Author: Staff Writer

Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Top Highlights Oleksii Lytvynenko, a Ukrainian national associated with the Conti ransomware group, pleaded not guilty to charges in the U.S. that could result in up to 25 years in prison for cybercrimes involving over 1,000 victims globally. He was extradited from Ireland where he had protection status, with allegations including network infiltration, data theft, encryption, ransom demands, and extorting approximately $150 million. Lytvynenko and his co-conspirators targeted victims in Tennessee and globally, stealing data and demanding multi-million dollar ransoms, with some cases involving leaked data after ransom refusals. Prosecutors emphasize ongoing cybercriminal activity by Lytvynenko up until his arrest,…

Read More

Quick Takeaways A suspected nation-state actor has developed Airstalk malware, leveraging the AirWatch API for covert command-and-control communication, primarily targeting enterprise browsers and mobile device management systems. The malware exists in PowerShell and more advanced .NET variants, capable of capturing browser data, executing commands, and exfiltrating information using API features like blobs for large data transfers. The .NET version expands capabilities to include additional browsers like Edge and Island, employs multiple threads for tasks, and uses stolen valid certificates for signing, indicating a sophisticated, targeted supply chain operation. The attack likely targets the BPO sector, using evasion techniques that enable…

Read More

Top Highlights A Ukrainian national, Oleksii Lytvynenko, arrested in Ireland for involvement in Conti ransomware attacks, has been extradited to the US to face charges. Lytvynenko, accused of cybercrimes from 2020 to 2023, is linked to extorting over $500,000 through ransomware schemes targeting victims in Tennessee. He was charged with computer fraud and wire fraud, facing up to 25 years in prison, with the US authorities highlighting the global impact of the Conti operation, which made over $150 million. The US is actively pursuing cybercriminals from Ukraine and Russia, with recent arrests and ongoing investigations into major ransomware groups like…

Read More

Summary Points Over 70 countries signed the UN cybercrime treaty promoting a global approach to cybercrime prevention, but the US has not yet signed, raising concerns over potential misuse by authoritarian regimes. A surge in NFC relay malware targeting mobile devices is exploiting NFC and host card emulation to steal payment data, with over 760 malicious apps identified. European authorities filed a criminal complaint against Clearview AI for non-compliance with data protection laws amid ongoing fines and legal challenges. New Android malware, Herodotus, mimics human behavior to evade detection and steal sensitive data, while cybersecurity advances include Mastercard’s threat intelligence…

Read More

The event titled “Cloud resiliency with Azure Essentials and shared responsibility” focuses on teaching organizations how to create reliable, always-on cloud solutions. It will take place online on a specified date and is geared towards IT professionals, cloud engineers, and decision-makers interested in improving their cloud infrastructure’s resilience. Attendees will learn practical strategies for building fault-tolerant systems, implementing disaster recovery, and maintaining high availability across Azure solutions. This event emphasizes the importance of proactive planning and shared accountability between customers and Microsoft. During the event, participants will explore how Azure Essentials provides tools, guidance, and best practices to enhance cloud…

Read More

Fast Facts A China-affiliated threat group, UNC6384, exploited a Windows shortcut vulnerability (CVE-2025-9491) to target European diplomatic and government entities with spear-phishing campaigns from September to October 2025. The attacks involved malicious LNK files delivering the PlugX remote access trojan, leveraging multi-stage chains that include PowerShell commands, decoy documents, and encrypted payloads. The malware exhibits advanced features such as modular architecture, anti-debugging measures, and persistent capabilities, suggesting active development and adaptability. The campaign primarily aimed to gather intelligence on European defense and diplomatic activities, aligning with Chinese strategic interests in European cooperation and security. The Core Issue Between September and…

Read More

Fast Facts The McCrary Institute report warns that PRC-linked ‘Typhoon’ cyber campaigns target U.S. critical infrastructure—including energy, water, telecom, transportation, and healthcare—to probe vulnerabilities for potential future disruptive operations. These campaigns demonstrate a strategic shift from espionage to long-term, system-wide disruption, posing severe risks such as power outages, water contamination, telecom interception, and transportation delays—aimed at delaying U.S. military and economic responses. Current U.S. and allied responses—public attributions, sanctions, indictments—are limited by difficulties in attribution, weak international legal norms, and Beijing’s use of third-party intermediaries to obscure attribution, undermining effective deterrence. To counter these evolving threats, the report emphasizes the…

Read More

Quick Takeaways A Chinese threat group, UNC6384 (linked to Mustang Panda), is exploiting an unpatched Windows shortcut vulnerability (CVE-2025-9491, CVSS 7.0) to target European diplomats with spear-phishing and malicious LNK files. The vulnerability enables malicious code to remain hidden in file properties, facilitating the delivery of malware such as PlugX RAT through specially crafted LNK files related to diplomatic events. Microsoft has not released patches for CVE-2025-9491, citing the issue as not meeting the servicing criteria, despite detection efforts by security firms like Trend Micro and Arctic Wolf. Arctic Wolf attributes ongoing attacks since September 2025 to UNC6384, indicating a…

Read More

Top Highlights A China-linked hacking group, UNC6384 (Mustang Panda), is exploiting a high-severity Windows zero-day (CVE-2025-9491) through spearphishing emails, targeting European diplomats to deploy malware and steal sensitive information. The zero-day vulnerability in .LNK files allows remote code execution, with attackers hiding malicious commands; user interaction (opening infected files) is required for exploitation. The campaign has expanded from Hungarian and Belgian targets to include other European entities like Serbia, Italy, and the Netherlands, indicating broadening espionage efforts. Despite the threat’s severity, Microsoft has not yet issued a security patch; cybersecurity experts recommend blocking .LNK files and C2 connections to mitigate…

Read More

Quick Takeaways Cybercriminals are weaponizing AdaptixC2, a legitimate open-source framework, for global ransomware attacks, compromising over 250 organizations and generating $42 million in ransom since March 2023. AdaptixC2’s multi-platform design and diverse communication channels (mTLS, HTTP, SMB, BTCP) make it highly adaptable for sustained, covert operations. The framework is linked to Russian cybercriminal networks, with its primary developer “RalfHacker” associated with hacking forums and operating a Russian-language sales channel. Security researchers have developed detection signatures to combat the abuse of AdaptixC2, highlighting the importance of monitoring legitimate tools exploited for malicious purposes. Problem Explained Recently, a troubling shift has occurred…

Read More