The cybercriminal ecosystem is evolving with highly specialized, industrialized ransomware like Kyber and rapid attack speeds, exemplified by some threats encrypting within an hour, indicating a shift towards efficiency over complexity. Ransomware incidents are at an all-time high, with over 2,000…

Read More

Fast Facts Tyler Buchanan, a key member of the hacking group Scattered Spider, pleaded guilty to conspiracy and ID theft, after orchestrating phishing and cryptocurrency thefts totaling over $8 million from U.S. victims. He was arrested in Spain while attempting to fly to Italy, and faces up to 22 years in prison; law enforcement acted swiftly due to his international travel. Buchanan was central to the group, which targets high-net-worth individuals and sectors like tech and finance, using tactics like SIM-swapping and credential harvesting, with some of his possessions linked to over $27 million in bitcoin. The FBI describes Scattered…

Read More

Summary Points Exploiting vulnerabilities in Lantronix and Silex serial-to-IP converters can allow attackers to hijack devices, tamper with data, and take full control of industrial control systems. Attackers can leverage these flaws to disrupt serial communications, conduct lateral movements into networks, and manipulate sensor or actuator data, potentially causing operational failures. Successful exploitation can occur via internet-exposed devices, emphasizing the need to update firmware, secure device credentials, and segment vulnerable devices from critical network assets. Threats, Attack Techniques, and Targets Cybersecurity researchers discovered 22 new vulnerabilities in popular Lantronix and Silex serial-to-IP converters. These flaws are part of a collective…

Read More

Summary Points AI models are increasingly capable of independently identifying vulnerabilities, mapping attack paths, and executing multi-stage intrusions with minimal human oversight, shifting the cybersecurity landscape from static patching to dynamic, rapid threat movement. This acceleration threatens the traditional defense window—oftentimes weeks—by enabling AI-driven attacks to occur within hours or minutes, reducing defenders’ time to respond effectively. The proliferation of AI tools can automate entire attack sequences— from reconnaissance to exploitation—making it easier for less skilled operators to conduct large-scale, high-speed cyber campaigns. To counter this threat, security experts advise proactive measures such as assuming breach scenarios, automating incident response,…

Read More

Summary Points Trojans remain the leading attachment-based threat, accounting for 21% of incidents in March 2026. Phishing via FakePage decreased sharply from 42% to 15%, indicating a decline in this attack method. Downloaders (9%) and droppers (7%) continue to be prominent, facilitating malware distribution through attachments. Threat, Attack Techniques, and Targets In March 2026, email threats mainly involved attachments. Trojans were the most common, making up 21% of these threats. Phishing attacks, using fake pages, were at 15%. Although their share dropped from 42% to 15%, the total number of these phishing emails slightly decreased. Downloaders and droppers also appeared…

Read More