- Home
- Cybercrime and Ransomware
- Emerging Tech
- Threat Intelligence
- Expert Insights
- Careers and Learning
- Compliance
Subscribe to Updates
Subscribe to our newsletter and never miss our latest news
Subscribe my Newsletter for New Posts & tips Let's stay updated!
Author: Staff Writer
John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.
Top Highlights Coupang, South Korea’s largest retailer, experienced a data breach exposing personal info of 33.7 million customers, including names, contacts, and order details, but not payment data. The breach was discovered on November 18, 2025, though it occurred on June 24, 2025, with unauthorized access traced back to a former employee using unrevoked access tokens. The company has reported the incident to authorities and advised affected customers to remain vigilant against impersonation attempts, without revealing specific attack details or perpetrators. This incident is the second major cybersecurity breach in South Korea this year, following SK Telecom’s exposure of 27…
Summary Points Google disclosed two high-severity zero-day vulnerabilities (CVE-2025-48633 and CVE-2025-48572) affecting Android, potentially exploited in targeted attacks. The latest update patched 107 vulnerabilities, including 37 affecting the framework and 14 system flaws, with critical issues in the kernel, Arm, MediaTek, Unisoc, and Qualcomm components. Google’s vulnerability disclosure has been inconsistent this year, with no reports in July and October, despite releasing numerous patches in other months. All addressed vulnerabilities will have their source code published to the Android Open Source Project repository by Wednesday. What’s the Problem? Google recently reported two critically exploited zero-day vulnerabilities, CVE-2025-48633 and CVE-2025-48572, in…
Fast Facts Zero-day attacks exploit unknown vulnerabilities before patches are available, making them highly effective and difficult to detect. These attacks commonly target operating systems, browsers, enterprise software, and IoT devices, often used in cyber espionage, ransomware, and critical infrastructure sabotage. Defending against zero-day threats requires rapid patching, behavior-based detection, zero-trust architectures, network segmentation, and thorough investigation; detection alone is insufficient. Discovery methods include white-hat researchers, black-hat hackers, government agencies, and internal security teams, underscoring the importance of proactive threat intelligence and investigation. The Issue The illustration highlights the concept of zero-day attacks, which are sophisticated cyber threats exploiting unknown…
Essential Insights Europol dismantled Cryptomixer, a dark web cryptocurrency mixer responsible for laundering over $1.5 billion, seizing $28 million in Bitcoin and related infrastructure. Cryptomixer served as a preferred platform for cybercriminal activities including ransomware, fraud, and trafficking, anonymously mixing funds since 2016. North Korean Lazarus Group used Cryptomixer before transitioning to faster, automated methods for laundering stolen crypto, notably from a $1.46 billion Ethereum theft. The operation follows previous efforts against major mixers like ChipMixer, reflecting ongoing global law enforcement campaigns targeting cryptocurrency laundering services. The Core Issue European authorities, led by Europol, recently shut down Cryptomixer, a notorious…
Top Highlights Albiriox is a developing Android banking trojan offered as malware-as-a-service, capable of remote device control and targeted at over 400 global apps, including banking and cryptocurrency platforms. It features on-device fraud capabilities, overlay attack functionalities, and a remote access system that allows real-time control, with some features still under development. The malware uses a fake app as a dropper to deceive users into granting permissions and is designed to evade detection through integration with the Golden Crypt obfuscation service. Since its emergence in September, Albiriox has been monetized via subscription models costing up to $720/month, with early campaigns…
Top Highlights Targeted Attack: A U.S.-based civil engineering firm was attacked by Russia-aligned hackers, specifically the RomCom group, using SocGholish malware linked to the war in Ukraine. Malware Details: The SocGholish malware, employed by the threat group TA569, can enable attackers to gain remote access to systems through deceptive browser-update prompts. Historical Context: This incident marks the first detection of RomCom using SocGholish for attacks, with their past exploits involving Western organizations supporting Ukraine. Ongoing Threat: The attack reflects increasing tensions between the U.S. and Russia, with multiple Russian-aligned groups targeting Western support for Ukraine in various asymmetric strategies. Targeting…
TangleCrypt Windows Packer: Evading EDR with ABYSSWORKER Driver and Ransomware Payloads
Quick Takeaways TangleCrypt is a newly discovered Windows malware packer designed to evade detection, used in ransomware attacks like Qilin, employing multi-layer encoding, compression, and encryption to hide malicious payloads. It conceals its executables through base64 encoding, LZ78 compression, and XOR encryption; this multi-layer approach complicates detection and analysis by traditional security tools. The malware supports two payload execution methods—either decrypting and running within the current process or creating a suspended process, then injecting the payload—both controlled by a configuration string. TangleCrypt employs string encryption and dynamic import resolving to hinder analysis, but lacks advanced anti-analysis features, allowing experienced analysts…
Fast Facts European authorities seized Cryptomixer’s servers and domain, cutting off a platform that laundered over €1.3 billion ($1.5 billion) for cybercriminals since 2016. Cryptomixer concealed transaction origins by pooling and randomly redistributing funds, making it difficult to trace digital currency flows. The operation, called Operation Olympia, is part of ongoing efforts to dismantle dark web mixers, following recent seizures of services like ChipMixer. North Korea-linked hackers used Cryptomixer for money laundering, although Pyongyang now prefers faster, less anonymous methods; some operators have faced legal action. What’s the Problem? European authorities recently took decisive action against Cryptomixer, an illegal cryptocurrency…
Summary Points Imminent Threat: Hackers linked to Scattered Lapsus$ Hunters may launch a campaign targeting Zendesk environments, as reported by Reliaquest. Phishing Operations: Over 40 impersonating domains have been created in the last six months, some hosting phishing pages designed to steal user credentials through fake sign-on portals. Fraudulent Tickets: There is evidence of hackers submitting fraudulent support tickets to attack help-desk personnel with malware and remote access Trojans. Ongoing Vigilance: Zendesk is actively monitoring and responding to threats, having shared the findings with its security team to protect user data. Emerging Threats in Zendesk Environments Hackers connected to the…
Essential Insights Europol has shut down Cryptomixer, a cryptocurrency mixing service used to launder over €1.3 billion ($1.5 billion) in Bitcoin, primarily linked to illegal activities like ransomware, fraud, and trafficking. Cryptomixer operated both on the clear web and dark web, helping users anonymize their crypto transactions by pooling and reissuing untraceable coins. The operation, called Operation Olympia, involved seizing servers, data, and approximately €25 million ($29 million) in Bitcoin in Switzerland and Germany, but no arrests were reported. Law enforcement agencies continue targeting cryptocurrency mixers worldwide, highlighting ongoing efforts to disrupt money laundering and cybercrime networks. What’s the Problem?…