- Home
- Cybercrime and Ransomware
- Emerging Tech
- Threat Intelligence
- Expert Insights
- Careers and Learning
- Compliance
Subscribe to Updates
Subscribe to our newsletter and never miss our latest news
Subscribe my Newsletter for New Posts & tips Let's stay updated!
Author: Staff Writer
John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.
Summary Points Multiple critical vulnerabilities in Cisco Catalyst SD-WAN Manager (CVE-2026-20122, CVE-2026-20128, CVE-2026-20133) are actively exploited to gain remote, elevated privileges and access sensitive information. Attackers are weaponizing CVE-2025-32975 in Quest KACE Systems Management Appliance to impersonate users and potentially execute malicious activities without authentication. Known exploitation of CVE-2023-27351 in PaperCut NG/MF is linked to ransomware attacks by groups like Lace Tempest, highlighting targeted credential bypass risks. Threat, Attack Techniques, and Targets CISA has added eight new vulnerabilities to its list of actively exploited flaws, known as the KEV. These flaws include issues in products from Cisco, JetBrains, Kentico, Quest,…
Top Highlights A British man, Tyler Buchanan, pleaded guilty in the U.S. to conspiring in a cybercrime scheme involving SMS phishing, network intrusions, and SIM swapping, resulting in at least $1 million stolen in virtual currency. The scheme targeted over a dozen companies, using fake login links in SMS messages to steal employee credentials, which were then used to access sensitive corporate data and identify valuable cryptocurrency accounts. The attackers employed SIM swapping tactics to bypass security measures, intercepting two-factor authentication codes and gaining access to victims’ digital wallets and accounts. Buchanan admitted to the conspiracy, with a scheduled sentencing…
Summary Points 1. A major cyberattack on Signature Healthcare disrupts hospital operations, affecting patient services and safety. 2. Emergency and critical treatments continue, but ambulance rerouting and canceled services increase strain on nearby facilities. 3. The attack likely involves ransomware or intrusion tactics, with no group officially claiming responsibility yet. 4. This incident emphasizes the urgent need for healthcare cybersecurity resilience to protect operations and patient safety amid rising threats. Healthcare Systems Under Cyber Threat Recently, a major cyberattack hit Signature Healthcare in Brockton. As a result, the hospital had to divert ambulances and cancel important services. This attack shows…
Essential Insights Threat actors exploited a compromised AI vendor to access Vercel through a stolen OAuth token, leading to a security breach. The attack was highly sophisticated, enabled by over-permissioned OAuth grants and compounded by an employee downloading gaming cheats containing malware. The incident highlights the critical need for robust AI governance, proper data security practices, and stricter OAuth permissions management to prevent downstream exploitation. Experts emphasize treating OAuth tokens as high-value credentials and adopting enterprise-managed consent to mitigate risks from supply-chain and AI-related vulnerabilities. Data Breach at Vercel Revealed Through a Third-Party AI Tool Recently, a serious security incident…
Essential Insights JanaWare is a targeted ransomware campaign in Turkey, delivered via a heavily modified Adwind RAT through phishing emails with Google Drive links, utilizing advanced evasion techniques including geofencing and code obfuscation to avoid detection. The malware checks for Turkish language and IP geolocation before executing, then disables security features, removes backups, and encrypts files using AES, demanding relatively low ransom ($200-$400 USD). Communications between victims and attackers occur exclusively via Tor and decentralized messaging apps like qTox, making law enforcement collaboration difficult. To mitigate infection risk, users should block untrusted Java applications and suspicious Google Drive links, monitor…
Essential Insights Iran’s MOIS operates a coordinated cyber campaign using three hacker identities—Homeland Justice, Karma/KarmaBelow80, and Handala—initially believed to be separate groups, but now confirmed as a single state-controlled operation. The campaign involves sophisticated cyber intrusions, data theft, destructive tools, and influence tactics, targeting governments and organizations across multiple countries, with methods and infrastructure shared across all personas. Key campaigns included attacks against Albania and Israeli entities, evolving over years with consistent tools, infrastructure, and messaging patterns, culminating in influence operations like data leaks and harassment. The operation, linked to the threat actor “Void Manticore,” employs deception tactics using multiple…
Fast Facts Attackers can exploit CVE-2026-5760 by using malicious GGUF model files with embedded Jinja2 SSTI payloads, leading to remote code execution on SGLang servers. The vulnerability allows remote attackers to execute arbitrary Python code through the "/v1/rerank" endpoint when loading compromised models from sources like Hugging Face. Mitigation involves replacing jinja2.Environment() with ImmutableSandboxedEnvironment to prevent server-side Python code execution. Threat, Attack Techniques, and Targets A critical security vulnerability, CVE-2026-5760, affects SGLang, a popular open-source framework for large language models. The CVSS score is 9.8, indicating a high severity. Attackers can exploit this flaw by creating a malicious GGUF model…
Summary Points A critical BOLA vulnerability in Lovable’s API allows unauthorized access to sensitive project data, including source code, credentials, chat histories, and customer info, primarily affecting projects created before November 2025. While fixes appear applied for new projects, legacy projects remain exposed, leaving a significant security gap, especially for users with older accounts. The flaw was reported over a month ago but remains unpatched for legacy projects, risking data breaches for organizations, including nonprofits and major corporations like Nvidia and Microsoft. Researchers advise affected users to proactively rotate secrets and implement independent secrets management, highlighting widespread security control lag…
Fast Facts Threat actors are exploiting QEMU, a legitimate virtualization tool, as a covert backdoor to steal credentials and deploy ransomware while evading endpoint security. Attack campaigns since late 2025, such as STAC4713 and STAC3725, leverage hidden VMs and virtualization evasion techniques to obscure malicious operations. These campaigns use sophisticated methods like disguised virtual disk files, reverse SSH tunnels, and in-VM attack tools to avoid detection and facilitate persistent access. Organizations should audit for unauthorized QEMU instances, monitor unusual network activities, and apply security patches to mitigate this emerging threat trend. Underlying Problem Threat actors have begun weaponizing QEMU, a…
Quick Takeaways Atos’s integration of Google Threat Intelligence enhances early detection and swift containment of emerging cyber threats across global SOCs. The collaboration improves real-time monitoring of credential breaches, domain spoofing, and data leaks to prevent targeted cyberattacks. It enables customized, industry-specific security solutions focused on protecting against digital risks with proactive threat insight. Threat, Attack Techniques, and Targets Atos has integrated Google Threat Intelligence into its cybersecurity services. This partnership enables better insight into emerging threats. The information can help detect new attack techniques early. These attacks can include credential theft, domain spoofing, and data leaks. The targets of…