Author: Staff Writer

Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Fast Facts Non-Human Identities (NHIs) are crucial machine identities—containing encrypted secrets and permissions—that underpin scalable cybersecurity, especially in cloud environments, bridging security and R&D gaps. Effective NHI management, through context-aware platforms, enhances security, compliance, operational efficiency, and cost savings by monitoring ownership, usage, and vulnerabilities across the machine identity lifecycle. Integrating NHI management with existing security frameworks enables proactive threat detection, real-time anomaly analysis, and scalable protection that evolves with organizational growth. Embracing NHIs offers strategic advantages beyond compliance—fostering innovation, empowering teams, and creating a resilient, security-first cloud ecosystem for long-term success. Underlying Problem The story reports on the increasing…

Read More

Summary Points Amazon’s threat intelligence detected a highly-resourced threat actor exploiting zero-day vulnerabilities in Cisco ISE and Citrix NetScaler before official patches were released, demonstrating advanced attack capabilities and deep knowledge of enterprise systems. The attacker used custom malware with sophisticated evasion techniques for targeted espionage, exploiting the vulnerabilities as early as May, predating vendor disclosures in June. Over 11.5 million attack attempts were observed by mid-July, highlighting the widespread and ongoing exploitation of these critical vulnerabilities shortly after their disclosure. The attacker’s use of multiple zero-day exploits indicates advanced vulnerability research abilities or access to undisclosed exploit information, underscoring…

Read More

Top Highlights Google has filed a lawsuit to shut down “Lighthouse,” a phishing-as-a-service platform used by cybercriminals to conduct SMS-based smishing scams impersonating USPS and E-ZPass, affecting over 1 million victims globally and stealing up to 115 million payment cards in the US. Lighthouse provides customizable phishing templates, including branded sites designed to steal personal and financial information, with at least 107 templates featuring Google’s branding to deceive victims and boost scam credibility. The platform is linked to Chinese threat actors like “Wang Duo Yu,” who sell and support phishing kits via Telegram, enabling threat actors to send evasion-capable SMS…

Read More

Essential Insights Google filed a lawsuit against the Chinese-operated cybercriminal group “Smishing Triad,” targeting SMS phishing campaigns worldwide that impersonate services like USPS, banks, and social media. The group’s “Lighthouse” phishing kit targeted over 1 million users across 120+ countries, stealing an estimated 12-115 million credit cards in the U.S. alone. Google aims to dismantle the group’s infrastructure using legal claims under multiple acts, enabling seizure of malicious domains and unmasking perpetrators’ identities. Major tech companies, including Google and Microsoft, are actively pursuing legal actions and supporting bipartisan bills to combat cyber-enabled scams and fraud. Key Challenge Google recently took…

Read More

Fast Facts DanaBot, a banking Trojan first exposed as a MaaS, has reemerged with a new version (669), utilizing Tor (.onion) domains and “backconnect” nodes for command-and-control infrastructure, six months after law enforcement disrupted its previous activity. Despite Operation Endgame in May, which significantly degraded DanaBot’s operations, the malware’s infrastructure has been rebuilt, demonstrating cybercriminal resilience driven by ongoing financial incentives. DanaBot primarily spreads through malicious emails, SEO poisoning, and malvertising, sometimes leading to ransomware attacks, and now incorporates new indicators of compromise that organizations can add to their defenses. The malware has been associated with cryptocurrency theft, utilizing BTC,…

Read More

Quick Takeaways Google filed a lawsuit against 25 alleged Chinese cybercriminals, targeting their SMS phishing scheme “Lighthouse” that has victimized over 1 million people across 121 countries. The operation used fraudulent websites and messages that exploited Google’s trademarks, stealing personal and financial information, and causing millions of dollars in damages. The lawsuit seeks court orders to block Lighthouse-related IPs and domains, aiming to disrupt the scam’s infrastructure and raise user awareness. Google also endorsed three bills to combat scams, focusing on law enforcement, robocall elimination, and national strategy development against scam networks. Underlying Problem Google filed a lawsuit on Wednesday…

Read More

Top Highlights Cyberattacks targeting Android devices surged significantly in energy, healthcare, government, and transportation sectors from June 2024 to May 2025, with increases as high as 387% in the energy sector. Manufacturing accounted for 26% of all cyberattacks on Android devices, highlighting its vulnerability due to interconnected operational technology, which poses severe disruption risks. The rise in IoT malware is alarming, with educational institutions reporting an 861% increase year-over-year, driven by a growing reliance on smart devices amid limited cybersecurity resources. The U.S. faced 54% of observed IoT attacks, prompting the need for robust monitoring and network segmentation strategies to…

Read More

Summary Points Google has filed a lawsuit against China-based hackers behind the Lighthouse Phishing-as-a-Service platform, which has targeted over 1 million users across 120 countries, generating more than a billion dollars in three years. The platform uses fake brand websites, including Google, to carry out large-scale SMS phishing scams, exploiting brand trust to steal financial information and personal data. Lighthouse and related PhaaS platforms operate within a Chinese cybercrime ecosystem, sending thousands of smishing messages and targeting global brands, with licensing prices from $88 to $1,588 annually. Chinese syndicates have compromised millions of payment cards and developed advanced tools like…

Read More

Essential Insights Erik Lee Madison, a 20-year-old Maryland man linked to the violent extremist group 764, is in federal custody facing charges related to child sexual exploitation, coercion, and cyberstalking, with alleged victimization of at least five minors since 2020. Madison used platforms like Discord, Roblox, Instagram, Snapchat, and Telegram to target and threaten minors, with evidence found on his iCloud and phone, including child sexual abuse material and conduct involving animal abuse. Law enforcement has identified a pattern of criminality among 764 members, including arrests of leaders and members accused of exploiting minors and distributing child sexual abuse material,…

Read More

Essential Insights Targeted Vulnerabilities: An advanced persistent threat actor has been exploiting zero-day vulnerabilities in Cisco Identity Service Engine (ISE) and Citrix, specifically the CitrixBleed 2 vulnerability (CVE-2025-5777). Early Detection: Amazon’s MadPot honeypot service detected exploitation activities targeting CitrixBleed 2 prior to its public disclosure, emphasizing the urgency of addressing these vulnerabilities. Critical Cisco Vulnerability: A previously undocumented vulnerability in Cisco ISE (CVE-2025-20337) enables pre-authentication remote code execution, granting attackers administrator-level access to compromised systems. Custom Malware Deployment: The hacker deployed a sophisticated backdoor disguised as a legitimate Cisco ISE component, showcasing a tailored approach rather than using common off-the-shelf…

Read More