Author: Staff Writer

Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Summary Points Ransomware targeting industrial OT environments increased by 49% in 2025, impacting over 3,300 organizations globally, with attacks often exploiting basic security lapses rather than sophisticated tactics. Many OT-specific ransomware incidents are misclassified as IT issues due to misidentification of OT devices, obscuring the true scale of OT-centric threats. Attackers commonly leverage valid credentials, infostealers, and initial access brokers to breach OT boundaries via VPNs, firewalls, and vendor tunnels, leading to operational disruptions without direct interaction with industrial control protocols. Effective OT detection, comprehensive visibility, and rapid response significantly reduce recovery times; however, vulnerabilities in perimeter security, ICS asset…

Read More

Summary Points CVE-2008-0015, a long-dormant Windows Video ActiveX Control vulnerability, is now on the KEV catalog due to active exploitation, posing serious RCE risks. Attackers exploit this flaw via malicious web pages in Internet Explorer, allowing them to execute arbitrary code and potentially seize full system control. Despite patches issued in 2008, many legacy or unpatched systems remain vulnerable, stressing the importance of upgrading or disabling outdated components. CISA mandates federal agencies eliminate or mitigate this vulnerability by March 10, 2026, urging organizations to follow suit to prevent malware or ransomware threats. What’s the Problem? A long-dormant vulnerability in Microsoft…

Read More

Summary Points Traditional DLP tools are costly and cumbersome, limiting their effectiveness against the risks posed by unmanaged GenAI use, which includes data leaks of sensitive information like PII, PHI, and intellectual property. Implementing enterprise licenses for approved GenAI solutions with built-in security is ideal but expensive (~$30-$40 per user/month), risking the blocking of potentially beneficial tools for staff. A more flexible and cost-effective approach involves integrating DLP controls into XDR/MDR cybersecurity platforms, allowing monitoring and response to sensitive data risks across multiple GenAI tools, with annual costs around $30k-$50k. CIOs and CISOs should balance fostering innovation with robust policies…

Read More

Essential Insights ENISA’s Cybersecurity Exercise Methodology provides a comprehensive, flexible framework with a step-by-step approach, supporting organizations in planning, conducting, and evaluating cybersecurity exercises to enhance resilience. The methodology emphasizes structured planning, stakeholder engagement, capacity building, continuous improvement, and aligns with the European Cybersecurity Skills Framework (ECSF) to ensure standardized, effective workforce development. Developed through validation from past exercises and community feedback, it covers six key phases—initiation, design, preparation, execution, evaluation, and moving forward—ensuring thorough and realistic exercise planning. ENISA promotes community collaboration and ongoing refinement of the methodology, aiming to empower European organizations to systematically enhance cybersecurity readiness and…

Read More

Essential Insights Cybersecurity researchers have uncovered a new version of the ‘ClickFix’ social engineering campaign that stores malware directly in a victim’s browser cache to evade detection. This method leverages legitimate browser functions, allowing malware to be delivered silently during a website visit, bypassing traditional security alerts and network monitoring. The attack uses fake error messages urging victims to copy-paste commands, which then execute the cached malicious payload via PowerShell without needing further downloads. The malware is advertised on underground forums with low-cost tools and customizable templates, increasing the risk of rapid adoption by threat actors targeting ransomware and info-stealers.…

Read More

Fast Facts Unternehmen sollten proaktiv Sicherheitsbewertungen bei Drittanbietern durchführen, inklusive Nachweisen von Zertifizierungen wie SOC 2, ISO/IEC 27001 und branchenspezifischen Standards, um Risiken zu minimieren. CISOs müssen die Kommunikations- und Kontrollmechanismen der Anbieter für Workflow-Verifizierung, unabhängige Tests und API-Sicherheitsintegrationen regelmäßig überprüfen. Verträge mit Third-Party-Anbietern sollten klare Verantwortlichkeiten und Pflichten bei Sicherheitsvorfällen sowie Vorgaben für schnelle Incident-Meldungen und Schutzmaßnahmen enthalten. Unternehmen sollen umfassend testen und überwachen, einschließlich prozessorientierter Szenarien, um Schwachstellen zu identifizieren, die tatsächliche Risikolage besser zu verstehen und angemessen zu reagieren. The Core Issue The increasing reliance on third-party IT providers and software has significantly expanded companies’ attack surfaces,…

Read More

Top Highlights Matanbuchus, a premium Malware-as-a-Service loader, has reemerged in February 2026 with a rewritten 3.0 version, now charging up to $15,000/month, signaling a shift toward high-value targeted attacks over mass campaigns. The malware employs the “ClickFix” social engineering tactic, tricking users into executing malicious commands via deceptive prompts that bypass traditional security by exploiting human trust. The infection chain involves sophisticated layered techniques—including fake antivirus installations, password-protected archives, and in-memory execution of the AstarionRAT payload—to evade detection and leave minimal forensic evidence. Security measures should focus on monitoring suspicious msiexec usage, unusual directories in %APPDATA%, and network connections to…

Read More

Fast Facts Credit card fraud has evolved into a sophisticated, organized Carding-as-a-Service (CaaS) ecosystem that mimics legitimate markets, offering criminals streamlined access to stolen data, tools, and support. These marketplaces bundle stolen credit card info with personal data, enabling complex, long-term fraud campaigns that pose significant identity theft and privacy risks. Attack methods fueling these markets include phishing, skimming, and malware, continuously supplying fresh stolen records and lowering entry barriers for a broad range of threat actors. To combat this, organizations should implement multi-layered security, monitor dark web activity proactively, and verify card validity promptly to prevent widespread exploitation. Problem…

Read More

Fast Facts Leadership Appointment: John White, former CISO of Virgin Atlantic, joins Torq as Field CISO to enhance enterprise adoption of Agentic AI in security operations. Funding Success: Torq recently secured $140 million in Series D funding, indicating robust market confidence in its vision for AI-driven security operations. Industry Experience: With over 20 years in cybersecurity across multiple sectors, White has firsthand experience in transforming security operations, including significant improvements at Virgin Atlantic using the Torq AI SOC Platform. Strategic Focus: In his new role, White will engage directly with CISOs, bridging the gap between advanced technical capabilities and executive-level…

Read More

Quick Takeaways New Malware Threat: Researchers have identified “Keenadu,” a malware embedded in the firmware of various Android devices, allowing attackers unrestricted remote access to all apps. Supply Chain Compromise: The malware originated from a supply chain attack where malicious code was integrated during firmware development, affecting multiple small device manufacturers. Ad Fraud Operations: Currently, Keenadu enables ad fraud by simulating clicks on advertisements, but it can also take full control of compromised devices, posing significant security risks. Connections to Major Botnets: Keenadu is linked to other major Android botnets (BADBOX, Triada, Vo1d), indicating a coordinated effort among various malware…

Read More