- Home
- Cybercrime and Ransomware
- Emerging Tech
- Threat Intelligence
- Expert Insights
- Careers and Learning
- Compliance
Subscribe to Updates
Subscribe to our newsletter and never miss our latest news
Subscribe my Newsletter for New Posts & tips Let's stay updated!
Author: Staff Writer
John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.
Forescout 2026 Report Warns of Surging OT & ICS Threats as Network Infrastructure Becomes Prime Target
Summary Points Enterprise security is shifting focus from endpoints to network infrastructure, with routers and switches now accounting for a significant portion of critical vulnerabilities, highlighting the expanding attack surface in core network layers. A diverse range of connected devices, including medical systems, industrial controllers, and smart building components, are increasingly being classified as high-risk due to outdated firmware, default credentials, and weak security controls. Attackers are exploiting vulnerabilities across IT, OT, IoT, and IoMT, with persistent threats on foundational assets such as routers, VoIP systems, UPS devices, and healthcare devices, emphasizing the need for integrated, cross-domain security strategies. Effective…
Top Highlights Aleksei Volkov, a Russian initial access broker for ransomware groups, was sentenced to 81 months in prison for facilitating cyberattacks that caused over $9 million in losses. Volkov identified and exploited network vulnerabilities, selling access to ransomware operators, enabling attacks without directly deploying malware. His actions led to increased harassment, DDoS attacks, and data leaks, with some victims paying up to $1.5 million in ransoms. He is required to pay full restitution, totaling at least $9.1 million, and forfeit equipment used in his cybercriminal activities. What’s the Problem? Aleksei Volkov, a 26-year-old Russian hacker from St. Petersburg, was…
Top Highlights APT-C-13 (Sandworm), a highly dangerous state-backed hacking group, is actively exploiting RDP servers in critical sectors through long-term cyber espionage campaigns. The group uses social engineering via disguised ISO images distributed through messaging and cracking communities, deploying modular malware that persists undetected by standard defenses. Their sophisticated persistence methods include planting scheduled tasks, hijacking RDP with SSH reverse tunneling, routing C2 traffic through Tor, and injecting trusted certificates, enabling stealthy, long-lasting access. To defend against this threat, organizations must block unauthorized ISO files, monitor suspicious internal activities, and enhance detection of anomalous RDP/SSH behavior, as the attackers prioritize…
Summary Points The total number of DDoS attacks surged from 512K in Q4 2024 to 1.3 million in Q4 2025, with attack volumes reaching a record 12 Tbps, a sixfold increase. Network-layer attacks dominate, comprising 82% of incidents, and are increasingly shorter (most under one minute), while application-layer attacks are longer, often exceeding 10 minutes. Digital sectors like technology (34%), finance (20%), and gaming (19%) are primary targets, with attackers focusing on infrastructure to maximize disruption. Geographic analysis shows attack sources predominantly in Latin America, especially Mexico and Brazil, emphasizing the need for localized and widespread threat mitigation strategies. Key…
Essential Insights A 26-year-old Russian hacker was sentenced to nearly 7 years in U.S. prison for facilitating ransomware attacks that caused over $9 million in losses, acting as an access broker for cybercriminal groups. He exploited vulnerabilities to gain unauthorized network access and sold it to ransomware gangs, enabling data encryption, extortion, and significant operational damages for victims. U.S. authorities also charged a third individual, Angelo Martino, for negotiating ransom payments with the BlackCat gang, resulting in seized assets worth nearly $9.2 million. DigitalMint disavowed and terminated employees involved in blackhat activities, emphasizing its commitment to ethical standards and the…
Quick Takeaways Cyberattacks are evolving into faster, more coordinated, and professionalized operations, enabling quick access transfer under 30 seconds and increasing operational disruption risks. Attackers leverage AI, including large language models, to enhance social engineering and evade detection, making sophisticated, hyper-personalized strikes more prevalent. Most incidents are now detected internally, with many sophisticated exploits targeting internet-facing vulnerabilities, especially zero-days, complicating detection and remediation efforts. Defense strategies must focus on accelerating response times, securing critical infrastructure like backups and identity systems, and adopting behavioral detection to stay ahead of evolving, industrialized cyber threats. Underlying Problem The M-Trends 2026 report paints a…
Summary Points Google has launched Gemini AI agents within Threat Intelligence to autonomously monitor dark web forums, processing millions of posts daily with 98% accuracy to detect security risks like data leaks and insider threats. Unlike traditional regex-based methods with high false positives, Gemini utilizes advanced language models for contextual profiling, significantly reducing noise and improving threat detection precision. The system cross-references ambiguous dark web claims with detailed enterprise profiles, enabling it to identify high-severity threats involving specific organizations and assets efficiently. Google also deploys autonomous AI agents in security operations to assist with triage and investigation, carefully restricting data…
Quick Takeaways On March 22, 2026, the Tor-based leak site “ALP-001” emerged, signifying a shift from selling corporate access to full-scale extortion in the underground cybercriminal world. ALP-001 is linked to an active Initial Access Broker operating across multiple dark web forums since at least July 2024, historically selling access to enterprise systems like VPNs and remote gateways. Evidence shows the group is transitioning from access selling to data extortion, targeting high-value, internet-facing enterprise infrastructure, and operating with established underground credibility. Security experts recommend organizations patch internet-facing devices, monitor for unauthorized access, and enforce multi-factor authentication to defend against such…
Top Highlights NAKIVO v11.2 enhances platform support with VMware vSphere 9 and Proxmox VE 9.0/9.1, offering broader compatibility and faster disaster recovery through automated real-time replication. The update improves security by integrating OAuth 2.0 for email notifications and provides better control for MSPs with an upgraded MSP Direct Connect. Successful customer outcomes include 80% storage reduction via data deduplication and VM recovery within 10 minutes, demonstrating efficiency gains. NAKIVO experienced 25% revenue growth in Q4 2025, expanding globally with new partners and over 16,000 customers across 191 countries, emphasizing its market growth and trust. What’s the Problem? On March 6,…
Fast Facts Over 511,000 outdated Microsoft IIS servers, including more than 227,000 beyond the support window, are actively exposed on the internet, creating a significant security risk. These end-of-life servers do not receive security updates, making them prime targets for hackers to exploit known vulnerabilities, deploy malware, or gain access to networks. The exposure is concentrated mainly in China and the U.S., with attackers actively scanning for and exploiting these vulnerable web servers. Organizations should prioritize auditing, updating, or isolating legacy IIS servers, and utilize security measures like firewalls and Microsoft’s ESU program to mitigate risks. Underlying Problem On March…