- Home
- Cybercrime and Ransomware
- Emerging Tech
- Threat Intelligence
- Expert Insights
- Careers and Learning
- Compliance
Subscribe to Updates
Subscribe to our newsletter and never miss our latest news
Subscribe my Newsletter for New Posts & tips Let's stay updated!
Author: Staff Writer
John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.
Essential Insights Svenska kraftnät confirmed a cyberattack that targeted an external file transfer solution, resulting in a data breach, but did not impact the power grid or critical systems. The incident was linked to the Everest ransomware group, which stole approximately 280 GB of data and threatened to leak it online unless their demands are met. The company has reported the breach to authorities and is investigating, but has not disclosed specific details about the data stolen or the threat actor. The attack did not disrupt Sweden’s electricity supply, and the breach’s full scope remains unclear as the investigation continues.…
Summary Points A zero-day vulnerability in Google Chrome (CVE-2025-2783) exploited in Operation ForumTroll enabled malware delivery, targeting Russian organizations via malicious links. The attack chain involved a sandbox escape, allowing malware to execute and deploy a modular spyware called LeetAgent, linked to Italian vendor Memento Labs, formerly Hacking Team. Memento Labs, founded post-Hacking Team’s 2015 breach and acquired in 2019 by InTheCyber Group, developed the Dante spyware, which is designed to self-delete after data exfiltration. Chrome addressed the vulnerability in versions 134.0.6998.178, and attribution links the malware to Memento Labs, though the identity of the zero-day’s creator remains uncertain. What’s…
Summary Points Security Vulnerability Exploited: A patched zero-day vulnerability in Google Chrome (CVE-2025-2783) was exploited in a targeted espionage campaign against organizations in Russia, enabling phishing attacks to deploy malicious tools. Tool Deployment by Memento Labs: The attacks utilized spyware developed by Memento Labs, specifically a backdoor named LeetAgent, designed for espionage with capabilities ranging from remote code execution to file harvesting. Sophisticated Attack Operation: The operation, dubbed ForumTroll, targeted various sectors including media, universities, and government institutions using tailored spear-phishing tactics, indicating a high level of premeditation and cognitive proficiency in Russian. Connection to Broader Threats: The same exploit…
Summary Points There is a significant skills gap in cybersecurity, with certified professionals often lacking practical, operational expertise needed to effectively manage modern threats. Traditional hiring and certification practices are insufficient; organizations face operational risks due to teams’ inability to translate knowledge into action during critical incidents. Building organizational capability requires a systematic, phased approach: immediate skills audits, environment-specific hands-on training, and long-term practical skill development partnerships. Ignoring the skills crisis leads to longer breach detection and response times, higher financial and operational costs, and competitive disadvantages; proactive capability building is essential. Key Challenge The story reveals a critical cybersecurity…
Quick Takeaways Ransomware incidents surged by 47% in 2025, totaling over 6,330 cases, with a significant rise in Q3 alone, primarily targeting U.S. companies and the manufacturing sector. Notable ransomware groups like Qilin, Akira, and CL0P continue to dominate attacks, reflecting ransomware’s ongoing profitability and persistence. Paying ransom does not guarantee system recovery; attackers often withhold decryption keys, leaving compromised systems at risk and causing severe operational and reputational damage. Effective defense relies on immutable backups and proactive security measures—such as identity management and least privilege policies—to reduce attack surfaces and improve breach resilience. Underlying Problem In 2025, ransomware attacks…
Quick Takeaways Cyberattack Accusations: The French government has accused a Russian-linked hacking group, APT28 (Fancy Bear), of carrying out cyberattacks targeting the Paris Olympics and various French entities from 2021 to 2024. Intelligence Gathering: The cyberattacks aimed to collect intelligence amidst the backdrop of Russia’s war in Ukraine, particularly focusing on sectors like aerospace and finance. Disinformation Campaigns: Reports indicate intensified Russian efforts to undermine France via disinformation campaigns, especially concerning the Paris Olympics, in light of restrictions on Russian athletes. Firm Response: France’s Foreign Ministry condemned these activities as "unacceptable" and reaffirmed its commitment to countering Russian cyber threats…
Essential Insights Ransomware payment rates have reached an all-time low, with only 23% of breached companies paying attackers in Q3 2025, down from 28% earlier in 2024, due to stronger defenses and increased law enforcement pressure. Over 76% of attacks now involve data theft (double extortion), notably decreasing the payment rate to 19% when only data is stolen without encryption. The average ransomware payment has dropped to $377,000 (mean) and $140,000 (median) in Q3 2025, as large enterprises shift focus toward investing in better cybersecurity rather than paying ransoms. Threat actors are targeting medium-sized firms and increasingly rely on remote…
Summary Points A threat actor called SideWinder has targeted European, Indian, Sri Lankan, Pakistani, and Bangladeshi organizations using evolving attack methods since March 2025, including spear-phishing with malicious PDFs and Word documents. The attacks utilize a novel infection chain involving ClickOnce applications and legitimate signed executables to evade detection and deliver malware like ModuleInstaller and StealerBot for espionage. These malware tools facilitate system profiling, data theft, and remote control, with the malware chain first documented by Kaspersky in 2024 and used in high-profile geopolitical espionage. The campaigns demonstrate high sophistication, using region-specific campaigns, decoy documents, and legitimate applications to bypass…
Fast Facts Non-Human Identities (NHIs) are crucial machine identities comprising secrets and permissions that enable secure device and application communication, with management essential to prevent vulnerabilities like data breaches. Effective NHI management involves lifecycle oversight — discovery, classification, monitoring, and threat mitigation — improving security, compliance, operational efficiency, and cost savings. Challenges include managing complex cloud environments and bridging security and R&D teams; solutions require automated discovery, granular access controls, and cross-department collaboration. Future trends indicate AI and machine learning will enhance predictive threat detection, automate NHI lifecycle management, and reinforce cybersecurity posture amid evolving digital threats. Underlying Problem The…
Fast Facts X requires all users utilizing security keys or passkeys for 2FA to re-enroll their credentials by November 10; failure to do so will result in account lockout until re-enrollment or alternative authentication methods are chosen. The change is due to X’s migration from twitter.com to x.com, as security keys are tied to the twitter.com domain; once the transition occurs, existing keys will no longer work unless reconfigured. Users must manually re-enroll their security keys/passkeys via x.com/settings/account/login_verification/security_keys, which involves re-activating and re-binding their keys to the new domain to maintain access. If not re-enrolled by the deadline, users can…