- Home
- Cybercrime and Ransomware
- Emerging Tech
- Threat Intelligence
- Expert Insights
- Careers and Learning
- Compliance
Subscribe to Updates
Subscribe to our newsletter and never miss our latest news
Subscribe my Newsletter for New Posts & tips Let's stay updated!
Author: Staff Writer
John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.
Essential Insights Former cybersecurity professionals Ryan Clifford Goldberg and Kevin Tyler Martin, employed at Sygnia and DigitalMint, respectively, pleaded guilty to participating in ransomware attacks using ALPHV/BlackCat in 2023, causing over $9.5 million in losses. They collaborated with an unnamed co-conspirator to target organizations across various sectors, including healthcare and manufacturing, and received a nearly $1.3 million ransom from a medical company. The pair admitted to conspiracy to interfere with interstate commerce by extortion, facing potential sentences reduced to 20 years with cooperation and full disclosures, and are ordered to forfeit $342,000. Their crimes involved abusing their positions and skills…
Summary Points New AI Guidance: NIST has introduced a draft Cybersecurity Framework Profile for AI, aimed at helping organizations manage AI-related cybersecurity challenges effectively. Three Key Focus Areas: The profile emphasizes “secure,” “defend,” and “thwart” strategies to address AI’s varied impacts on organizational cybersecurity. Community Involvement: Developed with input from over 6,500 contributors, NIST seeks public comments on the draft until January 30, and will hold a workshop on January 14. Ongoing Commitment: This profile builds on previous NIST publications, reflecting a continuous effort to provide frameworks for balancing the benefits and risks associated with AI in cybersecurity. Enhancing AI…
Summary Points SecNumCloud Qualification: S3NS, a Thales and Google Cloud partnership, received the SecNumCloud 3.2 qualification, meeting top-tier security standards in France and Europe, ensuring immunity from non-European laws. Innovative Cloud Services: PREMI3NS offers a comprehensive portfolio of IaaS and PaaS services, allowing businesses to manage sensitive applications securely using advanced Google Cloud technologies. Market Opportunity: The collaboration between Thales and Google Cloud opens new market opportunities for French and European public and private organizations, with Thales already utilizing PREMI3NS for its sensitive IT needs. Future Expansion: S3NS plans to further enhance its offerings with the integration of generative AI…
Top Highlights Cybersecurity Risks: Senate Intelligence Committee Chair Tom Cotton warns that U.S. dependence on open-source software (OSS) poses significant cybersecurity risks, especially due to unstable foundations within the OSS ecosystem. Malicious Code Infiltration: State-sponsored developers are exploiting open-source platforms, inserting harmful code amid an assumed environment of benevolence from contributors, raising alarm over security vulnerabilities. Request for Action: Cotton urges the National Cyber Director to enhance federal government capabilities for monitoring OSS, focusing on tracking contributions from developers in adversary nations. Government Commitment: Uncertainty surrounds the Biden-era investment of $11 million in OSS security, with Congressional leaders expressing concern…
Top Highlights Critical Vulnerability: Cisco’s email security appliances are being exploited via a zero-day vulnerability (CVE-2025-20393) linked to the Chinese APT group UAT-9686, rated critical with a severity of 10/10, and it remains unpatched. Exploit and Malware Deployment: The UAT-9686 group has been using this vulnerability since late November to execute commands and install various malware, including a Python backdoor named AquaShell. Brute Force Attacks: Concurrently, a large-scale automated attack targeted both Palo Alto and Cisco VPNs, resulting in over 1.7 million authentication events, primarily against U.S. and Mexican organizations. Recommendations for Organizations: Security experts advise regular audits of edge…
Quick Takeaways Three major ransomware groups—DragonForce, Qilin, and LockBit—formed an alliance in September 2025 to counter increased law enforcement pressure and fragmentation in the ransomware ecosystem. Ransomware attacks rose by 61% in 2025, but the share of attacks by top groups declined from 54.8% in 2024 to 53.1%, indicating diversification across more groups. Victims are increasingly refusing to pay ransoms, with median payments dropping 65% in Q3 2025, forcing ransomware groups to adapt their operational strategies. While Qilin is highly active and growing post-alliance, LockBit’s inactivity suggests the coalition may be more symbolic, with some groups seeking reputation preservation rather…
Top Highlights Cybersecurity teams have shifted from AI skepticism to avid AI adoption, with over 90% actively testing or planning to use AI for threat detection and response, signaling a transformative role in security operations. Traditional data security principles remain vital but need significant updates to address AI-specific vulnerabilities like prompt injection, model inversion, and multi-modal data leakage, requiring new controls and standards. Responsible AI practices are expected to become mainstream by 2026, with organizations recognizing their business value, integrating governance early, and leveraging automation and independent assessments to manage risks effectively. Ransomware activity has surged dramatically between 2022-2024, with…
Fast Facts Emerging Cyber Threat: A new Chinese-backed APT group, dubbed LongNosedGoblin, is targeting governments in Japan and Southeast Asia since 2023, primarily through cyber-espionage activities. Innovative Malware Techniques: The group uses custom C#/.NET applications for operations, notably exploiting Group Policy in Active Directory for malware deployment and lateral movement within networks. Sophisticated Tooling: LongNosedGoblin employs unique malware, including NosyHistorian for reconnaissance and NosyDoor for backdoor access via cloud services like Microsoft OneDrive. Distinct Identity: Though sharing characteristics with past APT groups, LongNosedGoblin displays unique tactics and tools, specifically the novel abuse of Group Policy for malicious purposes. LongNosedGoblin’s Cyber-Espionage…
Top Highlights Major Arrests: Nigerian authorities apprehended three high-profile internet fraud suspects linked to phishing attacks, including Okitipi Samuel, the developer behind the RaccoonO365 phishing-as-a-service scheme. Phishing Operations: RaccoonO365, tracked as Storm-2246 by Microsoft, has been responsible for credential harvesting through fake Microsoft 365 login pages, resulting in the theft of over 5,000 credentials from 94 countries. Collaborative Investigation: The arrests stemmed from an investigation involving Microsoft and the FBI, which led to the seizure of digital devices and 338 domains associated with RaccoonO365. Wider Cybercrime Impact: The phishing activities have caused significant issues globally, including business email compromises and…
Top Highlights Generative AI Adoption: 84% of midmarket organizations leverage generative AI to enhance productivity and innovation, particularly in customer service and software development, while also facing significant cybersecurity threats. Cybercrime Bots: AI and machine learning have dramatically lowered the barriers for cybercriminals, enabling them to launch sophisticated attacks and generate millions of malware variants easily. AI in Network Security: Next-generation firewalls (NGFWs) use AI to provide real-time threat detection and mitigation, adapting continuously to evolving threats and stopping zero-day attacks. Easier Management: AI integration in security management tools simplifies operations for smaller teams, allowing them to implement and maintain…