Author: Staff Writer

Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Summary Points Nike was targeted by the ransomware group WorldLeaks, which claimed to exfiltrate potentially several terabytes of data, including sensitive internal, employee, and customer information. The breach was detected on January 22, 2026, with WorldLeaks threatening to release the stolen data on January 25, 2026, and the group has a history of targeting high-profile organizations using data extortion tactics. The attack involved methods such as phishing, credential theft, and lateral movement within networks, reflecting a pattern of sophisticated, stealthy intrusions into high-value, poorly protected organizations. Experts advise organizations to enforce multi-factor authentication, network segmentation, and enhanced monitoring to prevent…

Read More

Essential Insights AI Adoption and Security Risks: Companies are actively adopting AI, creating a complex attack surface that traditional security tools struggle to manage, especially regarding Cloud and SaaS security. Need for Advanced AI Security Posture Management (AI-SPM): Basic AI-SPM solutions lack comprehensive visibility and fail to address the intricate ecosystem of AI models, datasets, and dependencies, highlighting the demand for robust alternatives. Supply Chain and Model Vulnerabilities: The AI supply chain is prone to critical risks, including lack of model provenance and vulnerable dependencies, necessitating improved security measures to mitigate these threats. Zero Trust and Compliance in AI: Adopting…

Read More

Essential Insights Cyber Centaurs discovered that the INC ransomware group used Restic backup software to exfiltrate stolen data to cloud storage, which helped recover encrypted data from 12 US companies. The researchers exploited a security lapse by analyzing artifacts left by Restic, allowing them to identify and access the gang’s cloud storage infrastructure without causing disruption. Key lessons include thoroughly auditing backups, monitoring encrypted data exfiltration, and promptly applying patches to backup software to prevent exploitation. The case highlights that ransomware groups reuse infrastructure across multiple victims, emphasizing the importance of operational pattern analysis to disrupt their activities at scale.…

Read More

Quick Takeaways Workcred’s Accreditation Model: A new accreditation model for cybersecurity clinics evaluates learner competencies and clinic effectiveness, aiming to bridge the cybersecurity skills gap and support workforce readiness. Critical Talent Shortage: A 2024 ISC2 report highlights a severe mismatch in the cybersecurity workforce amid rising demand, with a resulting $1.76 million increase in average breach costs attributed to the skills gap. Community Clinics’ Role: Community cybersecurity clinics provide hands-on experience for aspiring professionals, yet lack consistent standards until now, risking their ability to deliver workforce-ready talent. Engagement and Collaboration: Successful implementation of the accreditation model relies on strong collaboration…

Read More

Quick Takeaways A Russian national, Ianis Antropenko, pleaded guilty to leading a ransomware conspiracy that victimized at least 50 targets over four years, causing at least $1.5 million in losses. Despite being heavily involved in cyber crimes, he was granted bail immediately after arrest and violated pretrial conditions multiple times, demonstrating unusual leniency. Antropenko’s activities, conducted mainly from Florida and California, were linked via accounts on Proton Mail, PayPal, Binance, and Apple, with evidence suggesting he laundered funds with his ex-wife, Valeriia Bednarchik. Authorities seized over $2.8 million in cryptocurrency, cash, and luxury vehicles from him, while he faces up…

Read More

Quick Takeaways A threat actor has gained unauthorized access to Fortinet firewalls via SSO logins, prompting concerns that the patch for a previous authentication vulnerability (CVE-2025-59718) may not be fully effective. This attack, observed starting January 15, involved creating generic accounts with VPN access and rapidly exfiltrating firewall configurations, indicating a potentially automated process. Users have reported compromises of patched devices, raising suspicions that the mitigation measures for the known vulnerabilities may be inadequate or incomplete. Arctic Wolf Labs recommends temporarily disabling FortiCloud SSO login features to bolster security and urges impacted administrators to reset compromised credentials immediately. Fortinet Firewalls…

Read More

Quick Takeaways A new ransomware family called Osiris targeted a Southeast Asian food company in November 2025, utilizing advanced tactics and a diverse toolkit to infiltrate networks. The attack involved sophisticated techniques such as bringing-your-own-vulnerable-driver (BYOVD) methods with a custom driver called Poortry to disable security defenses at kernel level. Osiris employed a hybrid encryption approach (ECC and AES-128-CTR) and employed tactics like data exfiltration via Rclone, while deleting backups and volume snapshots to hinder recovery. The operation demonstrated a high level of sophistication, combining legitimate utilities with custom malware, indicating an experienced threat group leveraging dual-use tools and complex…

Read More

Summary Points Mass Repatriation: South Korea is set to repatriate 73 citizens from Cambodia, marking the largest group return of Korean criminal suspects linked to online scams. Significant Financial Fraud: The suspects allegedly defrauded fellow Koreans of 48.6 billion won ($33 million) through various scam operations, including deepfake romance schemes. Public Outcry: Concerns have intensified in South Korea following a student’s death linked to forced labor in scam operations, prompting government action and investigations. Cybercrime Surge: The article highlights a rise in cybercrime across Southeast Asia, with global scam losses estimated between $18 billion and $37 billion in 2023. [gptA…

Read More

Fast Facts U.S. authorities identified “r1z” as a prolific initial access broker who sold stolen VPN credentials, remote access, and custom tools, enabling widespread cyber intrusions and feeding ransomware operations globally. His activity involved perks like remote code execution rights, which attracted ransomware groups seeking quick, reliable entry points into corporate networks across the U.S., Europe, and Latin America. Law enforcement infiltrated his operations through an undercover FBI agent, linking him to significant ransomware attacks and eventually tying him to Jordanian national Feras Albashiti, who pleaded guilty. His repeated OPSEC failures—such as reusing usernames, emails, and profiles across platforms—created a…

Read More

Essential Insights The U.S. CISA has issued an urgent alert about active exploitation of a zero-day RCE vulnerability (CVE-2026-20045) in multiple Cisco Unified Communications products, allowing attackers to gain root access via code injection. The flaw results from improper input validation, enabling remote attackers to inject malicious code without authentication, with confirmed active exploitation in the wild. Affected products include Cisco Unified CM, Unity Connection, and Webex Calling, especially critical as these often have internet-facing management interfaces; immediate patching is mandated with no existing workaround. Cisco recommends upgrading to specific patched versions (e.g., Unified CM 14SU2.7+), and CISA advises organizations…

Read More