Author: Staff Writer

Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Summary Points Over 430,000 FortiGate firewalls globally have been silently compromised in a large-scale credential-harvesting campaign called “FortiBleed,” which has stolen over 110 million credentials since February 2026. The attackers exploited FortiGate’s native diagnostic command “diagnose sniffer packet” via a custom Golang tool, weaponizing legitimate functionality to intercept real-time network traffic and credentials without detection. The operation involves sophisticated automation, including an AI-powered autonomous penetration testing agent, and exploits a five-phase attack chain: reconnaissance, initial access, traffic harvesting, credential cracking, and data exfiltration. Victims are mostly mid-sized organizations and a mix of global regions, with critical recommendations for defenders to…

Read More

Top Highlights The widespread adoption of AI in enterprises necessitates specialized security solutions like AI Security Posture Management (AI-SPM) to safeguard AI models, data, pipelines, and applications from evolving threats. AI-SPM tools, integrated into broader security platforms or offered as standalone solutions, focus on monitoring, assessing, and protecting AI systems across different cloud providers, emphasizing continuous vulnerability scanning and AI-specific policies. Leading vendors, including Palo Alto Networks, Microsoft, and CrowdStrike, offer diverse AI-SPM products with features such as model scanning, data classification, and AI red teaming, often integrating with existing security ecosystems for comprehensive coverage. AI-SPM pricing is highly variable,…

Read More

Quick Takeaways Threat actors are actively exploiting a critical flaw (CVE-2026-20230) in Cisco Unified Communications Manager, enabling unauthenticated SSRF attacks to write files and potentially escalate to root access. Exploitation requires the WebDialer service to be enabled; attackers craft HTTP requests with file:// payloads to compromise affected systems. Immediate mitigation includes disabling WebDialer if not needed and applying patches in versions 14SU6 and 15SU5 to prevent arbitrary file writes and remote code execution. Threat, Attack Techniques, and Targets Threat actors are actively exploiting a critical security flaw in Cisco Unified Communications Manager (Unified CM) and its Session Management Edition (Unified…

Read More

Essential Insights Malicious actors can disguise process names by tampering with Linux and Windows process structures, evading detection through common process listings. Attackers exploit process name masquerading, such as modifying /proc//comm or the Windows PEB, to hide malicious activity from security tools. While tools like eBPF-based Kunai can reveal real command lines, manipulated process names still pose a threat by concealing malware from surface-level monitoring. Threats, Attack Techniques, and Targets Malicious actors use process name masquerading to hide their malware on Linux systems. They replace or modify process names so they do not look suspicious to security analysts. This technique…

Read More

Quick Takeaways CISA has added multiple critical vulnerabilities in Ubiquiti UniFi OS to its KEV catalog, with at least one actively exploited in the wild. The most severe flaw (CVE-2026-34908) allows unauthorized system modifications via improper access control, potentially enabling network manipulation. Two additional flaws (CVE-2026-34909 and CVE-2026-34910) could be chained to deepen compromise, allowing file manipulation and command injection. Organizations must prioritize patching critical flaws by June 26, 2026, adhere to vendor guidance, and consider discontinuing cloud deployments if patches aren’t available; failure to do so risks significant network breaches. Underlying Problem The U.S. Cybersecurity and Infrastructure Security Agency…

Read More

Essential Insights Abdellah Belmili operated online marketplaces selling phishing kits and hacking tools exclusively in Bitcoin, facilitating large-scale financial fraud. He exploited stolen identities and embedded personal info in phishing kit code to harvest data from major financial institutions, impacting around 5,600 victims globally. Approximately $900,000 was processed through his illicit activities over three years, with evidence of backdoors in kits for ongoing data theft. Threat, Attack Techniques, and Targets An Algerian man named Abdellah Belmili, also known as “SPOX,” faces serious charges related to cybercrime. He is accused of operating two online marketplaces, market0day.com and spoxy.us. These sites sold…

Read More

Summary Points A new weakness called "Cordyceps" exploits CI/CD workflows via malicious pull requests, threatening software supply chains globally. Attackers can leverage this flaw to execute malicious code, steal credentials, and compromise repositories, as seen in targeted incidents with Microsoft and Google. Many repositories remain vulnerable due to weak CI/CD configurations that grant excessive access during pull requests, often undetected by existing scanners. Security leaders should treat CI/CD workflows as critical code assets, thoroughly vet untrusted inputs, and tighten permissions to mitigate this emerging threat. Malicious Pull Requests Pose a Serious Threat to Software Security Recently, a new vulnerability called…

Read More

Essential Insights Bajaj Auto, India’s leading two-wheeler manufacturer, was hit by a ransomware attack on June 23, 2026, affecting its IT and subsidiary systems. Immediate containment efforts by internal and external cybersecurity experts successfully mitigated the attack’s impact, though full extent and data compromise remain undisclosed. The company promptly notified Indian cybersecurity authorities and complied with regulations, emphasizing transparency and good governance. The incident highlights rising ransomware threats to India’s manufacturing sector, underscoring the urgent need for strengthened cyber resilience. Underlying Problem On June 23, 2026, Bajaj Auto, India’s leading two-wheeler manufacturer, reported a significant cybersecurity breach caused by a…

Read More

Top Highlights The investigation revealed two separate threat actors operating simultaneously within a compromised environment, complicating detection and attribution efforts. Attackers used legitimate tools such as Velociraptor, Cloudflare tunnels, Zoho Assist, and VS Code SSH to covertly maintain persistent access and evade security measures. The campaign targeted on-premises SharePoint servers, exploiting known vulnerabilities and deploying tools for privilege escalation, long-term control, and stealthy network movement. Microsoft’s response highlighted the importance of patching vulnerabilities, strengthening identity security, monitoring remote access tools, and maintaining robust incident response plans to defend against multi-actor intrusions. Key Challenge A routine ransomware investigation unexpectedly revealed a…

Read More

Essential Insights Abdellah Belmili, an Algerian man known online as “SPOX,” was extradited from Spain and charged with operating two illicit cybercrime marketplaces that defrauded thousands and processed about $900,000 in cryptocurrency. He created and managed marketplaces, market0day.com and spoxy.us, selling hacking tools, stolen credentials, and phishing kits mainly via Bitcoin, targeting major U.S. financial institutions. FBI investigations linked Belmili to multiple criminal activities, including creating backdoors in phishing kits, harvesting victim data from over 5,600 individuals, and using personal info to mask his operations. He faces a conspiracy to commit bank fraud charge with a potential 30-year sentence, and…

Read More