- Home
- Cybercrime and Ransomware
- Emerging Tech
- Threat Intelligence
- Expert Insights
- Careers and Learning
- Compliance
Subscribe to Updates
Subscribe to our newsletter and never miss our latest news
Subscribe my Newsletter for New Posts & tips Let's stay updated!
Author: Staff Writer
John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.
Quick Takeaways Sophisticated Supply Chain Attack: The attack used signed software from Dragon Boss Solutions LLC, exploiting legitimate update tools like Advanced Installer to deliver malicious payloads that disable antivirus systems and remain hidden. Critical Vulnerability & Wide Impact: A flaw in the update infrastructure allowed anyone to register a domain for just $10 and push malicious payloads to infected machines, resulting in over 23,500 infected endpoints worldwide, including high-value institutions. Advanced Malicious Payloads: The ClockRemoval.ps1 script permanently disables security tools by killing antivirus processes, creating persistent scheduled tasks, modifying hosts files to block AV updates, and disabling Chrome auto-updates—effectively…
Quick Takeaways A critical, actively exploited vulnerability in SharePoint (CVE-2026-32201) allows attackers to spoof SharePoint and access sensitive data, emphasizing immediate patching due to ongoing exploitation. The most urgent vulnerability (CVEs-2026-33824, -33826, -33827, -33825) impact Windows systems, enabling remote code execution or privilege escalation, with CVE-2026-33824 in Windows IKE Service rated 9.8/10 for severity. Microsoft’s April patch aims to address a record 167 vulnerabilities, with experts warning the extensive volume demands significant resource allocation and careful testing from security teams. A major SAP SQL injection flaw (CVSS 9.9) in SAP Business Planning and Consolidation requires immediate patching, with a temporary…
Quick Takeaways CrowdStrike joins Anthropic’s Project Glasswing, leveraging advanced AI models to boost internal cybersecurity defenses, positioning as a primary beneficiary in the cybersecurity consortium. The Mythos Preview AI model, central to the project, will remain internal, providing participating firms, especially CrowdStrike, a competitive edge in vulnerability detection and platform security. CrowdStrike’s extensive cybersecurity suite and superior vulnerability management capabilities distinguish it from peers like Palo Alto Networks, enhancing its role in the AI-driven initiative. Despite strong growth and a $1.5 billion stock buyback program, analysts suggest the stock may be trading above fair value, as CrowdStrike continues to innovate…
Fast Facts Most ransomware discussions emphasize encryption, downtime, and recovery, but the critical pre-attack activities are often overlooked. Attackers are increasingly deploying “EDR killers” early in the attack chain to covertly disable endpoint detection and response (EDR) tools. Disabling EDRs early allows ransomware groups to operate undetected, increasing their success and the damage caused. Understanding and defending against these pre-attack tactics is essential to prevent ransomware from executing and causing harm. Underlying Problem Recent reports from Cyber Security News reveal a troubling trend among ransomware groups; they are intentionally disabling Endpoint Detection and Response (EDR) tools early in their attack…
Essential Insights Microsoft released patches for 165 CVEs this Patch Tuesday, with one actively exploited zero-day and another publicly known but unexploited. The majority of vulnerabilities are elevation-of-privilege bugs (57%), followed by remote code execution and information disclosure flaws. Key zero-day threats include CVE-2026-32201 (a spoofing flaw in SharePoint) and CVE-2026-33825 (a privilege escalation in Defender), both with high exploit risk. Only eight vulnerabilities are deemed critical, including high-severity flaws in Windows IKE and secure tunneling, which organizations should urgently address. Privilege Elevation Bugs Take Center Stage in Microsoft’s Latest Patch Microsoft’s recent update for April addresses a critical share…
Top Highlights 24/7 Coverage is Crucial: MDR provides continuous monitoring across endpoints, identities, and cloud environments, enabling faster threat detection and reducing dwell time, which is essential for cyber resilience. Reducing Alert Noise: MDR applies human expertise and threat intelligence to validate alerts, prioritize genuine threats, and prevent alert fatigue, ensuring security teams focus on real risks. Speedy Containment: Effective MDR enables quick response actions like isolating systems and stopping malicious processes, minimizing attack impact and maintaining business continuity. Holistic Resilience Strategy: MDR works best when integrated with prevention and recovery tools, forming a comprehensive approach that enhances overall cyber…
Quick Takeaways CISA warns organizations about active exploitation of two critical vulnerabilities: CVE-2023-21529 in Microsoft Exchange Server, enabling remote code execution, and CVE-2023-36424 in Windows CLFS, allowing privilege escalation. Both flaws are being exploited in the wild, posing grave risks to enterprise networks; Exchange flaws threaten data and access, while CLFS flaws enable total system control. Federal agencies are mandated to patch these vulnerabilities by April 27, 2026, per BOD 22-01, with strong advisories for private entities to prioritize urgent updates. Immediate mitigation includes applying patches, following official instructions, discontinuing vulnerable products if patches are unavailable, and monitoring for suspicious…
Black Basta’s Playbook Continues with Rapid-Scale Intrusion Campaigns by Former Affiliates
Top Highlights Black Basta, a ransomware group linked to Conti, is actively targeting over 100 organizations globally through sophisticated social engineering tactics, mainly focusing on senior executives. Recent campaigns, resembling past Black Basta operations, involve rapid email bombings and impersonation via Microsoft Teams, enabling quick remote access—sometimes within minutes. Despite the group’s internal chat leaks and police identification of its alleged leader, former affiliates continue to conduct fast, automated intrusions in key sectors like manufacturing, finance, and tech. The group’s primary motive appears to be data theft, extortion, or ransomware deployment, with tactics evolving to streamline operations and maximize attacker…
Fast Facts Mirax is a sophisticated Android malware discovered in late 2025 that steals banking credentials and transforms infected devices into residential proxy nodes, enabling malicious traffic routing through legitimate IPs. It operates as a Malware-as-a-Service (MaaS), with limited access to trusted affiliates, primarily Russian-speaking, allowing discreet, long-term infections. Deployment involves social media ads directing users to phishing sites, with the malware installed via stealthy dropper files from GitHub, disguising itself as a media app and requesting Accessibility Services. Its proxy capability, utilizing residential IPs, enables evasion of fraud detection, geolocation bypass, and large-scale cyberattacks, making it a significant threat…
Fast Facts Booking.com experienced a cyberattack exposing customer data, including names, emails, phone numbers, and reservation details, though financial info was reportedly not accessed. The company detected suspicious activity, reset affected reservation PINs, and warned customers, but did not disclose how many or which regions were impacted. Threat actors are already weaponizing stolen data for targeted phishing campaigns, with evidence of social engineering using accurate booking information. Security experts advise users to remain vigilant, verify communications via official channels, and be cautious of unsolicited payment requests. The Core Issue Recently, Booking.com disclosed a cyberattack that compromised the personal data of…