Author: Staff Writer

Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Quick Takeaways Since 2023, PeckBirdy has emerged as a sophisticated malware framework used by Chinese-aligned hacking groups, targeting the gambling and government sectors across Asia with multi-vector campaigns. The malware infiltrates through compromised websites by injecting malicious scripts that silently activate and deceive victims into downloading fake Chrome updates, granting attackers full control. Built using outdated scripting languages like JScript, PeckBirdy is designed for broad compatibility and evasion, creating persistent, encrypted communication channels with command servers and deploying secondary backdoors like HOLODONUT and MKDOOR. These capabilities allow the malware to steal data, execute commands, and establish remote access, emphasizing the…

Read More

Fast Facts Increasing Threat Perception: 76% of CISOs anticipate a cyberattack within the next year, emphasizing the urgent need for improved preparedness, as 58% feel their organizations are unready to respond effectively. Training & Empowerment Gaps: CISOs struggle with understaffed and overwhelmed teams, often lacking the training to prioritize and act on security threats, which hinders rapid decision-making and response. AI Adoption Challenges: While organizations embrace AI, most CISOs lag in securing AI systems, managing risks, and integrating AI into security operations, leading to shadow AI and unmanaged risks. Talent and Skills Shortages: A significant barrier remains the shortage of…

Read More

Quick Takeaways Microsoft issued urgent security updates on January 26, 2026, to patch CVE-2026-21509, a widely exploited zero-day vulnerability in Microsoft Office that allows bypassing security protections through malicious files. The vulnerability has a CVSS score of 7.8, enabling attackers with low complexity, no privileges, and user interaction to bypass Office protections and impact confidentiality, integrity, and availability. Exploitation mainly involves phishing or social engineering tactics to trick users into opening malicious Office files, with active detection confirmed by Microsoft Threat Intelligence Center. Affected products include multiple Office editions, and organizations are advised to update immediately, enable auto-updates, and deploy…

Read More

Essential Insights Funding Boost: Claroty has raised $150 million in Series F funding, led by Golub Growth, to support global expansion and enhance its cyber-physical systems (CPS) protection platform. Rising Threats: As cyber attacks increasingly target critical infrastructure, organizations face challenges in safeguarding CPS, including unclear ownership and insufficient resources. Holistic Approach: CEO Yaniv Vardi emphasizes the need for a comprehensive CPS protection program, integrating technology, teams, and processes to mitigate risks and ensure operational integrity. Partnership Goals: Golub Growth aims to accelerate Claroty’s growth, enhancing its solutions to meet the evolving needs of the CPS protection market. Investment Boosts…

Read More

Summary Points Cybercriminal groups, notably associated with ShinyHunters, are actively using voice-phishing kits to compromise single sign-on (SSO) credentials, leading to data theft and extortion. They register fake domains mimicking legitimate SSO portals, deploying real-time voice vishing techniques to trick victims into divulging passwords and MFA codes. The attacks leverage user-friendly phishing kits, making it easier for less technically skilled criminals to execute sophisticated impersonation campaigns targeting companies across industries. While the exact scope is uncertain, victims include companies like SoundCloud and Betterment, with ongoing investigations into the campaign’s full impact and attribution. Key Challenge Threat hunters and researchers are…

Read More

Top Highlights ShinyHunters Claims Responsibility: The cybercrime group ShinyHunters has taken credit for multiple attacks linked to a voice phishing campaign targeting Google, Microsoft, and Okta environments. Custom Phishing Kits: These attacks utilize sophisticated phishing kits capable of intercepting user credentials and bypassing multifactor authentication. Increased Target Scope: Initially reported to involve three companies, the claims have expanded to include five, with ongoing verification efforts by cybersecurity researchers. Ongoing Threat Monitoring: Researchers are tracking around 150 newly created domains associated with the phishing schemes, reflecting a growing trend in targeted social engineering attacks. Rise of Voice Phishing Attacks Cybercrime grows…

Read More

Quick Takeaways The study analyzes 23,736 ransom notes from over 60,000 compromised database servers, revealing that database ransomware attacks are increasing, with 6,000 new infections in March 2024—a 60% rise year-over-year. Weak authentication, especially on Elasticsearch servers, is a major vulnerability, occurring 100 times more frequently than on MySQL servers, due to slow updates of security features. Researchers identified 91 campaigns managed by 32 groups using ransom note similarity and blockchain data; a dominant nation-state-linked group caused 76% of infections and 90% of ransom revenue. Database ransomware attacks are highly rapid, with honeypots getting infected within 14 hours of connecting…

Read More

Essential Insights Cyberattack on Poland’s Power Grid: A destructive cyberattack attributed to Russia’s Sandworm APT group targeted Poland’s energy grid in late December, deemed one of the strongest assaults in years. Attack Details and Impact: The attack, labeled a “wiper attack,” focused on multiple energy facilities; however, it ultimately failed, with no blackouts or significant consequences reported. Significant Historical Context: Occurring on the 10th anniversary of Russia’s BlackEnergy attack on Ukraine’s power grid, this incident highlights ongoing cyberhostility in the region related to geopolitical tensions. Sandworm’s Notorious Reputation: With a history of disruptive malware and frequent attacks against Ukraine and…

Read More

Top Highlights A cyberattack on Poland’s electricity grid on Dec. 29-30 was executed by Sandworm, linked to Russian military intelligence, nearly causing widespread power outages. The attack employed Dynowiper malware, designed to delete data on targeted computers, highlighting destructive cyber capabilities. Sandworm has a history of targeting Ukrainian power grids since 2014, signifying a persistent threat in cyber warfare with US DOJ indictments against its members. In 2022, Sandworm attempted to disrupt Ukrainian industrial control systems with new malware, but was thwarted, raising global awareness of cyber risks. What’s the Problem? On December 29 and 30, the Polish electricity grid…

Read More

Essential Insights In today’s digital era, a top-tier VPN is essential for safeguarding online privacy, encrypting traffic, and masking your IP address to prevent cyber threats and government surveillance. The leading VPNs of 2026—Proton VPN, X-VPN, NordVPN, Surfshark, and ExpressVPN—offer strong security, extensive server coverage, user-friendly interfaces, and support for multiple devices at varying price points. Notable features include advanced encryption (AES-256), no-logs policies, innovative capabilities like multi tunneling and obfuscation, and future-proof protections such as post-quantum encryption. When choosing a VPN, prioritize security, reliability, unblocking capabilities for streaming, and device compatibility, utilizing independent audits and real-world testing to ensure…

Read More