Author: Staff Writer

Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Fast Facts The ShinyHunters group launched a new campaign exploiting Gainsight integrations to access Salesforce customer data, compromising at least three organizations. Salesforce responded by revoking all active Gainsight app access, removing the apps temporarily, and investigating the unusual activity. Gainsight indicated that compromised OAuth tokens were scoped to individual customers and recommended credential rotation; the connector will be re-enabled after thorough vetting. Experts note that third-party OAuth tokens are increasingly targeted by hackers, with this campaign involving theft of tokens from Drift’s AWS after a GitHub breach of Salesloft. The Issue The ShinyHunters hacking group recently launched a sophisticated…

Read More

Essential Insights A significant 40x increase in scanning activity targeting Palo Alto Networks GlobalProtect portals suggests heightened attempts at brute-force login attacks, with ongoing investigations. Maxwell Schultz pleads guilty to hacking his former employer’s network, resetting 2,500 passwords post-termination, causing over $860,000 in losses. NSO Group appeals a court ruling that bans it from hacking WhatsApp, claiming that enforcement would cause irreparable harm to the company. Multiple cybersecurity incidents include a data breach affecting over 120,000 individuals at WEL Companies, ATM jackpotting theft of $175,000, and espionage tools like PlushDaemon’s new network implant used in APT attacks. Underlying Problem Recently,…

Read More

Top Highlights CrowdStrike confirmed an insider shared screenshots of internal systems with unnamed threat actors, but no system breaches or customer data compromises occurred. The suspicious insider was identified and terminated following an internal investigation; the case was handed over to law enforcement. Threat groups such as ShinyHunters, Scattered Spider, and Lapsus$ (now “Scattered Lapsus$ Hunters”) have targeted major organizations, including Salesforce clients, and engaged in extortion and data theft. These groups have transitioned to a ransomware-as-a-service platform called ShinySp1d3r, employing various encryptors, and have been responsible for significant breaches, including a £196 million loss for JLR. Problem Explained CrowdStrike,…

Read More

Quick Takeaways Retailers experience a surge in targeted ransomware attacks during peak holiday sales, aiming to cripple POS, e-commerce, and backend systems. Attack methods include phishing, fake shipping alerts, and malicious ads that exploit users and quickly escalate to full system compromise. Malware employs stealth tactics like leveraging trusted processes, obfuscated PowerShell commands, and mimicking legitimate cloud domains to evade detection. Consequences are severe—encrypted sales/inventory, halted transactions, data theft, and potential regulatory fines, emphasizing the need for proactive cybersecurity measures. What’s the Problem? As the holiday shopping season kicks off, retail businesses are experiencing a surge in sophisticated ransomware attacks…

Read More

Essential Insights AI’s Role and Impact: While AI effectively handles repetitive tasks in cybersecurity—reducing burnout among junior analysts—it risks diminishing essential hands-on experience required for developing foundational expertise. Emerging Paradox: The reliance on AI may elevate current analysts but creates a gap for future leaders, limiting their exposure to critical learning experiences necessary for intuitive decision-making during crises. Concerns Over Entry-Level Jobs: Automation threatens traditional entry-level roles, leading to fewer opportunities for newcomers, with the potential need for reshaped job descriptions focused on higher complexity tasks earlier in careers. Need for Strategic Development: Organizations must actively redesign training and career…

Read More

Essential Insights Security leaders face an overload of data but lack effective decision-making processes to utilize it. The core issue is not acquiring threat data but converting it into consistent, actionable insights. Operationalizing Cyber Threat Intelligence (CTI) transforms threat feeds into a disciplined, decision-driven security process. When successfully implemented, CTI becomes a strategic business function that enhances risk reduction, resilience, and board confidence. Problem Explained The story highlights a common challenge faced by security leaders: despite having access to vast amounts of cyber threat data, they struggle to translate this information into effective, consistent decisions that reduce risk. The proliferation…

Read More

Top Highlights Over 370 organizations participated in the 2023 GridEx VIII, marking a nearly 50% increase from previous years and emphasizing expanded accessibility and engagement across North American power and related infrastructure sectors. The exercise simulated real-world cyber and physical threats to test the emergency preparedness and response protocols of utilities and critical infrastructure, with a report on lessons learned expected in early 2026. Increased participation from small- and medium-sized utilities and Canadian partners indicates progress in regional collaboration and collective resilience efforts against major cyber threats. Recent cyberattacks, including ransomware on Nova Scotia Power and a Chinese breach of…

Read More

Fast Facts Government agencies rely on outdated, insecure web forms that transmit sensitive citizen data via unencrypted channels, exposing them to interception, manipulation, and breaches. These legacy forms are vulnerable to SQL injection, XSS, and CSRF attacks due to improper design, low remediation rates, and outdated security protocols like SHA-1 and TLS 1.0. Compliance gaps exist, as many government systems fail to meet FISMA, NIST, CJIS, and HIPAA standards, often using unauthorized, non-FedRAMP platforms and enabling data breach notification violations. Immediate action is critical: enforce HTTPS with HSTS, deploy modern security measures, replace legacy forms with FedRAMP-authorized platforms, and modernize…

Read More

Quick Takeaways SquareX identified a critical vulnerability in Perplexity’s Comet AI browser involving hidden extensions ( Analytics and Agentic) that could allow attackers to execute commands on a victim’s device, potentially leading to ransomware or data theft. The attack requires significant human intervention, such as hijacking extensions via XSS or MitM attacks, but demonstrates the inherent risks in the MCP API used by Comet. Perplexity disputes the severity, claiming the vulnerability is theoretical, requiring targeted phishing and human error, and stating users are prompted for permissions; they have implemented some security measures. SquareX’s research aimed to highlight potential risks of…

Read More

Summary Points Unauthorized Access Detected: Salesforce identified unusual activity related to Gainsight applications that may have allowed unauthorized access to customer data. Immediate Actions Taken: Salesforce revoked access tokens and temporarily removed Gainsight applications from its platform while conducting an investigation. Threat Actor Involvement: The incident is linked to the ShinyHunters group, known for targeting third-party SaaS integrations, affecting nearly 1,000 organizations previously. Security Recommendations: Organizations are urged to review third-party applications linked to Salesforce, revoke suspicious tokens, and rotate credentials to mitigate risks. Unauthorized Access Detection Salesforce has reported unusual activity linked to applications from Gainsight. The company warned…

Read More