Author: Staff Writer

Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Summary Points The European organization has launched GCVE, a decentralized system for assigning vulnerability identifiers, aiming to address the limitations and funding issues of the traditional CVE program. GCVE allows independent authorities to allocate vulnerability numbers freely, ensuring flexibility and reducing reliance on a central body, while maintaining backward compatibility with existing CVE data. The new system reflects concerns over the sustainability of the CVE infrastructure, which faced near-collapse due to funding crises and dependency on a single source. GCVE is integrated within the EU’s cybersecurity framework, with plans for broader adoption and recognition, while U.S.-based efforts to establish alternative…

Read More

Fast Facts Ingram Micro’s July 2025 ransomware attack paralyzed its logistics and led to the leak of sensitive data affecting over 42,000 individuals. The breach compromised personal info, including names, contact details, birth dates, ID, and Social Security numbers, along with employee evaluation documents. Data theft was linked to the ransomware gang Safepay, which claimed to have stolen 3.5 terabytes of data; Safepay has been active since September 2024. The attack highlights significant vulnerabilities in global logistics firms, exposing critical personal data and disrupting operations for a week. The Core Issue In July 2025, Ingram Micro faced a severe ransomware…

Read More

Essential Insights Phishing Campaign Targeting LastPass Users: A phishing campaign launched on January 19, coinciding with a holiday weekend, is targeting LastPass customers to compromise their vaults. Sophisticated Phishing Emails: Attackers are sending emails from plausible addresses urging users to back up their vaults, leveraging improved generative AI to craft convincing messages. Risks of Credential Theft: The phishing emails redirect users to sites where they could unknowingly enter their login credentials, posing severe security risks for both individuals and businesses. Preventative Measures and Warnings: LastPass advises users to be vigilant regarding suspicious emails, emphasizing they will never ask for master…

Read More

Quick Takeaways Over 17.5 million Instagram accounts’ data, including user IDs and contact details, was leaked in a large-scale exposure, as reported by CyberPress. No official confirmation of a breach in Instagram’s core infrastructure has been provided, suggesting the leak may stem from other vulnerabilities. The incident underscores the ongoing challenge of data leaks that do not resemble traditional security breaches but still compromise user information. This highlights the importance of heightened data security measures and vigilance, even when core systems remain seemingly unaffected. Key Challenge Recently, a significant data leak was uncovered, exposing information from over 17.5 million Instagram…

Read More

Essential Insights A large-scale campaign exploits a signed Windows kernel driver, TrueSight.sys, to disable endpoint security tools like EDR and antivirus solutions secretly, facilitating undetected ransomware or malware deployment. Attackers abuse legacy driver signing rules to run pre-2015 signed drivers on Windows 11, gaining kernel-level privileges to shut down security processes without detection. The method involves staged attacks starting from phishing, leading to persistence, obfuscation, and installation of a driver that terminates nearly 200 security products, leaving systems vulnerable. This technique allows malware to execute with minimal resistance, often completing from initial breach to full control in as little as…

Read More

Summary Points Introduction of ANCHOR: The Department of Homeland Security (DHS) is set to launch a new program called ANCHOR, aimed at improving discussions between federal agencies and critical infrastructure operators about security threats, replacing the previously eliminated CIPAC framework. Enhanced Flexibility and Transparency: ANCHOR will offer a more flexible structure than CIPAC, allowing for more transparent meetings, which may include public sessions and shared information. Lack of Communication with Stakeholders: There are concerns about DHS’s coordination with infrastructure operators during ANCHOR’s development, as many stakeholders reported minimal information sharing regarding the program. Concerns Over Liability Protections: A significant issue…

Read More

Fast Facts LockBit, despite law enforcement disruptions, continues its operations, with minor visual changes to its interface and ongoing recruitment of affiliates, demonstrating resilience and adaptability. The group maintains a sophisticated infrastructure for managing attacks and negotiations across global industries, reflecting its organized ransomware-as-a-service model. LockBit 5.0 introduces expanded, multi-platform variants targeting Windows, Linux, and virtual infrastructure, signifying a strategic shift toward enterprise and cloud environments. Leaked materials reveal detailed insights into LockBit’s internal management, affiliate program, and new encryption variants, aiding security efforts to detect and prevent its evolving threats. The Issue Despite facing significant law enforcement efforts, LockBit,…

Read More

Essential Insights European law enforcement is actively pursuing Black Basta ransomware group members, nearly a year after leaks of internal chat logs exposed its operations. Oleg Evgenievich Nefedov, identified as Black Basta’s leader and a former Conti member, is wanted by Europol and Interpol; his current location is unknown, but he is likely in Russia. Raids in Ukraine and Germany led to the seizure of data and cryptocurrencies and the detention of suspected co-conspirators, who specialized in credential theft and malware deployment. Law enforcement continues a comprehensive, multi-layered approach—targeting operators, infrastructure, and associated cybercrime networks—despite the group’s dormancy and ongoing…

Read More

Summary Points Phishing Warning: LastPass has issued a warning about a phishing campaign falsely claiming the company is conducting maintenance and urging users to back up their vaults within 24 hours. Social Engineering Tactics: The campaign exploits a false sense of urgency, a common strategy in phishing attacks, and emphasizes that LastPass will never request master passwords or impose tight deadlines. Holiday Targeting: The phishing attempts commenced on Martin Luther King Jr. Day, targeting users during a time when many businesses were closed, likely to exploit delayed security responses. Response and Security Measures: LastPass is collaborating with third-party partners to…

Read More

Fast Facts A ransomware attack on Luxshare, a key Apple supplier responsible for 30% of iPhone production and Vision Pro assembly, has exposed sensitive operational documents, including production workflows and security protocols. The breach reveals critical vulnerabilities in Apple’s supply chain, potentially enabling competitors or threat actors to exploit manufacturing weaknesses and security gaps. Security experts suspect an advanced threat actor behind the attack, which follows common ransomware tactics of data theft and encryption to pressure for ransom payment. The incident raises concerns over vendor security standards, regulatory compliance, and the need for Apple to review supply chain security and…

Read More