Author: Staff Writer

Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Essential Insights Cybersecurity researchers exposed a malicious npm package, eslint-plugin-unicorn-ts-2, designed to influence AI security tools, with embedded prompts and environment variable exfiltration capabilities. The package contains code that captures API keys and credentials during installation, exfiltrating them via a webhook, highlighting a new tactic to manipulate AI-based security analysis. Attackers are increasingly exploiting underground markets for malicious large language models (LLMs) that automate hacking tasks such as vulnerability scanning and data exfiltration, lowering barriers for cybercriminals. While current malicious LLMs suffer from hallucinations and lack technological novelty, they make cyberattacks more accessible and efficient, enabling less skilled actors to…

Read More

Top Highlights Cybercrime now operates like a SaaS industry, offering subscription-based services such as phishing platforms, malicious document builders, and advanced malware, making sophisticated attacks accessible to low-skilled criminals. Encrypted messaging apps like Telegram facilitate these operations with services like OTP bots, which automate social engineering scams, providing affordable, on-demand fraud tools. Stolen data and network access are commodified through marketplaces and brokers, transforming traditional breaches into scalable, subscription-like services that supply fresh credentials and access at regular intervals. The availability of advanced hacking tools (e.g., RATs, exploit kits) on affordable monthly plans significantly lowers the barrier for entry to…

Read More

Fast Facts A threat actor named ShadyPanda has been weaponizing over 100 malicious browser extensions for Chrome and Edge for nearly 7 years, with some still available for download and over 4 million total installs. These extensions were used for affiliate fraud by injecting tracking codes on sites like Amazon and eBay, generating hidden commissions and harvesting browsing data via Google Analytics. In 2024, ShadyPanda shifted tactics, deploying extensions like Infinity V+ to redirect searches and steal cookies, creating unique user profiles without consent. Previously legitimate extensions, including one with 300,000+ installs, were maliciously updated to serve as backdoors for…

Read More

Fast Facts The University of Pennsylvania experienced a data breach in August 2025 via a zero-day vulnerability in Oracle E-Business Suite, exposing personal data of approximately 1,488 individuals, with potential impact on many more. The breach is linked to the Clop ransomware gang’s larger extortion campaign exploiting the same vulnerability, which has affected other organizations like Harvard, The Washington Post, and American Airlines. Penn states they have applied Oracle’s patches, found no evidence of misuse or public disclosure of data, and are notifying affected individuals in compliance with legal requirements. The broader cyberattack campaign involves extensive theft and leak of…

Read More

Quick Takeaways North Korea’s “Contagious Interview” campaign continues to evolve, now targeting software developers with over 197 malicious npm packages designed to exploit job seekers, accumulating over 31,000 downloads since October 10. The campaign specifically targets blockchain and Web3 developers through fake job offers and “test assignments,” using malicious npm packages that deliver initial access malware and remote access Trojans (RATs) for credential theft and data compromise. Researchers traced the malicious activity back to a GitHub infrastructure utilized by North Korean actors, highlighting a systematic and persistent approach to delivering malware, differing from previous “smash and grab” tactics. Ongoing npm…

Read More

Quick Takeaways OpenAI patched a critical vulnerability (CVE-2025-61260) in Codex CLI, which could be exploited by attackers to execute malicious commands silently and persistently on developer machines. The flaw allows attackers to compromise local configuration files, planting malicious code that runs automatically without user approval, enabling stealthy backdoors and supply chain attacks. Exploitation can lead to remote access via reverse shells, credential exfiltration, privilege escalation, and lateral movement across systems, especially impacting open-source projects and CI pipelines. The vulnerability was disclosed in August, quickly patched within two weeks with Codex CLI version 0.23.0, highlighting the importance of prompt updates to…

Read More

Quick Takeaways Coupang revealed a five-month data breach affecting 33.7 million Korean customers, exposing personal info like names, emails, addresses, and order history, but not payment details or login credentials. The breach was caused by unauthorized access via overseas servers, with the threat actor gaining access from June 24, 2025, and the company blocking the intrusion upon discovery in November. The company has informed relevant authorities, taken security measures, and will notify affected individuals via email or SMS, emphasizing that no account actions are currently needed. The investigation points to a possible suspect: a former Coupang employee, a Chinese national…

Read More

Summary Points The energy sector, including the heating industry, faces heightened cyber threats due to geopolitical tensions and increasingly sophisticated, organized cybercriminal groups targeting critical infrastructure. Companies adopt a holistic, multi-layered security approach combining preventive and reactive measures, emphasizing staff awareness and continuous training to mitigate human-related vulnerabilities. Modern CISOs need to balance technical risk management with strategic leadership, navigating complex regulations like NIS2, DORA, and Cyber Resilience Act to enhance overall organizational resilience. Implementation challenges stem from unclear regulations, resource allocation dilemmas, and varying national interpretations, urging companies to analyze their starting point and begin cybersecurity efforts proactively. The…

Read More

Summary Points India’s DoT mandates all new smartphones to preload the government-backed “Sanchar Saathi” cybersecurity app within 90 days, making it non-removable, to strengthen digital security and combat cybercrime. The app offers features like fraud reporting, stolen device blocking, connection checks, and device authenticity verification, contributing to the recovery of over 700,000 lost phones. Industry and privacy groups express concerns over forced preloading, potential privacy risks, and lack of prior consultation, with fears that extensive system access could enable surveillance. The move signifies increased government control in India’s telecom sector, requiring manufacturers to update existing devices, despite opposition from companies…

Read More

Summary Points Nearly 33.7 million Coupang users’ personal data, including names, contact details, and order history, was leaked due to a security breach traced back to a former employee with unrevoked access credentials. The breach, which began in June 2025 and remained undetected for months, did not impact sensitive financial information such as credit card details or passwords. The attack exploited valid cryptographic signing keys left active after the employee’s departure, highlighting a failure in Coupang’s identity and access management protocols. Regulatory fines could reach up to 1 trillion won ($680 million), making this one of the largest penalties in…

Read More