- Home
- Cybercrime and Ransomware
- Emerging Tech
- Threat Intelligence
- Expert Insights
- Careers and Learning
- Compliance
Subscribe to Updates
Subscribe to our newsletter and never miss our latest news
Subscribe my Newsletter for New Posts & tips Let's stay updated!
Author: Staff Writer
John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.
Essential Insights In 2025, China launched an average of 2.63 million daily cyber intrusion attempts against Taiwan’s critical infrastructure, a 113% increase since 2023, with the energy and emergency sectors most affected. Beijing’s cyber tactics include exploiting hardware/software vulnerabilities, DDoS attacks, social engineering, and supply chain intrusions, with over half of targeted vulnerabilities stemming from exploited ICT equipment. Major Chinese hacker groups such as BlackTech, Mustang Panda, and APT41 targeted sectors including energy, healthcare, communications, government, and technology, employing malware, ransomware, and supply chain compromises. China’s cyber activities are coordinated with political and military actions, notably peaking during Taiwan’s major…
Scattered Lapsus$ Resurfaces: New Access Model Threatens Industrial and Critical Infrastructure
Fast Facts Cyfirma reports the resurgence of the Scattered Lapsus$ group, now operating with a more structured and larger-scale approach, recruiting insiders, access brokers, and expanding their capabilities. The group is targeting high-revenue enterprises ($500M+), especially in telecommunications, software, gaming, and cloud sectors across the US, Australia, the UK, Canada, and France, focusing on infrastructure credentials and privileged access. They are openly advertising insider recruitment, initial access sales, and commission-based payouts, signaling an emphasis on identity and credential abuse for post-authentication exploitation. The reorganization includes efforts to develop a joint RaaS platform and a diversified ecosystem of specialized sub-groups, heightening…
Quick Takeaways Endpoint management is vital for securing and optimizing devices in hybrid and remote work environments, with increasing demand projected for 2026. The top tools include features like cross-platform support, cloud deployment, patch management, remote control, AI-driven automation, and integration with security systems, tailored for diverse organizational needs. Leading solutions such as NinjaOne, Microsoft Intune, ManageEngine Endpoint Central, and Ivanti Neurons, emphasize automation, scalability, and seamless integration within enterprise IT ecosystems. These tools are suited for various platforms—Windows, macOS, Linux, iOS, Android—and support specific deployment scenarios like mobile device management, Apple device management, and comprehensive security, ensuring organizations can…
Stealthy Tuoni C2 Malware Strikes Major U.S. Real Estate Firm Using AI-Enhanced Tactics
Essential Insights Cybercriminals now use stealthy, memory-only malware like Tuoni, avoiding detection by not touching the disk and evading signature-based and behavioral security tools. The attack leveraged advanced techniques such as steganography—hiding malicious code inside innocent-looking images—and AI-generated code to dynamically mask operations. This sophisticated approach allows long-term, covert data theft and system access, setting the stage for future ransomware deployment without triggering traditional security alerts. The shift to covert, evasive tactics highlights the need for prevention-focused, behavior-based security solutions capable of detecting memory-only and steganography-based threats. Underlying Problem Recently, cybercriminals have changed their invasion methods significantly. Instead of quick,…
Quick Takeaways The Scattered Lapsus$ Hunters group has resumed activity after a silence, rebuilding its operations and launching an aggressive recruitment drive for insiders and initial access brokers, targeting high-revenue organizations. They are now promoting a new Ransomware-as-a-Service platform called ShinySp1d3r, involving collaborations with groups like ShinyHunters, Lapsus$, and Scattered Spider, shifting from social engineering to privileged access acquisition. Their recruitment emphasizes targeting organizations with over $500 million in revenue (excluding certain sectors and countries), offering tiered commissions up to 25% for access to critical systems. The group is actively engaging in underground forums, sharing leaked data and using sophisticated…
Quick Takeaways Incident Overview: A significant radio communications failure grounded, delayed, and diverted flights across Greece for several hours, but the government ruled out a cyberattack as the cause. Main Cause Identified: Noise across all air traffic communication channels, including backup systems, triggered the shutdown, affecting approximately 120 flights at major airports in Athens and Thessaloniki. Response and Support: Eurocontrol assisted in redirecting flights during the outage, which caused a backlog and stranded thousands of passengers. Investigation Initiatives: A judicial inquiry and an internal investigation have been initiated, with a new investigative committee formed to evaluate the situation and emphasize…
Top Highlights Launch of Cyber Risk Tools: WhiteHawk CEC Inc. and Carahsoft Technology Corp. introduced WhiteHawk’s Cyber Risk Program, including Cyber Risk Radar and Cyber Analyst PaaS, aimed at enhancing cybersecurity for the Public Sector. Tailored Cyber Analyst PaaS: The program offers a comprehensive, experiential learning platform for clients of all sizes, focusing on cyber risk management across various sectors and providing significant internship opportunities. Key Benefits for Public Sector: Participants will access unlimited resources, standardized training aligned with workforce frameworks, real-time data feeds, and a scalable environment for research and analytics. Strategic Partnership Impact: This collaboration aims to empower…
Fast Facts RondoDox Botnet Threat: The RondoDox botnet has exploited the critical React2Shell vulnerability (CVE-2025-55182) for nine months, targeting IoT devices and web applications, with over 84,000 instances still vulnerable. Trust Wallet Hack: A supply chain attack involving Trust Wallet’s Chrome extension led to a theft of approximately $8.5 million, facilitated by compromised GitHub secrets and domain manipulation. Rise of DarkSpectre: A newly identified Chinese group, DarkSpectre, has compromised over 8.8 million users through widespread browser extension malware attacks, utilizing stealthy techniques for malware delivery. Cybersecurity Landscape: Ongoing threats like callback phishing via Microsoft Teams and the evolution of ransomware…
Fast Facts Prevalence of Attacks: 99% of organizations reported experiencing at least one attack on their AI systems in the past year, highlighting widespread vulnerabilities. Cloud Infrastructure Concerns: The security of cloud infrastructure is a primary concern, as many AI workloads run in the cloud and are susceptible to attacks. Identity Management as a Priority: Companies should prioritize identity management and streamline incident response to enhance the security of their AI systems, as overly lenient practices are a significant challenge. Integration of Security Operations: Merging cloud security activities into security operations centers (SOCs) is crucial for safeguarding AI and cloud…
2025 Progress and Goal: Arctic Wolf has strengthened security operations and expanded its global presence while maintaining trust with over 10,000 customers and 3,500 team members, setting a robust foundation for future growth in 2026. Aurora™ Platform Enhancements: The launch of Aurora Endpoint Security and the acquisition of UpSight Security enhance integrated endpoint protection, enabling faster detection and response to threats. Operational Efficiency and Global Expansion: Arctic Wolf improved accessibility to security data and launched operations in Japan and Singapore, reinforcing its commitment to outcome-driven security worldwide. Innovative Future Vision: Leveraging AI and extensive real-world experience, Arctic Wolf aims to…