- Home
- Cybercrime and Ransomware
- Emerging Tech
- Threat Intelligence
- Expert Insights
- Careers and Learning
- Compliance
Subscribe to Updates
Subscribe to our newsletter and never miss our latest news
Subscribe my Newsletter for New Posts & tips Let's stay updated!
Author: Staff Writer
John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.
Top Highlights Over 2.3 million malicious sessions targeting Palo Alto GlobalProtect VPNs have occurred since November 14, 2025, with a 40-fold surge in 24 hours, indicating escalating risks to remote access. The attacks mainly exploit the /global-protect/login.esp URI through brute-force tactics, aiming to insert unauthorized access into corporate networks amid growing reliance on VPNs. Strong evidence links these campaigns to coordinated threat actors, primarily using infrastructure from German and Canadian sources, with targeted regions including the US, Mexico, and Pakistan. Experts advise organizations to audit VPN portals, enforce multi-factor authentication, and watch for specific malicious fingerprints to defend against future…
Summary Points Non-Human Identities (NHIs)—machine credentials like tokens and keys—pose significant security risks if unmanaged, especially in cloud environments. Effective NHI management, via advanced systems, enhances security, compliance, operational efficiency, and cost savings by automating lifecycle and secrets management. Proven strategies include context-aware security, rigorous governance, and bridging gaps between security and R&D teams to proactively identify and address vulnerabilities. Investing in comprehensive NHI security solutions and fostering collaboration ensures resilience against evolving cyber threats and supports sustainable digital transformation. Key Challenge The article reports that organizations are increasingly vulnerable to security breaches centered around Non-Human Identities (NHIs), which include…
Summary Points Zero Trust security shifts the focus from reactive threat detection to proactive containment, with Application Control and Ringfencing forming its core defense strategies. Ringfencing restricts approved applications’ access to files, network, and other processes, effectively preventing malicious misuse and lateral movement within networks. Implementing Ringfencing involves phased deployment, starting with high-risk applications, continuous monitoring, simulations, and gradual organization-wide scaling to minimize disruption. The approach enhances operational efficiency, reduces SOC alert fatigue, and bolsters security by proactively containing threats, supporting a comprehensive Zero Trust model. What’s the Problem? The article details a cybersecurity strategy centered around ThreatLocker’s Ringfencing™, which…
Top Highlights Hackers are actively exploiting a critical remote code execution (RCE) vulnerability in 7-Zip (CVE-2025-11001), caused by mishandling symbolic links in ZIP archives, risking malware infection and system breaches for millions worldwide. The flaw enables directory traversal and arbitrary file write exploits, potentially allowing attackers to overwrite system files, inject malicious payloads, or escape sandbox environments, heightening its danger. Discovered by GMO Flatt Security Inc., a proof-of-concept exploit has been released, lowering the attack barrier and facilitating real-world attacks through simple actions like opening malicious ZIP files. All users and organizations must immediately update to 7-Zip version 25.00 or…
Essential Insights Over 50,000 unsecured ASUS routers globally, mainly in Taiwan, the U.S., and Russia, have been compromised in a campaign called Operation WrtHug, involving exploitation of six known vulnerabilities. The malware campaign leverages a unique self-signed TLS certificate with a 100-year expiration, primarily targeting ASUS AiCloud services to gain high privileges. Attackers exploit multiple CVEs (notably CVE-2023-41345 to CVE-2025-2492) to take control, with some links to Chinese-origin botnets like AyySSHush, LapDogs, and PolarEdge. The operation is likely driven by Chinese-affiliated threat actors, aiming for widespread, persistent backdoor access across targeted routers through command injections and authentication bypasses. The Core…
Manufacturing Sector Under Siege: The Rising Threat of Hackers on Operational Technology
Fast Facts Manufacturing Sector Targeted: A Trellix report reveals that 42% of cyber attacks on operational technology systems target the manufacturing sector, followed by transportation, utilities, energy producers, and aerospace. Evolving Attack Techniques: Over the past five years, attacks have shifted from accidental IT spillovers to deliberate targeting of critical infrastructure, exploiting vulnerabilities between IT and OT networks. Critical Vulnerabilities: Boundary devices bridging networks present significant risks; hackers increasingly exploit these due to commonplace vulnerabilities, leading to potential manipulation or damage to industrial equipment. Urgent Security Measures Needed: To combat threats, Trellix recommends network segmentation, zero-trust access, vendor compliance, and…
Quick Takeaways The U.S., Australia, and the U.K. sanctioned the Russian company Media Land and its leaders for providing “bulletproof hosting” services to ransomware gangs, which have facilitated cyberattacks including DDoS on U.S. critical infrastructure. Media Land has supplied infrastructure to notorious ransomware groups like LockBit and BlackSuit, playing a key role in cybercriminal activities. The sanctions also targeted Media Land’s executives, subsidiaries, and associated companies, as well as increased pressure on Aeza Group and its front company Hypercore for evading previous sanctions. Authorities emphasized the importance of collective action and issued guidance to internet service providers to help mitigate…
Essential Insights The U.S., UK, and Australia sanctioned Media Land, a Russia-based bulletproof hosting provider, and key personnel for enabling ransomware and cybercrime, notably supporting groups like LockBit and BlackSuit. Despite sanctions, Media Land’s infrastructure remains active until peering partners cutoff services, highlighting challenges in disrupting cybercrime operations. Authorities emphasize that bulletproof hosting underpins much of modern cybercrime, including malware, phishing, ransomware, and extortion, making it a critical target for law enforcement. A cooperative mitigation guide was issued to help defenders combat these infrastructures, but experts stress the need for intensified law enforcement pressure on peering partners to disrupt the…
Fast Facts Senator Maria Cantwell urges the FCC to maintain cybersecurity rules for telecommunications companies, emphasizing the need for enhanced protection against threats following China’s Salt Typhoon espionage attacks. Proposed FCC vote to repeal these cybersecurity regulations has raised concerns, with Cantwell asserting that they align with current network realities and ensure accountability for providers. The Salt Typhoon incident highlighted severe vulnerabilities, compromising nine U.S. telecom networks and exposing sensitive communication records to China-linked hackers. Cantwell challenges FCC Chairman Brendan Carr’s assertion that voluntary industry cooperation is sufficient, citing failures in threat detection and accountability among telecom firms. Senator’s Call…
Top Highlights Amazon’s threat intel reveals Iran-linked groups, Imperial Kitten and MuddyWater, used cyber reconnaissance to enable physical attacks, such as missile strikes, exemplifying ‘cyber-enabled kinetic targeting’. Imperial Kitten compromised maritime systems, collecting real-time visual data, which correlated with actual missile strikes by Iran’s allies, indicating cyber operations directly supported kinetic military actions. MuddyWater leveraged hacked security cameras for real-time intelligence before Iran launched missile attacks, demonstrating a deliberate integration of cyber espionage with physical warfare. Amazon advocates for recognizing ‘cyber-enabled kinetic targeting’ as a growing warfare trend, urging organizations to adapt defenses for threats spanning both digital and physical…