Author: Staff Writer

Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Legislative Foundation: The IoT Cybersecurity Improvement Act of 2020 mandates NIST to develop and enhance cybersecurity guidelines for IoT devices, beginning with NIST IR 8259, to safeguard product security throughout their lifecycle. Guideline Evolution: NIST has expanded the NIST IR 8259 framework into sector-neutral guidance and is initiating a five-year revision of essential documents, focusing on current and emerging technologies in IoT cybersecurity. Workshop Insights: Feedback from two public workshops involving over 400 participants highlighted the need for lifecycle-centric security, risk visibility, and effective communication between manufacturers and users regarding cybersecurity challenges. Upcoming Changes: NIST plans comprehensive updates to NIST…

Read More

Top Highlights CISA added a actively exploited cross-site scripting vulnerability (CVE-2021-26829) in OpenPLC ScadaBR to its KEV catalog, impacting Windows and Linux versions with a CVSS score of 5.4. The breach was linked to the pro-Russian hacktivist group TwoNet, which used default credentials and exploited the flaw to deface a honeypot, revealing their focus on web-layer attacks and avoidance of privilege escalation. TwoNet’s activities expanded from DDoS to targeting industrial systems, doxxing, and RaaS, with operations increasingly blending legacy tactics with broader claims. Exploit activities are facilitated by a long-standing OAST infrastructure hosted on Google Cloud, targeting Brazil, involving over…

Read More

Quick Takeaways The OT cybersecurity culture gap is widening, with only 14% of organizations feeling fully prepared for emerging threats, highlighting a divide between IT and OT teams that hampers collaboration and operational resilience. Building trust requires cybersecurity understanding risk as a business issue, aligning goals, shared metrics, joint exercises, and embedding security into operational priorities to foster effective cooperation. Current standards focus heavily on compliance, often leading to a checkbox approach; true progress demands integrating cybersecurity into safety, reliability, and operational frameworks, especially as OT connectivity and geopolitics heighten risks. Effective board communication involves translating cyber risks into business…

Read More

Summary Points Asahi Group Holdings, Japan’s largest beer producer, completed an investigation confirming that a September cyberattack compromised personal data of up to 1.9 million individuals, including customers, employees, and their families. The breach exposed sensitive information such as names, genders, addresses, phone numbers, and email addresses, but did not include payment card data. Initially denied, Asahi later confirmed the incident involved ransomware (Qilin) that stole and leaked 27GB of data, with hackers publishing samples on their data leak site. The company is actively restoring systems, reinforcing security measures, and gradually resuming product shipments while notifying affected parties through a…

Read More

Quick Takeaways CISA has added a critical Cross-Site Scripting vulnerability (CVE-2021-26829) in OpenPLC ScadaBR to its Known Exploited Vulnerabilities catalog, citing active exploitation in the wild. The flaw allows remote attackers to inject malicious scripts via the system settings interface, risking session hijacking, credential theft, and configuration manipulation, posing a serious threat to industrial control environments. Federal agencies are mandated to remediate this vulnerability by December 19, 2025, with recommended actions including applying patches, reviewing third-party integrations, or discontinuing use if necessary. Although not yet linked to ransomware, unpatched SCADA systems remain attractive targets for sophisticated threat actors, emphasizing the…

Read More

Summary Points A new Android malware named “Albiriox” has emerged as a sophisticated Malware-as-a-Service (MaaS), enabling advanced remote access and on-device fraud, including manual banking transactions via screen streaming (VNC) and overlay attacks. Initially launched in September 2025 and now publicly available, Albiriox targets over 400 financial and cryptocurrency apps, using stealth techniques such as “Golden Crypt” obfuscation and two-stage dropper campaigns to evade detection. The malware’s architecture allows full control of infected devices, bypassing security measures like 2FA, with attackers able to perform real-time banking fraud while victims remain unaware. Distributed via social engineering tricks, including fake app downloads…

Read More

Autonomous AI Integration: Microsoft Defender Experts are transforming Security Operations Centers (SOCs) by integrating autonomous AI agents, enhancing speed and precision in threat detection amidst rising complexities. Human-AI Collaboration: The approach emphasizes a collaborative model where human analysts guide and oversee AI agents, shifting responsibilities from routine tasks to strategic analysis, amplifying efficiency and insights. Skill Evolution and Training: SOC analysts must adapt to new workflows, focusing on skills like prompt engineering and advanced data analysis, which are critical as operations evolve to leverage AI effectively. Trust and Oversight: Maintaining strong human-AI feedback loops with expert-defined guardrails is essential for…

Read More

Top Highlights The French Football Federation (FFF) experienced a data breach where attackers exploited a compromised account, stealing personal data of club members. FFF responded by disabling the compromised account, resetting all passwords, and notifying relevant authorities, including ANSSI and CNIL. The breach exposed sensitive information such as names, contact details, birth information, and license numbers, prompting warnings for suspicious communications. The FFF is actively enhancing its security measures and advises individuals to remain vigilant against potential phishing and scam attempts. The Issue The French Football Federation (FFF) reported a data breach after cyber attackers exploited a compromised account to…

Read More

Fast Facts Polish authorities arrested a Russian suspect accused of conducting sophisticated unauthorized cyberattacks on local and European networks, highlighting ongoing efforts to combat cybercrime. The suspect, who entered Poland in 2022 and gained refugee status in 2023, is linked to breaching a local online store’s IT systems and tampering with sensitive customer data. The individual is believed to be part of a larger cybercriminal network, with authorities actively investigating further victims and the scope of the attack’s damage. The arrest underscores Poland’s commitment to cybersecurity, strengthening international cooperation to combat evolving cyber threats and organized cybercrime. The Core Issue…

Read More

Top Highlights The French Football Federation (FFF) was hacked through compromised user credentials, allowing attackers to access and extract sensitive personal data of members and licensees. The breach exposed highly detailed personally identifiable information, including names, birth details, contact info, and license numbers, increasing the risk of identity theft. Immediate security measures included disabling the compromised account, enforcing password resets, and notifying authorities and affected individuals under GDPR and French law. The FFF warns of heightened phishing risks using stolen PII and stresses ongoing efforts to strengthen cybersecurity defenses amid evolving cyber threats. The Issue The French Football Federation (FFF)…

Read More