- Home
- Cybercrime and Ransomware
- Emerging Tech
- Threat Intelligence
- Expert Insights
- Careers and Learning
- Compliance
Subscribe to Updates
Subscribe to our newsletter and never miss our latest news
Subscribe my Newsletter for New Posts & tips Let's stay updated!
Author: Staff Writer
John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.
Summary Points Enforce multi-factor authentication (MFA) universally, especially for high-privilege and external-facing accounts, to prevent credential theft from leading to breaches. Implement Privileged Access Management (PAM) to control admin permissions, centralize credential security, and minimize privilege escalation risks. Maintain a comprehensive inventory of all human, machine, and workload identities, including service accounts and API keys, to identify shadow identities and reduce attack paths. Use continuous validation and real-time monitoring to detect early signs of compromise, such as abnormal login patterns and privilege escalations, thereby enabling swift incident response. The Core Issue The story highlights the surge in identity compromise as…
Summary Points Supply chain attacks bypass traditional defenses via trusted vendors, making security a core aspect of cyber resilience and business continuity. Organizations must map their complex supply chain, classify critical dependencies, and continuously monitor supplier security postures using automated tools. Implement strong access controls like MFA, least privilege, and regular audits to minimize damage from vendor credential breaches. Detect intrusions early with unified telemetry across endpoints, networks, and cloud systems, and build robust recovery strategies with immutable backups and automated restores. Underlying Problem The story centers on the rising threat of supply chain attacks, which compromise trusted vendors and…
Essential Insights Storm-1175 is executing rapid, high-velocity ransomware campaigns, often within 24 hours of vulnerability disclosure, targeting known and zero-day flaws. The group heavily exploits vulnerabilities in industries like healthcare and finance across Australia, UK, and US, leveraging vulnerabilities such as CVE-2026-1731 and others in popular software. They demonstrate advanced tactics, including tampering with security tools like Microsoft Defender, and using tools like RMM, Impacket, and Rclone for lateral movement and data exfiltration. Microsoft urges organizations to prioritize immediate patching, enable tamper protections, and isolate web-facing systems to mitigate the threat from Storm-1175’s swift and sophisticated attacks. Storm-1175 Accelerates Medusa…
Fast Facts Effective attack surface management (ASM) requires continuous visibility across all digital, physical, human, and cloud environments to detect and monitor vulnerabilities before attackers can exploit them. Prioritize attack vectors that typically cause breaches—such as credential theft, unpatched vulnerabilities, third-party compromises, and cloud misconfigurations—to efficiently strengthen defenses. Shift from periodic assessments to ongoing, automated discovery, assessment, and remediation processes to keep pace with rapidly changing infrastructure and reduce blind spots. Integrate ASM with detection, response, and recovery strategies—like real-time threat detection and immutable backups—to contain attacks quickly and maintain business continuity. The Core Issue The article reports on the…
Hackers Exploit Next.js React2Shell Flaw to Steal Credentials from 766 Hosts in 24 Hours
Fast Facts A fast-spreading cyberattack exploits the critical React2Shell flaw (CVE-2025-55182) in Next.js, breaching 766 servers in 24 hours and stealing sensitive data like passwords and cloud keys. The attack operates automatically using a command-and-control framework called NEXUS Listener, enabling hackers to harvest and organize credentials remotely without manual intervention. The vulnerability allows code execution through a crafted HTTP request, targeting React Server Components, with downstream effects including potential supply chain risks from compromised package registry credentials. Urgent mitigation steps include applying security patches, rotating secrets, auditing systems, and monitoring network traffic to prevent or detect ongoing breaches. The Core…
Essential Insights A China-based threat actor, Storm-1175, actively exploits zero-day and known vulnerabilities to quickly breach susceptible internet-facing systems, primarily targeting healthcare, education, finance, and professional sectors globally. The group rapidly moves from initial access to data exfiltration and ransomware deployment, often within 24 hours, maintaining high operational velocity and leveraging multiple exploits simultaneously. Storm-1175 creates persistence through account creation, web shells, RMM tools, and credential theft, often interfering with security defenses before executing ransomware. They exploit unpatched vulnerabilities, including Linux systems and Oracle WebLogic, utilizing advanced tactics like LOLBins, RMM tools, and customized lateral movement techniques to evade detection…
Summary Points Malaysia’s rapidly expanding digital infrastructure and strategic geopolitical position are increasing its vulnerability to sophisticated cyber threats, including state-sponsored espionage, cybercriminal ransomware, and politically motivated hacktivism. Key threat actors include China-linked groups (e.g., APT41, Mustang Panda), North Korea’s Lazarus Group, and financially motivated gangs like FIN7, employing methods such as supply-chain surveillance, credential theft, spear-phishing, and AI-driven social engineering. Ransomware, web application attacks, and DDoS incidents are prominent, affecting sectors like finance, government, manufacturing, and critical infrastructure, with malware campaigns often leveraging supply chain vulnerabilities and high-impact techniques. Malaysia’s cybersecurity focus is shifting towards strengthening critical infrastructure resilience,…
Essential Insights Cybercrime losses surged by 26% to nearly $20.9 billion in 2025, representing a 400% increase since 2020, with total losses over five years exceeding $71.3 billion. Investment scams, especially cryptocurrency-related fraud, remain the largest component, accounting for nearly $8.65 billion, with phishing, extortion, and data breaches being the most reported crimes. Victims over 60 years old suffered the highest losses, making up 37% of total cybercrime losses, with over 1 million complaints received by the FBI, but many crimes remain unreported. Ransomware, data breaches, and social engineering attacks are the top cyber threats, impacting critical infrastructure sectors like…
Storm-1175 Targets Healthcare Systems to Launch Ransomware Attacks Across US, UK, and Australia
Summary Points New findings reveal that Storm-1175, deploying Medusa ransomware, is rapidly exploiting recently disclosed and zero-day vulnerabilities in internet-facing systems, often within 24 hours, to gain initial access and establish persistence across target networks. The threat actor conducts high-velocity, multi-stage attacks involving reconnaissance, lateral movement, credential theft, and deployment of remote management tools to maximize impact and evade detection, primarily targeting high-impact enterprise platforms like Microsoft Exchange and Oracle WebLogic. Storm-1175 uses legitimate remote monitoring tools and scripting techniques, such as PDQ Deployer and Impacket, to maintain access, move laterally, and deploy ransomware swiftly—sometimes within a day—focusing on sectors…
Top Highlights Credential incidents, such as lockouts and breaches, cause ongoing operational costs, helpdesk overloads, and workflow disruptions that organizations often overlook. Poor password policies and lack of breached password screening increase the risk of repeated credential-related incidents, heightening vulnerabilities. Rigid password reset policies do more harm than good, leading to weaker passwords and frequent account lockouts, with modern guidelines favoring breach-based resets. Implementing strong, user-friendly password policies and tools like breached password detection can significantly reduce security risks and operational disruptions. The Hidden Financial and Operational Costs of Credential Incidents Recurring credential issues, such as account lockouts and hacked…