- Home
- Cybercrime and Ransomware
- Emerging Tech
- Threat Intelligence
- Expert Insights
- Careers and Learning
- Compliance
Subscribe to Updates
Subscribe to our newsletter and never miss our latest news
Subscribe my Newsletter for New Posts & tips Let's stay updated!
Author: Staff Writer
John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.
Essential Insights DrillDocs proactively deployed KeeperPAM, addressing privileged access risks through zero-knowledge session architecture and role-scoped access, significantly reducing credential exposure and enhancing security. The platform’s rapid two-hour deployment highlights the maturity and practicality of cloud-native PAM solutions, especially for mid-market organizations with limited implementation capacity. Managing non-human machine credentials separately before human privileged access ensures a disciplined, comprehensive security architecture, reducing overall attack surfaces. External partner access, especially on personal devices, presents a high-risk pattern across industries; fast revocation and audit capabilities are critical in mitigating emerging third-party access threats. Growing Risks from Third-Party Privileged Access In today’s digital…
Summary Points Security architecture should be established early, using hardware roots of trust to prevent costly post-deployment fixes. Post-quantum cryptography readiness is crucial for long-term security, especially for systems with 20+ year lifespans in regulated environments. Certified hardware security components like OPTIGA TPM streamline compliance with evolving industrial regulations and standards. Designing with a long-term perspective, including post-quantum capabilities, significantly reduces operational and regulatory risks over a system’s lifespan. Planning for Long-Term Security in Physical AI Physical AI systems, such as robots in factories or hospitals, need careful planning for security. This is because a system’s safety depends on its…
ASSERT transforms natural-language behavioral specifications into detailed, executable evaluation pipelines by automatically generating test cases, datasets, metrics, and scorecards tailored to specific AI behaviors. The framework enhances evaluation relevance and coverage by systematizing behavior definitions into explicit taxonomies, stratified test scenarios, and comprehensive trace recordings, enabling nuanced analysis of AI performance on application-specific behaviors. Validation studies show ASSERT achieves higher coverage and more meaningful evaluation signals compared to traditional methods, with LLM judges matching human review 80–90% of the time, affirming its effectiveness and interpretability. Designed for narrow, well-defined behaviors, ASSERT is open-source, promotes explicit behavior specification, and facilitates faster,…
Fast Facts The FBI, Google, and Lumen Technologies dismantled a China-based cybercrime network, "Outsider," responsible for approximately $1.9 billion in losses through phishing attacks across 55 countries. The operation, “Operation Ghost Hook,” seized key domains, wallets, and server infrastructure, and traced nearly 3.9 million stolen credit card details linked to Outsider’s phishing domains. Outsider provided AI-powered phishing kits for a low weekly fee, enabling scammers to mimic trusted brands and bypass security measures with customizable fake sites and multifactor authentication tricks. Authorities highlighted ongoing efforts like “Operation Riptide” to target the criminal infrastructure, with Google advocating legislative changes to better…
Malicious NPM Campaign Steals SSH Keys, API Tokens, Cloud Credentials & Wallet Secrets
Quick Takeaways A large-scale, coordinated supply chain attack on npm packages exploited install hooks to steal sensitive secrets like SSH keys, API tokens, and wallet phrases, affecting millions of downloads and potentially millions of developer environments. Attackers used sophisticated techniques such as obfuscated code, Ethereum smart contract queries, and dynamic infrastructure retrieval to avoid detection and exfiltrate data silently to attacker-controlled wallets and servers. Several packages, including moralis-sdk and others, were weaponized after initial legitimacy, employing remote activation and blockchain-based data exfiltration, highlighting the complexity and stealth of the campaign. To mitigate risks, organizations should run npm installs with scripts…
Fast Facts A former member of the notorious Conti ransomware group, Oleksii Lytvynenko, pleaded guilty to participating in over 1,000 global attacks that caused millions in damages and extorted more than $150 million. Lytvynenko admitted to developing malware used by Conti, holding data on multiple U.S. victims, and extorting approximately $634,000 in Bitcoin from victims in Tennessee, including government entities. Despite the group’s disbandment in 2022, Lytvynenko continued cybercriminal activities afterward, and he was arrested in Ireland in July 2023, later extradited to the U.S. and remains in custody. Prosecutors emphasize that his guilty plea marks a significant step in…
Summary Points Attackers compromised over 400 AUR packages by modifying build scripts to install malware that harvests credentials, browser data, tokens, SSH keys, and cloud credentials. The malware includes a credential-stealing Rust binary that exfiltrates sensitive information via HTTP and Tor, with rootkit capabilities for stealth. The attack exploits trust in orphaned or long-maintained packages, emphasizing the need for thorough verification of build scripts and immediate credential rotation after infection. Threat, Attack Techniques, and Targets Recently, attackers hijacked over 400 packages in the Arch User Repository (AUR). They manipulated the build scripts of these packages to install malicious payloads during…
Top Highlights Threat actor “ANONYMOUS HOTZ /// APT” claims responsibility for a DDoS attack on Meta platforms, demanding $100,000 in cryptocurrency, with threats of further infrastructure collapse if unpaid. No verified technical evidence links the dark web claim to the recent Meta outage, which may instead result from infrastructure issues, not an external cyberattack. Authorities advise caution against engaging with dark web extortion claims until independent verification, emphasizing no confirmed connection to the outage at this time. Threat, Attack Techniques, and Targets The dark web threat group called “ANONYMOUS HOTZ /// APT” claims responsibility for a DDoS attack targeting Meta…
Fast Facts Attackers hijacked over 400 AUR packages by altering build scripts to install a credential-stealing malware, targeting developer secrets and sensitive tokens. The malware harvests browser cookies, session tokens, cloud credentials, SSH keys, and more, transmitting data via HTTP and Tor for stealth and persistence. The attack leverages trust in package names and histories, with compromised packages silently executing malicious payloads during build, including rootkit capabilities for hiding malicious activity. Threat Overview, Techniques, and Targets Recently, attackers hijacked over 400 packages in the Arch User Repository (AUR). They changed the build scripts of these packages to install malicious code…
Summary Points Fancy Bear (APT28), a notorious Russian threat group, has shifted to using hijacked home routers and consumer devices to create an almost untraceable shadow network, replacing traditional infrastructure. This group has targeted over 200 organizations and 5,000 consumer devices globally, blending attack traffic into normal internet activity to stay hidden. Their evolving tactics include deploying disposable malware tools, hijacking routers (including Ubiquiti, MikroTik, and TP-Link), and using legitimate cloud services as covert command channels to evade detection. To defend against these stealthy attacks, organizations should update device firmware, enforce multi-factor authentication for cloud services, and audit OAuth permissions…