- Home
- Cybercrime and Ransomware
- Emerging Tech
- Threat Intelligence
- Expert Insights
- Careers and Learning
- Compliance
Subscribe to Updates
Subscribe to our newsletter and never miss our latest news
Subscribe my Newsletter for New Posts & tips Let's stay updated!
Author: Staff Writer
John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.
Top Highlights The University of Phoenix experienced a data breach in August 2025, exploiting a zero-day vulnerability in Oracle E-Business Suite, leading to theft of sensitive personal and financial data of students, staff, and suppliers. The attack is linked to the Clop ransomware gang’s extortion campaign, which has also targeted other U.S. universities like Harvard and the University of Pennsylvania, as well as international companies. Clop’s Group has previously targeted various organizations using zero-day exploits, notably affecting over 2,770 organizations through campaigns involving tools like MOVEit Transfer. Despite limited details from UoPX, authorities are preparing notifications for affected individuals; the…
Fast Facts Microsoft quietly mitigated a high-severity Windows LNK vulnerability (CVE-2025-9491), exploited by multiple nation-state and cybercrime groups to hide malicious commands in LNK files, requiring user interaction to execute. The flaw allows attackers to pad the Target field with whitespace to hide malicious payloads, making detection difficult, and was widely exploited for deploying malware like Ursnif, Trickbot, and Gh0st RAT. Despite considering the issue non-critical due to user warnings and interaction, Microsoft silently changed how LNK files display target characters, allowing full visibility of targeted commands—yet it’s not a complete fix. Unofficial patches, like ACROS Security’s micropatch, are available…
Fast Facts Freedom Mobile disclosed a data breach involving unauthorized access to its customer account management platform, resulting in the exposure of personal information of a limited number of customers. The breach was facilitated by attackers using a subcontractor’s account, but the company confirmed no network or operational disruptions occurred, and there was no evidence of data misuse. Exposed data includes names, addresses, birth dates, phone numbers, and account numbers, prompting recommendations for affected customers to watch for suspicious messages and activity. This is Freedom Mobile’s second known data breach, the first occurring in 2019 when a vendor exposed a…
Essential Insights Twin brothers Muneeb and Sohaib Akhter were arrested for stealing and deleting government data from a contractor that services over 45 federal agencies, shortly after being fired. They previously pleaded guilty in 2015 for hacking-related crimes while employed as federal contractors, with Muneeb sentenced to 39 months and Sohaib to 24 months in prison. During the alleged crime spree, Muneeb deleted around 96 databases, stole files, and used AI tools to cover their tracks, risking national security and disrupting federal agency operations. The brothers face multiple charges including conspiracy, computer fraud, identity theft, and password trafficking, with potential…
Summary Points Leroy Merlin has experienced a data breach affecting only French customers, exposing personal details such as full name, phone number, email, address, DOB, and loyalty info. The breach did not include banking details or online passwords, and current indications suggest the stolen data has not been maliciously used or leaked online. The company responded swiftly to contain the incident, advised customers to watch for phishing attempts, and report suspicious activity without confirming the breach’s scale. Leroy Merlin has emphasized customer vigilance and has yet to disclose the total number of affected users or additional breach details. Problem Explained…
Essential Insights CISA is terminating the Cybersecurity Retention Incentive (CRI) program due to mismanagement, as reported by the DHS inspector general, who found that incentives were being offered too broadly. The CRI program was initially created to retain cybersecurity professionals but was meant to be a temporary solution until the Cyber Talent Management System (CTMS) was operational. The transition from CRI to CTMS raises concerns, as it is unclear how many employees will be converted while 70% of CISA’s Cybersecurity Division currently receives CRI payments. CISA aims to improve oversight and efficiency in hiring and retaining cyber talent, promising a…
Quick Takeaways Marquis Software Solutions suffered a ransomware attack on August 14, 2025, via its SonicWall firewall, leading to the theft of personal and financial data affecting over 400,000 customers across 74 US banks and credit unions. The breach involved the theft of sensitive personal information, including SSNs, addresses, and banking details, although there is no evidence of data misuse or publication so far. Marquis increased its cybersecurity measures post-incident, such as patching firewalls, enabling multi-factor authentication, and applying geo-IP filtering, indicating prior vulnerabilities exploited through SonicWall VPN accounts. The attackers, linked to the Akira ransomware gang, have been targeting…
Fast Facts Anthropic’s Claude Skills, designed for customizable AI capabilities, can be exploited to deploy malware like ransomware without user awareness due to their legitimate appearance and single-consent trust model. Threat actors can manipulate seemingly innocent Skills shared publicly, turning them into Trojan horses that may trigger widespread ransomware infections across organizations. Researchers demonstrated that malicious code, embedded within helper functions of legitimate Skills (e.g., GIF Creator), can silently download and execute malware after initial user approval, bypassing scrutiny. This vulnerability allows malicious actors to leverage user trust, making it a scalable threat that can escalate from a single employee’s…
Summary Points A critical vulnerability (CVE-2025-55182) in React Server Components, used globally across many web applications, has been discovered and patched, but remains a high-risk threat. The flaw enables easy exploitation for unauthenticated remote code execution, risking data breaches, privilege escalation, and network compromise. Despite no current reports of attacks, experts warn imminent exploitation due to widespread usage and the ease of exploiting the deserialization flaw. Ongoing concerns include fallout extending to related frameworks and dependencies, with threat actors anticipated to develop and share exploit methods soon. Problem Explained A critical vulnerability in React Server Components, identified as CVE-2025-55182, has…
Top Highlights Several universities, including the University of Pennsylvania, University of Phoenix, Harvard, and Dartmouth, are victims of a cyberattack on Oracle’s E-Business Suite, impacting personal and institutional data. The attack, linked to the Cl0p ransomware group, involved unauthorized access to sensitive data such as names, Social Security numbers, bank details, and other private information. The University of Pennsylvania reports nearly 1,500 impacted residents, while the University of Phoenix discovered the breach shortly after their data appeared on the Cl0p leak site, though no data has been publicly released from Phoenix. The breach raises questions about exploited zero-day vulnerabilities and…