- Home
- Cybercrime and Ransomware
- Emerging Tech
- Threat Intelligence
- Expert Insights
- Careers and Learning
- Compliance
Subscribe to Updates
Subscribe to our newsletter and never miss our latest news
Subscribe my Newsletter for New Posts & tips Let's stay updated!
Author: Staff Writer
John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.
Charming Kitten Leak Unveils Key Players, Fronts, and Thousands of Compromised Systems
Quick Takeaways Leaked internal files reveal Iran’s IRGC-backed group Charming Kitten/Apt35 orchestrates extensive cyber-espionage operations across five continents, targeting government, university, and telecom sectors. Key personnel, front companies, and payment flows are now identified, linking operators directly to specific hacking activities, with malware delivery primarily via spear-phishing and malicious documents. Compromised systems include VPN gateways, email servers, and command-control nodes within targeted organizations, facilitating data exfiltration and remote device control. The operation’s infrastructure is supported by a complex financial system, with salaries and payments routed through seemingly legitimate IT and cloud service providers, exposing a converged system of money, management,…
Essential Insights Increased Threats: Utility-scale battery energy storage systems (BESS) face rising risks from nation-state and criminal groups, necessitating urgent security measures to protect critical industries. Growing Dependency: BESS deployments are projected to surge by 20-45% in the next five years, driven by demand for renewables like solar and wind, making them attractive targets for cyberattacks. Economic Impact of Outages: A single outage in a 100 MW system can cost up to $1.2 million, while larger incidents could impact hundreds of thousands of customers, leading to losses of up to $39 million. Active Threat Groups: Dragos identifies 18 threat actors…
Top Highlights Microsoft will roll out the “External Domains Anomalies Report” in February 2026 to help IT admins identify and manage risks in cross-organizational communications within Teams. The tool uses behavioral analysis to detect unusual patterns, such as spikes in messaging or interactions with new domains, flagging potential security threats like data leaks or attacks. It targets cloud instances globally and will enable proactive investigation and intervention, shifting security from reactive to preventive measures. The feature emphasizes balancing collaboration with security by allowing administrators to refine access policies and monitor suspicious external activity, protecting data in a heavily connected workplace.…
Manufacturing Hit Hard as Zero-Day Exploits and Illicit Access Sales Reshape Threat Landscape
Quick Takeaways The 2025 Cyble report highlights widespread cyber threats, with manufacturing and construction sectors being the most targeted by ransomware and zero-day exploit campaigns, notably by groups like Akira and CL0P. Attackers exploited critical vulnerabilities in major vendors like Microsoft, Fortinet, and Oracle, emphasizing the urgent need for rapid patching, network segmentation, and improved monitoring. The illicit market for compromised access is highly active and fragmented, with retail, BFSI, and government sectors most affected, driven by the high value of data like PII, financial info, and national security data. Cybercriminal activity remains largely opportunistic and profit-driven, but an increase…
Top Highlights DroidLock is a sophisticated Android malware targeting users in Spanish-speaking regions, combining ransomware and remote control features to compromise devices. It infects devices through seemingly legitimate apps, gaining access to critical permissions and establishing real-time bidirectional communication with its command server. The malware employs advanced overlay techniques to steal credentials and unlock patterns, targeting high-value apps like banking and payment systems. DroidLock can lock devices, threaten data destruction, demand ransom, and potentially erase all data via factory reset, making recovery nearly impossible without expert intervention. Key Challenge DroidLock is a highly dangerous malware targeting Android users, especially in…
Fast Facts Ivanti’s EPM systems are critically vulnerable due to a severe security flaw (CVE-2025-10573, CVSS 9.6), allowing unauthenticated admin session access, risking control over thousands of devices. The flaw is a Cross-Site Scripting (XSS) vulnerability, which enables attackers to inject malicious JavaScript and take full control of admin sessions by exploiting insecure dashboards. Despite the urgency, 68% of companies delay patching critical vulnerabilities beyond 24 hours, increasing the risk of widespread cyberattacks and lateral movement within networks. Immediate patching to version 2024 SU4 SR1 is crucial, especially for high-risk environments; if not feasible immediately, network segmentation and disabling internet…
Quick Takeaways Pro-Russia hacktivist groups are conducting low-sophistication attacks on critical infrastructure, exploiting insecure VNC connections to access OT control devices, causing potential physical damage. These groups often use basic tools like Nmap and brute-force techniques, and their attacks tend to be opportunistic, repetitive, and amplified through social media sharing. Agencies recommend immediate cybersecurity actions: reducing OT exposure, implementing strong authentication, segmenting networks, updating systems, and following NIST and CISA cybersecurity best practices. While currently limited in sophistication, these hacktivist efforts pose serious risks of physical harm, operational disruptions, and costs, emphasizing the need for secure-by-design products and comprehensive defense…
Prompt Injection Leak: How a Simple Command Exposed Credit Cards and Booked a $0 Trip
Top Highlights Microsoft Copilot Studio’s no-code interface allows all employees to create powerful AI agents, increasing productivity but also expanding security risks, including data leaks and fraud. Simple prompt injection attacks can manipulate AI agents to disclose sensitive customer data, access broader information than intended, and modify data to exploit vulnerabilities like booking a free trip. The automation capabilities, such as access to customer records and ability to update reservations and prices, create significant security loopholes if not properly secured. Implementing best practices—such as mapping tools, limiting data access, restricting write permissions, and monitoring prompts—can help balance operational empowerment with…
Fast Facts Ransomware activity against industrial organizations increased to 742 incidents in Q3 2025, with manufacturing comprising 72% of cases, particularly hitting construction, electronics, and food sectors. The ransomware ecosystem remains fragmented, dominated by mature RaaS operations like Qilin and emerging low-discipline groups, facilitated by infrastructure reuse, leaks, and AI tools lowering entry barriers. New ransomware groups (e.g., Gentlemen, Sinobi) are targeting production-support IT systems through simple tactics such as credential theft and exposed remote services, posing growing industrial risks without direct ICS attacks. Future threats are expected to escalate as adversaries focus on IT systems underpinning OT operations, with…
Quick Takeaways Palo Alto Networks uncovered the 01flip ransomware family in June 2025, a sophisticated Rust-based malware targeting both Windows and Linux, signaling a shift towards cross-platform, harder-to-detect threats. The malware primarily targets critical infrastructure organizations in Southeast Asia, deploying across compromised networks through lateral movement, credential dumping, and exploitation of old vulnerabilities like CVE-2019-11580. 01flip employs a dual-layer encryption (AES-128-CBC combined with RSA-2048) designed to thwart decryption attempts, using low-level system calls and evasive techniques such as sandbox detection and string encoding to evade detection. Its resilience is heightened by zero detection rates on Linux for months, active defense…