- Home
- Cybercrime and Ransomware
- Emerging Tech
- Threat Intelligence
- Expert Insights
- Careers and Learning
- Compliance
Subscribe to Updates
Subscribe to our newsletter and never miss our latest news
Subscribe my Newsletter for New Posts & tips Let's stay updated!
Author: Staff Writer
John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.
CISC Releases New Rules to Tackle AI, Legacy Systems, Supply Chain, and Insider Threats in Critical Infrastructure
Essential Insights Australia’s CISC has introduced the Enhanced Critical Infrastructure Risk Management Program (CIRMP) Rules 2026, mandating stronger security measures for critical infrastructure to improve resilience against evolving threats, including cyber and physical risks. The rules focus on enhancing cybersecurity by addressing risks from legacy systems, AI, insider threats, offshoring, and supply chain vulnerabilities, with new compliance requirements such as multi-factor authentication and cybersecurity frameworks. The 2023–2030 Cyber Security Strategy’s Horizon 2 emphasizes protecting the entire digital ecosystem, boosting cyber maturity, reducing human error vulnerabilities, and investing $89.3 million over four years to strengthen infrastructure security and response capabilities. The…
Top Highlights Phishing attacks are increasing sharply in volume and sophistication, heavily driven by AI and phishing-as-a-service platforms, with 78% of organizations experiencing growth and 84% noting more AI-generated attacks. Enterprise targets, especially in technology, airline, and automotive sectors, are disproportionately exposed, with 86% of Fortune 100 companies’ employee data compromised over the past year. Most organizations lack rapid detection and response capabilities, with 68% taking four or more hours to remediate breaches and only 30% fully integrating phishing detection into response workflows. The threat landscape has evolved beyond credential theft to include session hijacking and device code phishing, demanding…
Quick Takeaways AI accelerates cyberattacks by personalizing social engineering, automating reconnaissance, and probing exposed systems at scale, making breaches faster and more autonomous. Compromised identities—whether accounts, workloads, or AI agents—remain the primary entry point for threats, emphasizing the need for rapid detection and response to prevent data breaches. Fragmented security tools hinder effective defense; integrated, real-time risk scoring and automated response are crucial to counter sophisticated, AI-powered identity attacks. Threat, Attack Techniques, and Targets AI makes cyberattacks faster and more personal. Attackers use AI to personalize social engineering at scale. They automate reconnaissance and analyze leaked credentials quickly. AI helps…
Top Highlights QUIC, running over UDP and powering HTTP/3, bypasses traditional CASB inspection, allowing users to access blocked destinations without detection or logging. Browser variations in handling QUIC mean some browsers can establish uninspected connections, creating security blind spots that logs do not reveal. Organizations may underestimate their data exfiltration via AI or cloud destinations due to unlogged QUIC traffic, posing both security and compliance risks. Threat, Attack Techniques, and Targets The main issue involves the way CASB security tools inspect internet traffic. Traditional CASBs rely on checking TCP traffic, but modern web protocols like HTTP/3 use QUIC over UDP,…
Quick Takeaways Attackers can establish persistent, covert access by installing OpenSSH and Tailscale, bypassing traditional command-and-control server takedowns. Malware runs mainly in memory, using legitimate tools like PowerShell and RustDesk for stealthy, resilient access to target systems. Even after C2 shutdown, attackers can re-enter via pre-installed SSH/Tailscale, emphasizing the need for comprehensive detection beyond just disabling C2 servers. Threat, Techniques, and Targets A junior hacker targeted a small French automotive business. He used simple methods but created a strong way back into the system. He installed tools such as OpenSSH and Tailscale on a victim’s computer. These tools allowed him…
Top Highlights CISA has added CVE-2026-35273, a critical Oracle PeopleSoft vulnerability, to its KEV catalog due to active exploitation in ransomware campaigns, allowing unauthenticated, remote control over affected systems. The flaw exploits CWE-306, enabling attackers to bypass authentication and execute sensitive functions, potentially leading to full system takeover and access to critical data. Organizations are urged to immediately apply vendor patches, implement mitigations, and improve asset monitoring, as the vulnerability is being exploited for cyberattacks. Security teams should prioritize detection through log analysis and network monitoring, reinforce access controls, and review backup strategies to mitigate damages from successful exploits. The…
Fast Facts A credential harvesting operation named "FortiBleed" is targeting Fortinet firewalls and VPNs worldwide, compromising over 30,000 devices across 194 countries without exploiting any software vulnerabilities. The campaign relies on stolen credentials, credential reuse, and automation, creating a self-sustaining attack chain that monitors and re-infects devices continuously. A significant mistake by attackers—an exposed server—potentially reveals their identity, while victims span various sectors, with a focus on NATO countries, driven by motives including espionage and financial gain. Immediate security measures include credential rotation, enabling multi-factor authentication, reviewing logs, removing management interfaces from public internet access, updating firmware, and conducting incident…
Essential Insights A Chinese cyberespionage group, FishMonger, has upgraded its SprySOCKS backdoor, now targeting Windows systems with advanced stealth features, including kernel drivers and UEFI bootkit components. This expansion extends the group’s operational scope globally, with confirmed activity in countries like Honduras, Taiwan, Thailand, and Pakistan, mainly targeting government entities. The Windows variants, WIN_DRV and WIN_PLUS, exhibit sophisticated capabilities such as kernel-level concealment, dynamic command-and-control communication, keylogging, and persistent infection methods. Researchers warn that this development indicates increased offensive investment and urge organizations to patch vulnerabilities, monitor suspicious activities, and enforce security measures to mitigate threat impacts. The Core Issue…
ErrTraffic MaaS Exploits Fake ReCAPTCHA & Turnstile to Deliver Malicious PowerShell Commands
Essential Insights ErrTraffic is a rapidly evolving cybercrime tool that injects malicious JavaScript into compromised websites, leveraging fake verification screens resembling trusted services to prompt victims to execute hidden PowerShell commands. Built on social engineering tactics and concealing its command infrastructure within Polygon blockchain smart contracts, ErrTraffic enables threat actors to rotate its control servers anonymously, complicating detection efforts. The framework is offered as Malware-as-a-Service, with escalating pricing, and exploits multiple malware payloads, targeting infected WordPress sites and spread via malvertising, impersonating AI platforms like ChatGPT. Once inside, attackers deploy persistent backdoors (e.g., session-manager.php), harvest credentials, exfiltrate data, and maintain…
Summary Points AI-powered attacks are the top security concern, with 41% of cybersecurity leaders citing them as a major threat, outranking supply chain and unknown threats. Organizations struggle with false positives and data validation, wasting substantial security team time and risking delayed responses to real threats. Boards are highly focused on AI-driven threats, with 32% prioritizing understanding AI’s impact on organizational cybersecurity over other issues like compliance or supply chain risks. Threats, Techniques, and Targets Recent research shows that AI-powered attacks are a major concern for cybersecurity teams. In a survey, 41% of cybersecurity leaders identified these attacks as their…