Author: Staff Writer

Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Top Highlights Oceania healthcare organizations are increasingly targeted by the INC ransomware group, with significant attacks affecting Australia, New Zealand, and Tonga since mid-2024. INC typically gains access through compromised accounts, spear-phishing, or exploiting vulnerabilities, then escalates privileges to deploy ransomware and exfiltrate data. Smaller nations like Tonga are especially vulnerable due to reliance on centralized infrastructure and limited incident response capabilities, with attackers often choosing opportunity over size. Experts advise basic cybersecurity measures—monitoring, MFA, vulnerability management—since INC uses outdated tactics, highlighting ongoing security gaps in healthcare sectors. INC Ransomware Targets Healthcare in Oceania Cybersecurity authorities in Oceania warn about…

Read More

Essential Insights Iran’s internet has been fully blackout for over 10 days since February 28, 2026, with traffic plummeting to below 1%, severing roughly 90 million people from global connectivity. The shutdown was government-enforced, synchronized across major regions and ISPs, and closely coincided with US and Israeli military strikes. The blackout has caused an estimated economic loss of $35.7 million daily and severely impacted online commerce, with online sales dropping by up to 80%. Human rights organizations condemn the shutdown as a violation of rights, noting it blocks emergency access and only allows access to pre-approved domestic sites. The Core…

Read More

Quick Takeaways On March 11, 2026, Stryker was hit by a severe cyberattack using Iranian-linked Handala hacktivists’ wiper malware, which permanently erased critical data. The attack caused extensive operational shutdowns globally, affecting over 5,500 employees in Ireland and disrupting manufacturing and core functions. Attackers gained access via administrative accounts, defaced login pages, and wiped data from servers, endpoints, and mobile devices, halting company activities. Experts warn that ongoing outages threaten to severely impact the global supply chain for medical devices and hospital equipment. Key Challenge On March 11, 2026, Stryker, a leading global medical technology company, faced a devastating cyberattack…

Read More

Quick Takeaways Texas state agencies and publicly owned medical facilities are mandated to review cybersecurity risks associated with Chinese-manufactured patient monitoring devices, following federal alerts about vulnerabilities including backdoors that could expose health data. Key devices such as Contec CMS8000 and Epsimed MN-120 are on Texas’ restricted list due to security concerns, prompting agencies to inventory network-connected medical devices and evaluate cybersecurity protections. Regulatory bodies are required to ensure device procurement compliance, share device inventories with Texas Cyber Command, and assess whether specific devices should be added to a prohibited technology list. Texas intends to propose legislation next session to…

Read More

Fast Facts Salesforce warns of a cyber campaign by ShinyHunters exploiting overly permissive guest user settings in Experience Cloud portals to steal data through automated probing with modified open-source tools. The breach primarily targets environments with broad guest permissions, default organization settings not private, and public API access, enabling attackers to query and extract sensitive CRM data. Salesforce environments are attractive targets due to sensitive customer data, layered access complexities, and extensive integrations with third-party apps, which can be exploited if misconfigured. Salesforce recommends organizations audit permissions, disable public API access, limit object visibility, and enforce least privilege to mitigate…

Read More

Top Highlights The Biden administration’s recent executive order aims to increase accountability for cyber-enabled fraud through enhanced disruption, coordination, and international pressure, recognizing it as industrialized and often transnational crime. However, the administration has rolled back earlier software supply chain security measures, making tools like SBOM requests optional, which weakens the environment that enables cybercriminal activities. The article critiques the inconsistent approach: strong consequences for criminals but leniency or discretion regarding insecure technology supply chains, undermining efforts to establish genuine security. Effective cyber strategy requires both disrupting criminal networks and enforcing secure-by-design software production, addressing the root environment that makes…

Read More

Fast Facts Attackers increasingly leverage trusted cloud services and SaaS platforms like Google Sheets, OpenAI APIs, and Microsoft Graph to hide command and control (C2) communications, making malicious activities blend in with legitimate business traffic. The shift from traditional local binaries to cloud-native tools and APIs allows adversaries to operate within the cloud environment, enabling resource enumeration, data extraction, privilege escalation, and persistence using legitimate functionality. Cybercriminal groups exploit cloud infrastructure and services—such as object storage, serverless functions, cloud tunneling, and snapshot sharing—to carry out reconnaissance, payload staging, data exfiltration, and unauthorized pivoting, bypassing conventional defenses. Advanced malware frameworks and…

Read More

Top Highlights Visory appoints experienced leaders Edward Vasko as COO and Mark Dallmeier as CRO to bolster operational efficiency and growth. Vasko’s extensive cybersecurity background and leadership will enhance Visory’s focus on secure, reliable technology services. Dallmeier’s proven record in building customer-centric solutions will accelerate the company’s revenue and strategic initiatives. These leadership moves reinforce Visory’s commitment to delivering innovative, scalable cybersecurity and technology partnerships amid rising demand. Strengthening Leadership for Better Technology and Security Visory has made important changes to its leadership team by adding two experienced executives. These new appointments focus on improving how the company operates and…

Read More

The National Cyber Strategy emphasizes proactive disruption of adversaries, enhanced private-public collaboration, and a focus on future-proofing networks, AI, and quantum security. It calls for simplifying regulations, improving cybersecurity outcomes, and accelerating quantum readiness, targeting 2035 for full quantum-proofing. The strategy aims to bolster critical infrastructure resilience, ensure AI security by design, and prioritize securing multiple attack surfaces. It stresses the importance of developing a skilled cyber workforce, leveraging existing training programs, and fostering public-private partnerships to enhance national cyber defense. Adapting the Strategy to Daily Business Operations The national cybersecurity strategy provides a strong foundation for protecting our everyday…

Read More

Fast Facts For the first time, software exploitation has surpassed credential theft as the leading initial access method in the cloud, with threat actors exploiting third-party software more than weak credentials. Threat actors are shifting from traditional phishing to voice-based social engineering and harvesting credentials from third-party SaaS tokens to enable large-scale, covert data exfiltration. Cloud service breaches now primarily aim for high-volume data theft via legitimate access, with a significantly quicker window from vulnerability disclosure to exploitation—reducing from weeks to days. Attackers are leveraging AI tools like large language models to automate credential harvesting and escalate access, highlighting the…

Read More