- Home
- Cybercrime and Ransomware
- Emerging Tech
- Threat Intelligence
- Expert Insights
- Careers and Learning
- Compliance
Subscribe to Updates
Subscribe to our newsletter and never miss our latest news
Subscribe my Newsletter for New Posts & tips Let's stay updated!
Author: Staff Writer
John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.
Fast Facts The article emphasizes that implementations of OAuth 2.0, particularly the device code flow, can greatly influence the attack surface and severity of exploits such as device code phishing, with Microsoft’s implementation being far more vulnerable than Google’s due to scope restrictions. In Azure, attackers can leverage the device code flow to generate highly potent tokens that grant extensive access (e.g., reading emails, joining devices), because Azure permits broad scope and resource specification during authentication, making it susceptible to powerful phishing attacks. Conversely, Google’s implementation limits the scope of OAuth permissions when using device code flow, restricting attack vectors…
Fast Facts Apple released iOS 26.1 and iPadOS 26.1 to fix over 50 security issues, addressing privacy leaks, app crashes, and data breaches across compatible iPhone and iPad models. The updates patch vulnerabilities in core components like WebKit, Kernel, and Accessibility, with key fixes preventing malicious apps from snooping data, causing system crashes, or escaping sandbox restrictions. Significant improvements include protections against cross-origin data theft, keystroke monitoring, and device disablement, enhancing user privacy and device security. Experts emphasize immediate updates due to susceptibility to zero-day exploits, with Apple crediting various security researchers for discovering these critical flaws. The Issue Apple…
Summary Points Three ex-employees of DigitalMint and Sygnia have been indicted for allegedly hacking five U.S. companies using BlackCat ransomware, with charges of conspiracy, extortion, and computer damage, risking up to 20 years in prison. The defendants, including a former ransomware negotiator and incident response manager, operated as BlackCat affiliates, stealing data, encrypting systems, and demanding ransoms ranging from $300,000 to $10 million, though only $1.27 million was paid. Victims included firms across healthcare, pharmaceuticals, manufacturing, and engineering, with the DOJ and FBI linking BlackCat to over 60 breaches and $300 million in ransom profits since late 2021. The investigation…
Quick Takeaways Effective Non-Human Identity (NHI) management—covering discovery, classification, threat detection, and remediation—enhances cybersecurity by reducing risks, improving compliance, and increasing operational efficiency. Securing machine secrets (e.g., API keys, tokens) through encryption, automated rotation, and strict protocols is crucial to prevent unauthorized access and data breaches. Automation and cross-team collaboration—integrating AI, machine learning, and zero-trust principles—are vital for scalable, proactive NHI lifecycle management and threat mitigation. Cultivating a security-conscious culture and continuously refining strategies ensures NHI management remains a core pillar of resilient, future-proof cybersecurity frameworks. What’s the Problem? The story, as reported by Angela Shreiber from Entro, explains how…
Top Highlights Managing Non-Human Identities (NHIs), including secrets and permissions, is crucial for securing digital ecosystems and bridging gaps between security and R&D teams. A holistic, lifecycle-based NHI management approach offers benefits like reduced risks, compliance, efficiency, visibility, and cost savings, especially in cloud and diverse industry environments. Advanced practices like NHIDR emphasize continuous monitoring, anomaly detection, automation, and behavioral analytics to enhance proactive threat detection and machine identity resilience. Collaborative, innovative, and automated NHI strategies enable organizations to strengthen cybersecurity defenses, ensure regulatory compliance, and foster growth through trust and technological agility. What’s the Problem? The story explains how…
Fast Facts Non-Human Identities (NHIs) are machine counterparts to human user identities, using secrets and permissions to ensure authorized access to data and resources, forming an essential part of modern cybersecurity. Effective NHI management enhances cloud security by reducing risks, ensuring compliance, increasing operational efficiency, providing better visibility, and cutting costs through automation and holistic lifecycle management. Incorporating context-aware intelligence and automation in NHI management enables real-time threat detection, adaptive security protocols, and reduces human error, strengthening overall organizational security. Ethical considerations, including transparency, data privacy, and fostering a security-aware culture, are vital for responsible NHI management, ensuring trust, regulatory…
Top Highlights KELA launched the National Cyber Resilience Suite to enhance defenses of governments, CERTs, and law enforcement against nation-state and organized cyber threats. The suite utilizes AI-driven analysis, proprietary data lakes, and intelligence fusion to provide early warning, threat visibility, and risk reduction for critical national assets. Key modules include monitoring APT campaigns, securing critical sectors like energy and finance, and supporting cybercrime investigations on dark web platforms. The solution offers flexible deployment, integrating comprehensive cyber threat data and tools to enable rapid, strategic responses to evolving cyber threats. What’s the Problem? KELA has launched its National Cyber Resilience…
Prosecutors accuse incident responders of using ALPHV/BlackCat in a series of ransomware attacks
Summary Points Three U.S.-based cybersecurity professionals, including Ryan Goldberg and Kevin Martin, allegedly used the BlackCat ransomware to breach five U.S. companies in 2023, disguising their activities as cybersecurity efforts. They received nearly $1.3 million in ransom from a Florida medical company but failed to extort other victims, prompting indictments on charges of conspiracy, extortion, and computer damage. Goldberg, who was a cybersecurity incident response director, and Martin, a ransomware negotiator, were arrested and face up to 50 years in prison; Goldberg admitted to FBI his role in the attacks. The group behind BlackCat has a notorious reputation, linked to…
Top Highlights Yuriy Rybtsov, a Ukrainian developer linked to the Jabber Zeus cybercrime group, has been extradited from Italy to the US to face charges. The group exploited the Zeus banking trojan and Jabber messaging to steal millions from victims’ bank accounts, primarily targeting small to mid-sized businesses. Rybtsov is accused of managing notifications and laundering proceeds, and his extradition followed a failed Italian legal appeal in April 2025. The Jabber Zeus gang, led by Vyacheslav Penchukov, has caused significant financial damage, with other members later forming ransomware and other malicious hacking groups. Key Challenge Yuriy Igorevich Rybtsov, a Ukrainian…
Top Highlights Cybersecurity Breaches: Canadian authorities warned that hacktivist groups have breached critical infrastructure, including water and energy facilities, by manipulating exposed industrial control systems. Examples of Tampering: Incidents included tampering with pressure valves at a water facility and manipulating gauges at oil and gas companies and grain silos. Preventive Measures Suggested: Officials recommend securing industrial control systems behind virtual private networks and conducting regular security assessments and response exercises. Threat Landscape: The attacks are reminiscent of similar incidents in the U.S., linked to state-affiliated hackers, particularly pro-Russian groups exploiting known vulnerabilities in internet-connected systems. Hacktivists Target Critical Infrastructure Canadian…