- Home
- Cybercrime and Ransomware
- Emerging Tech
- Threat Intelligence
- Expert Insights
- Careers and Learning
- Compliance
Subscribe to Updates
Subscribe to our newsletter and never miss our latest news
Subscribe my Newsletter for New Posts & tips Let's stay updated!
Author: Staff Writer
John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.
DragonForce Ransomware: From Cyber Crime to Cartel-Style Domination of 363 Companies Since 2023
Fast Facts DragonForce has established itself as a powerful and evolving Ransomware-as-a-Service (RaaS) cartel since December 2023, actively targeting over 363 companies and increasing attack frequency. The group leverages dark web forums and offers specialized tools like “RansomBay” and harassment services, maximizing psychological and financial pressure on victims to enhance payment success. They maintain complex interactions with rival ransomware groups, engaging in both conflicts and alliances to dominate the RaaS ecosystem. Technically, their Windows binaries have been updated with structural modifications, advanced encryption features, and new configuration controls, enhancing their encryption efficiency and operational control. Underlying Problem Since its emergence…
Summary Points Odido Telecom confirmed a cyberattack on February 12, 2026, compromising personal data of 6.2 million customers, including sensitive information like names, addresses, and bank details, though passwords and ID scans were not affected. The breach involved hackers accessing Odido’s customer management system and downloading data, with the attackers alerting the company themselves; no ransomware or data surface on the dark web. Odido reported the incident to authorities, notified affected customers within 48 hours, and took immediate steps with cybersecurity experts to enhance defenses and staff awareness. The company warns that malicious actors could use the compromised data for…
Top Highlights Cydome Embedded offers remote cyber protection for offshore energy facilities by deploying AI-driven security directly onto existing routers and edge devices without physical site visits. It utilizes advanced edge computing, enabling zero-touch security on resource-constrained devices, reducing costs, and avoiding crew or vessel deployment. With global offshore wind farms expanding and rising cyber threats, Cydome’s solution enhances security across dispersed assets, addressing a critical protection gap. The platform is fully regulatory-compliant, supporting U.S. maritime cyber incident reporting laws, and is compatible with major router brands for wide adoption. Problem Explained Cydome, a cybersecurity vendor specializing in maritime and…
Quick Takeaways Researchers have identified a new class of cyberattack called “Promptware,” which exploits AI assistants through malicious calendar invites to secretly control devices and spy on users. The attack involves embedding harmful commands in calendar invites using “Indirect Prompt Injection,” which AI reads and unwittingly executes, leading to actions like streaming video via Zoom without user consent. The four-step “Promptware kill chain” includes delivering the malicious invite, AI reading and executing the hidden command, triggering a specific phrase, and then the AI carrying out the hacker’s malicious objective. This technique transforms AI from simple chatbots into malware-like tools capable…
Top Highlights The 2025 cyber landscape was characterized by accelerated threat activities, notably a 63% rise in extortion breaches driven by supply chain attacks, with DarkForums emerging as the primary English-speaking threat hub and Qilin dominating the RaaS market. While AI tools enhanced the quality of social engineering and disinformation campaigns, there was limited evidence of AI-driven malware broadly impacting operational tactics; instead, cybercriminals primarily used established malware and relied on AI for performance boosting. International law enforcement disruptions in 2025 fractured major forums like BreachForums, leading to the rise of DarkForums as a central platform, while threat groups like…
Quick Takeaways The Lazarus Group has launched the “graphalgo” campaign since May 2025, using fraudulent job offers via platforms like LinkedIn, Facebook, and Reddit to target cryptocurrency developers with fake recruiter schemes. The campaign exploits open-source repositories like GitHub, npm, and PyPI by embedding malicious dependencies into coding tests and assignments, which install malware upon execution. The malware involves multi-stage payloads, including RATs in JavaScript, Python, and Visual Basic, communicating with C2 servers using token-based authentication to steal cryptocurrency and control infected systems. This sophisticated, modular operation demonstrates advanced persistence and awareness of security measures, consistent with North Korean tactics…
Fast Facts Over 25 million individuals are impacted by the Conduent Business Services data breach, with investigations expanding its scope. In Canada, around 750,000 investors were affected by a data breach at CIRO. During the same period, 2,451 vulnerabilities related to industrial control systems were identified by 152 vendors. Healthcare networks, financial regulators, and industrial systems are collectively targeted by cyber threats, as highlighted in the latest ColorTokens Threat Advisory. Key Challenge Recently, a significant cybersecurity breach has impacted more than 25 million individuals linked to Conduent Business Services. As investigators delve deeper, they have uncovered more affected parties, suggesting…
The Ephemeral Infrastructure Paradox: Why Short-Lived Systems Require Robust Identity Governance
Fast Facts Modern infrastructure is highly dynamic and ephemeral, but identity governance remains outdated, relying on manual, static approaches that create security risks from “zombie” identities and unsecured test environments. Non-human machine identities now vastly outnumber human users, and unmonitored service accounts or API keys can become backdoors, especially in test or legacy environments, posing significant security threats. The rise of autonomous AI workloads requires robust, continuous identity management; insecure AI agents with broad permissions can automate data breaches or malicious actions at machine speed. To address these issues, organizations must shift to cryptographic, short-lived identities, automate permission cleanups, and…
Quick Takeaways Ransomware activity surged significantly in 2025, with the food and agriculture sector experiencing an 82% increase in incidents, totaling around 265 attacks, primarily driven by groups like Qilin, Akira, CL0P, Play, and Lynx. Critical manufacturing and commercial facilities sectors were the most targeted overall, but the U.S. remained the primary focus, accounting for over half of global ransomware attacks, highlighting its attractiveness to threat actors. Attack patterns are shifting towards smaller, specialized ransomware groups with shorter lifespans, increased use of DDoS tactics, and a focus on underlying infrastructure like hypervisors and managed service providers to amplify disruption. Future…
Top Highlights Cybercriminals are now exploiting legitimate employee monitoring software, such as “Net Monitor for Employees Professional” and “SimpleHelp,” to gain stealthy long-term access to networks and avoid detection. These attackers use features like screen viewing and file management to control systems remotely, enabling them to prepare for more destructive actions like deploying ransomware and stealing cryptocurrencies. They disguise malicious files with names resembling essential Microsoft services and install backup remote access tools to maintain persistence if one entry point is shut down. To defend against this threat, organizations should restrict software installation rights, enforce Multi-Factor Authentication, regularly audit for…