- Home
- Cybercrime and Ransomware
- Emerging Tech
- Threat Intelligence
- Expert Insights
- Careers and Learning
- Compliance
Subscribe to Updates
Subscribe to our newsletter and never miss our latest news
Subscribe my Newsletter for New Posts & tips Let's stay updated!
Author: Staff Writer
John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.
Fast Facts AI has significantly escalated social engineering threats, with a 1,200% rise in phishing since 2022, leading to higher success rates and increased organizational costs. AI-enhanced phishing and BEC attacks utilize generative models to create hyper-personalized, convincing messages, often incorporating deepfake technology for added deception. Defending against these threats requires adaptive, multilayered strategies, including fake AI-generated lures, behavioral detection, strict verification protocols, and AI-powered anomaly detection. Organizations must prioritize security awareness training, implement advanced approval processes, and foster a security-first culture to mitigate risks from AI-augmented social engineering. The Issue Since late 2022, artificial intelligence has significantly amplified social…
Summary Points CISA warns that cyber actors are using sophisticated techniques, including zero-day and zero-click exploits, to deliver spyware via apps like WhatsApp, Signal, and Android devices, often targeting high-value individuals. Threat actors exploit messaging app features, such as Signal’s ‘linked devices,’ and disguise spyware as legitimate apps like WhatsApp, ProSpy, and ToTok to evade detection. Notable incidents include targeted attacks on Apple and Samsung devices, and the use of spyware like NSO, Landfall, ClayRat, ProSpy, and ToSpy against government officials, military personnel, and civil society across the US, Middle East, and Europe. CISA advises at-risk users to review updated…
Fast Facts Targeted Attacks: Malicious actors are leveraging commercial spyware to exploit vulnerabilities in messaging apps, employing tactics like QR codes and zero-click malware to gain access. High-Profile Victims: The focus of these attacks is on high-value targets such as senior government officials and civil-society executives across the U.S., Europe, and the Middle East. Increased Risk for Civilians: Human-rights and civil-society organizations are particularly at risk due to limited security resources, making them prime targets for sophisticated cyber assaults. CISA’s Guidance: The Cybersecurity and Infrastructure Security Agency urges organizations to consult updated mobile communications security guidelines to mitigate risks associated…
Top Highlights SitusAMC experienced a significant data breach around November 12, 2025, exposing client accounting records, legal agreements, and potentially some customer data. The company publicly disclosed the breach on November 22, 2025, after initial investigation and law enforcement notification, with ongoing assessments of its full impact. Immediate security measures—including credential resets, disabling remote access, and updating firewalls—were implemented, and no malware was involved. SitusAMC reassures that its services remained operational during the incident, underscores the seriousness of data security, and commits to providing further updates as investigations continue. Key Challenge In late November 2025, SitusAMC, a leading provider of…
Top Highlights AI has significantly increased the volume and success of social engineering attacks, with phishing and BEC attacks now using generative models for hyper-personalization and real-time adaptability. AI-enhanced phishing involves detailed reconnaissance and the creation of convincing, tailored messages using AI, often evading traditional security filters and employing AI-generated malware or spoofed landing pages. AI-enabled BEC attacks leverage deepfake and AI-generated content to impersonate executives convincingly, resulting in large-scale financial frauds, such as a $25 million wire transfer. Defending against these sophisticated threats requires advanced, multilayered security measures, including enhanced employee training, AI-powered anomaly detection, strict verification protocols, and…
Essential Insights A Chinese state-aligned group, APT31, has reportedly been spying on Russia’s IT sector for years, reflecting espionage even among ostensibly allied nations. The campaign, detailed by Russian IT security firm Positive Technologies, involved sophisticated tactics using legitimate cloud services for malicious activities and communication. APT31’s attacks targeted not only IT companies but also contractors working with government agencies, indicating a potential broader agenda beyond commercial espionage. Notably, evidence suggests similar tactics have been used against other countries, highlighting the challenges in countering such sophisticated, covert cyber espionage efforts. [gptAs a technology journalist, write a short news story divided…
Summary Points Harvard University experienced a data breach impacting personal info of alumni, donors, students, and staff, discovered on November 18, with no evidence of further unauthorized access since then. The breach involved unauthorized access to systems used by the Alumni Affairs and Development department, exposing data related to addresses, contacts, donation details, and biographical info, but not social security numbers or financial data. The incident was caused by a phone phishing attack and is part of a broader pattern of cyberattacks, including recent incidents at Princeton, Columbia, and institutions affected by the Oracle E-Business Suite hack. Harvard has notified…
Essential Insights Focus remaining budget on security investments that address high-impact, business-critical gaps rather than superficial tool purchases, prioritizing risks that threaten operations, data, or compliance. Strengthen identity controls—such as expanding MFA, auditing Active Directory accounts, and reducing credential reuse—to achieve rapid and significant risk reduction within weeks. Prioritize outcome-driven security engagements like attack-surface reviews and red/blue team exercises over unused tools, ensuring measurable results and justifying future budgets. Reduce costs and complexity by auditing and consolidating overlapping vendor tools, while using year-end timing to renegotiate support contracts and leverage discounts for strategic security measures. The Issue In the annual…
Quick Takeaways The APT group ToddyCat has adapted sophisticated techniques, including using the custom tool TCSectorCopy, to access and exfiltrate corporate email data and tokens via OAuth 2.0, bypassing perimeter security. They exploit vulnerabilities like CVE-2024-11859, deploying malware such as the PowerShell-based TomBerBil, which extracts browser credentials, cookies, and history from browsers like Chrome, Edge, and Firefox. ToddyCat can access Outlook OST files directly from local storage, copying and decrypting email contents and credentials through advanced methods including shared network access and the use of encryption keys. The group actively develops methods to obtain access tokens from memory, employing tools…
Essential Insights Cyberattacks often ingress via moments of trust or single points of failure, exemplified by Nevada’s breach through a tampered download and Penn’s through compromised credentials, leading to extensive data theft and system compromise. Attackers utilize sophisticated tactics like disabling security tools (e.g., RONINGLOADER malware) and exploiting software vulnerabilities (e.g., Microsoft SQL CVE-2025-59499) to escalate privileges and hide malicious activity. Critical infrastructure and enterprise systems are increasingly targeted, with water systems and healthcare environments at risk; effective microsegmentation and internal boundary controls are vital to contain breaches. Preventive measures such as strict access controls, minimizing attack surfaces, backing up…