- Home
- Cybercrime and Ransomware
- Emerging Tech
- Threat Intelligence
- Expert Insights
- Careers and Learning
- Compliance
Subscribe to Updates
Subscribe to our newsletter and never miss our latest news
Subscribe my Newsletter for New Posts & tips Let's stay updated!
Author: Staff Writer
John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.
Summary Points Cybercrime’s Real-World Impact: Cybercrime has evolved beyond the internet, now directly funding organized crime and causing physical and economic harm through compromised trusted apps. Vulnerabilities Resurface: Hidden vulnerabilities in Windows GDI have been found to allow risks like remote code execution, highlighting challenges in patching and vulnerability management. Blending Threats: Cyber gangs in Europe are increasingly mixing digital and physical extortion methods, with a 13% rise in ransomware targeting various sectors and showcasing violent tactics. Emerging Malicious Trends: Researchers have identified trends such as AI-assisted malware analysis, a surge in phishing campaigns across Asia utilizing multilingual tactics, and…
Top Highlights A new threat group, InedibleOchotense, disguises itself as ESET to launch spear-phishing attacks targeting Ukrainian entities, using trojanized installers and C# backdoors for remote access. The campaign overlaps with Sandworm activity, indicating Russia-aligned actors employing destructive wiper malware and targeted cyber operations in Ukraine’s critical sectors. RomCom, another Russia-linked actor, exploited a WinRAR zero-day to deploy backdoors, leveraging geopolitical tensions to support Russian interests via credential and data theft. Cyber threats in Ukraine persist with sophisticated tactics, including impersonation, malware deployment, and leveraging recent vulnerabilities to destabilize key sectors. What’s the Problem? In 2025, a new and sophisticated…
Summary Points State-Sponsored Attack: SonicWall confirmed that a state-sponsored threat actor was responsible for recent attacks on its MySonicWall cloud backup service, impacting all customers. Commitment to Transparency: CEO Bob VanKirk emphasized ongoing communication and accountability during the incident, addressing customer concerns through updates and Q&A sessions. Governance Changes Implemented: SonicWall is enacting major governance changes and adopting “secure by design” practices to enhance its security culture following the incidents. No Impact on Core Products: The attack did not affect any SonicWall products, firmware, or customer networks, allowing for continued operational stability. State-Linked Actors Targeting Cybersecurity SonicWall revealed a troubling…
Google Uncovers PROMPFLUX; CISA Warns of Web Panel Bug; Threat Group Targets Academics
Summary Points Google has discovered “PROMPTFLUX,” an AI-powered malware that dynamically rewrites its code to evade detection, highlighting evolving threats using AI for malware adaptation. A critical remote code execution flaw in CentOS Web Panel is actively exploited, prompting urgent updates or discontinuation by federal agencies to prevent shell injection attacks. New threat group “UNK_SmudgedSerpent” targeted academics focused on Iran with credential theft and malware, illustrating ongoing espionage efforts in geopolitical cyber conflicts. Cybersecurity risks in operational technology (OT) environments increase due to legacy systems and expanded attack surfaces, emphasizing the need for comprehensive visibility and modern security strategies. Problem…
Fast Facts The Gootloader malware campaign has reemerged with advanced evasion techniques, including manipulating ZIP archives to bypass automated security scans by producing different extraction results depending on the tool used. It continues targeting victims through SEO poisoning with legal-themed keywords, directing users to compromised sites hosting malicious JScript payloads under the guise of legitimate legal resources. The campaign employs sophisticated content gating, displaying benign content to some users while presenting convincing, spoofed legal webpages to others based on location, browser, or referrer filters. Its persistence has shifted from scheduled tasks to a chain of .LNK shortcuts in startup folders,…
Summary Points Ransomware attacks surged by 25% in October, with 684 incidents marking the third-highest monthly total of the year; manufacturing remained the most targeted sector. The healthcare sector experienced a 115% increase in attacks, rising from 26 to 56 incidents, with confirmed attacks in France, Australia, and the U.S. causing significant disruptions. The U.S. led attack counts with 374, a 33% rise, and global manufacturing faced notable incidents, including data theft up to 29.8 TB by Qilin, the most active ransomware group in 2025. Top ransomware groups included Qilin (most active), Akira, Sinobi, and Clop, with over 162 terabytes…
Fast Facts Cisco released critical security updates for UCCX, patching a severe vulnerability (CVE-2025-20354) that allows remote attackers to execute commands with root privileges via Java RMI process exploitation. Another flaw in the CCX Editor application enables unauthenticated attackers to bypass authentication and run arbitrary scripts with admin rights by redirecting authentication flows. Additional vulnerabilities (e.g., CVE-2025-20343) in Cisco ISE and other contact center products could lead to DoS attacks, privilege escalation, or unauthorized access, with some exploited in the wild. Cisco warns organizations to update affected software immediately, noting no public exploit code for the UCCX flaws and recent…
Fast Facts Cyber resilience has shifted from best practice to regulatory requirement, necessitating cross-functional and complex crisis simulation exercises globally, such as DORA, CORIE, and others. Traditional Excel-based tabletop exercises have evolved into comprehensive, scenario-rich simulations involving technical, human, and strategic components, which are increasingly complex to manage. Filigran’s OpenAEV platform enables integrated, end-to-end scenario simulations blending technical breaches and human responses, streamlining preparation, logistics, and continuous improvement processes. Automating and synchronizing team, threat, and response data within these simulations enhances efficiency, realism, and readiness, empowering organizations to build confidence and comply with evolving cyber resilience standards. The Issue The…
Quick Takeaways Authorities across three continents, including Germany, conducted a large-scale operation against a multi-national fraud and money laundering network, resulting in 29 searches and 18 arrests. The scheme involved stealing credit card data from victims in 193 countries to create over 19 million fake subscriptions, causing damages exceeding 300 million euros since 2016. Perpetrators compromised four major German payment providers using specially developed software, and operated fake websites to charge small fees, often unnoticed by victims. The investigation, called “Operation Chargeback,” was initiated from suspicious patterns flagged by the anti-money laundering authority FIU and included extensive international legal cooperation,…
Fast Facts DragonForce, active since 2023, rebranded as a ransomware ‘cartel’ in early 2025, offering affiliates 80% profits, customizable encryptors, and infrastructure, thus expanding its global attack footprint. The group uses BYOVD attacks and has strengthened its ransomware encryptor after weaknesses were exposed in other malware, tying its code closely to leaked Conti v3 source code and sharing overlaps with LockBit Green. Its partnership with cybercriminal group Scattered Spider involves sophisticated social engineering, reconnaissance, and deployment techniques, enabling extensive network infiltration, lateral movement, and file encryption across multiple platforms. The expanding number of affiliates—such as Devman and Mamona—along with overlaps…