- Home
- Cybercrime and Ransomware
- Emerging Tech
- Threat Intelligence
- Expert Insights
- Careers and Learning
- Compliance
Subscribe to Updates
Subscribe to our newsletter and never miss our latest news
Subscribe my Newsletter for New Posts & tips Let's stay updated!
Author: Staff Writer
John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.
MITRE Unveils ATT&CK v18 & Advisory Council, Expanding ICS Framework with New Asset Objects
Quick Takeaways MITRE expanded its ATT&CK for ICS framework with new Asset objects, including DCS Controllers, Firewalls, and Switches, to better represent industrial equipment and attack scenarios, and introduced Related Assets for sector-specific terminology alignment. The update clarifies and enhances Asset descriptions, distinguishes between platforms and assets, and links related devices, improving consistency and real-world mapping in industrial control environments. Future plans include updating detection strategies, expanding asset coverage, refining threat techniques, and incorporating community input, with ongoing focus on threats like cloud infrastructure, cybercrime, and geopolitical operations. MITRE launched the ATT&CK Advisory Council to formalize community engagement, gather strategic…
Quick Takeaways Japan-based Dentsu’s subsidiary Merkle experienced a data breach, compromising files related to clients, suppliers, and employees, including sensitive personal and financial information. The breach was detected via abnormal network activity, leading to system shutdowns and ongoing investigation, with impacted individuals receiving notifications and dark web monitoring. Dentsu reports that its Japan systems remain unaffected and suggests possible clandestine measures, including ransom payments, to prevent public disclosure of stolen data. The company has not confirmed a ransomware attack or any attribution to cybercrime groups, and the full financial impact is yet to be determined. The Issue Dentsu, a major…
Android Malware Mimics Humans, Sanctions Weaken Cyber Defenses, Intel and AMD Secrets Exposed
Essential Insights ThreatFabric’s Herodotus malware employs human-like typing patterns to evade detection, targeting banking and crypto apps in Italy and Brazil. Sanctions alone are ineffective at stopping cyberattacks but can complicate threat networks; effective strategies require combined diplomatic and law enforcement efforts. Researchers reveal a side-channel attack, TEE.Fail, capable of extracting secrets from Intel and AMD TEEs using inexpensive equipment, highlighting hardware vulnerability risks. The Oracle E-Business Suite zero-day vulnerability has impacted multiple companies, including Harvard, with the FBI warning of immediate risks; patches are urgently needed. The Issue Recent cybersecurity developments reveal a dangerous escalation in threat sophistication and…
Essential Insights The Beast ransomware group, evolving from Monster, launched in February 2025, quickly expanded its operations, including a Tor-based leak site by July, establishing a significant presence in the underground ransomware ecosystem. By August 2025, they targeted at least 16 organizations across multiple continents and sectors, using a decentralized partnership model that complicates attribution and tracking. Beast exploits network vulnerabilities by actively scanning SMB ports for lateral spread after initial phishing attacks, often deploying alongside credential-harvesting tools like Vidar Infostealer, enabling widespread and covert network infiltration. Its propagation method relies on exploiting trust within compromised networks, spreading horizontally through…
Magento Validation Flaw Used in the Wild to Hijack Sessions and Deploy Malicious Code
Summary Points A critical vulnerability, CVE-2025-54236 (SessionReaper), in Adobe Commerce/Magento allows attackers to hijack user sessions and execute remote code, affecting multiple versions and posing high risks with a CVSS score of 9.8. Discovered on September 9, 2025, and publicly exploited by October 22, it enables unauthorized access through inadequate input validation, leading to potential theft of sensitive data and long-term server backdoors. Over 250 Magento stores were compromised overnight, with attackers deploying web shells, malicious scripts, and reconnaissance tools, prompting rapid detection and blocking by security firms like Akamai. Immediate mitigation involves applying the latest patches, conducting system scans,…
Top Highlights Accusations of Cyberattacks: China has accused three alleged U.S. operatives, linked to the NSA, of conducting cyberattacks during the Asian Games in Harbin, targeting critical infrastructure and data systems. Nature of Attacks: The reported cyberattacks aimed to disrupt the Games’ operations and included assaults on critical infrastructure in Heilongjiang province and the tech company Huawei. China’s Response: Chinese officials condemned the actions as “extremely malicious,” urging the U.S. to cease cyberattacks and emphasizing the severe impact on national security and personal data. Ongoing Cyber Tensions: The incident underscores the ongoing cyber conflict between the U.S. and China, with…
Quick Takeaways Nearly 47% of organizations experienced a cyberattack involving third-party access in the past year, highlighting the growing risks associated with reliance on external service providers. Effective vetting of third-party providers now requires comprehensive, relationship-based processes that focus on trust, transparency, and ongoing dialogue, rather than just checkboxes. CISOs should ask targeted questions about leadership, risk management, data protection, incident response, and continuous improvement to assess third-party security posture. The integration of AI introduces new risks but also offers enhanced capabilities for vetting, monitoring, and verifying partner disclosures, making AI both a threat and a tool in managing third-party…
Essential Insights Speed and coordination in response are critical in cybersecurity, especially for critical infrastructure; reactive measures are often too late. Traditional SOCs focus on post-incident response without integrating broader business context, leading to costly delays and siloed risk management. The Resilience Risk Operations Center (ROC) is a proactive, collaborative hub that combines cyber, business, and financial intelligence to anticipate threats and inform faster decisions. Inspired by military multi-domain command centers, ROC promotes breaking down silos, leveraging real-time data, and aligning cyber defense with financial impact to enhance resilience. The Core Issue The story recounts a transformative approach to cybersecurity…
Fast Facts AI-Driven Threat Surge: Cybercriminals in Africa are leveraging AI to enhance phishing and impersonation attacks, with deepfake fraud incidents nearly tripling in the past year. Phishing Attack Effectiveness: AI-generated phishing campaigns are achieving a 54% click-through rate—4.5 times higher than traditional methods—by creating culturally relevant messages in local languages. Rising BEC and National Threats: Business Email Compromise (BEC) attacks, particularly in South Africa and Nigeria, account for 21% of successful threats in Africa, with more than 150 nation-state-linked cyber attacks recently reported. Need for Collaborative Defense: There is an urgent call for organizations and governments to adopt harmonized…
Atroposia Malware Kit: Lowering Barriers, Raising the Stakes for Enterprise Defenders
Summary Points Attackers can exploit hidden remote desktop features and DNS hijacking at the host level to operate covertly, even through HTTPS, bypassing many monitoring tools. The malware Atroposia uses encrypted channels and UI concealment, making detection difficult; anomalies like shadow RDP sessions and DNS changes are key indicators. Defenders should validate asset inventories, monitor for unknown remote services, analyze abnormal user activities, and incorporate telemetry data into alert systems. Implementing multi-factor authentication, restricting admin access, and isolating endpoints are critical measures to mitigate these sophisticated cyber threats. Underlying Problem The story details a sophisticated cyber threat involving malicious actors…