- Home
- Cybercrime and Ransomware
- Emerging Tech
- Threat Intelligence
- Expert Insights
- Careers and Learning
- Compliance
Subscribe to Updates
Subscribe to our newsletter and never miss our latest news
Subscribe my Newsletter for New Posts & tips Let's stay updated!
Author: Staff Writer
John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.
North Korean Hackers Target Defense Engineers with Fake Job Offers to Steal Drone Secrets
Summary Points North Korean-linked threat actors, specifically the Lazarus Group, are conducting a long-running campaign called Operation Dream Job, targeting European defense and UAV companies to steal proprietary information using malware like ScoringMathTea and MISTPEN. The campaign predominantly uses social engineering—luring targets with fake job offers—to infect systems with trojanized documents, leading to remote access Trojans (RATs) enabling full control over compromised devices. Attackers leverage sophisticated malware delivery involving loaders such as BinMergeLoader, employing methods like Microsoft Graph API tokens, to evade detection and deploy advanced payloads, including polymorphic variants of ScoringMathTea. Since 2020, Lazarus Group has maintained a consistent…
Top Highlights Skills Shortage: 75% of cybersecurity executives do not have enough skilled personnel for intrusion detection and incident response, according to Red Canary’s report. AI as a Partial Solution: Many security leaders see AI as essential for managing overwhelming threats, with 85% fearing they will be overwhelmed without it; however, 75% are concerned it may weaken their problem-solving skills. Increasing Complexity: The average organization’s attack surface has expanded by 41% in the past year, complicating cybersecurity efforts and leading to an average breach cost of $3.7 million. Evolving Threat Landscape: Nearly 80% of intrusions involve stolen credentials, pushing two-thirds…
Fast Facts Pwn2Own Ireland 2025 researchers exploited a zero-day vulnerability in the Samsung Galaxy S25, gaining full device control, including camera activation and GPS tracking. The attack was due to improper input validation in the device’s software, allowing remote code execution and silent device hijacking. The exploit underscores ongoing security flaws in flagship Android phones, often arising from rapid feature development outpacing security hardening. Participants earned $50,000 and 5 Master of Pwn points, with Samsung likely to issue a security patch following responsible disclosure, emphasizing the importance of timely updates. The Core Issue During Pwn2Own Ireland 2025, cybersecurity researchers Ben…
Fast Facts SquareX uncover a new AI Sidebar Spoofing attack where malicious browser extensions mimic trusted AI interfaces to deceive users into executing harmful commands, risking credential theft, device hijacking, and password leaks. The attack exploits user trust in AI sidebars—appearing indistinguishable from legitimate ones across AI and consumer browsers like Brave, Edge, Firefox, and Safari—and only requires basic extension permissions. Attack examples include phishing for login credentials, executing malicious commands, exfiltrating passwords, and enabling ransomware, often remaining dormant until triggered by user prompts. Enterprises must deploy real-time behavioral analysis and granular browser-native safeguards to detect and prevent these sophisticated,…
Summary Points Many industrial networks are complex, legacy systems with limited asset visibility, increasing exposure to key security risks and hindering effective segmentation. Implementing Zero Trust starts with enhancing visibility to identify all connected assets and communication patterns, foundational for regulatory compliance and risk containment. Effective security involves phased segmentation—beginning with macro-segmentation to isolate critical systems—and gradually adopting micro-segmentation for finer control using machine learning and integrated tools. Growing investments in AI, virtualization, and remote access require integrated, automated security solutions that evolve with industrial environments, transforming complexity into resilience. Underlying Problem Many industrial networks, built over decades with a…
Top Highlights A ransomware group, Vanilla Tempest, used fake MS Teams installation files hosted on malicious domains to initiate attacks. The attack involved tricking users into downloading a compromised Teams setup that delivered a malicious loader. This loader activated a signed Oyster-Backdoor, leading to the deployment of ransomware Rhysida. Microsoft detected the campaign in September 2025 through telemetry indicating abuse of legitimate digital signatures from compromised certification authorities like SSL.com, DigiCert, and GlobalSign. Problem Explained In einer aktuellen Cyber-Bedrohung, die von Microsoft aufgedeckt wurde, hat die Ransomware-Gruppe Vanilla Tempest eine List genutzt, um Opfer mithilfe gefälschter Microsoft Teams-Installationsprogramme zu attackieren.…
China-Linked Hackers Exploit ToolShell to Target Global Telecom and Government Networks
Summary Points Symantec revealed that Chinese threat actors exploited the unpatched ToolShell zero-day (CVE-2025-53770) shortly after its July 2025 patch, targeting critical infrastructure across Middle East, Africa, and Europe. The malware Zingdoor and KrustyLoader, linked to Chinese groups Glowworm and UNC5221, were deployed to gain persistent access, exfiltrate data, and deliver additional payloads like Warlock ransomware. Attack activities included bypassing security with tools like ShadowPad, Sliver, and exploiting vulnerabilities such as PetitPotam (CVE-2021-36942) for credential theft and lateral movement. The campaign underscores the risks of delayed patching, emphasizing the need for automatic updates to prevent widespread exploitation by state-sponsored cyber…
Top Highlights The "Smishing Triad" phishing operation, managed in Chinese and involving thousands of actors, uses SMS to deceive victims across multiple sectors, including finance, healthcare, and government. Since January 2024, approximately 195,000 malicious domains have been traced, predominantly hosted on U.S. and Hong Kong-based infrastructure, designed to steal sensitive personal and financial information. The operation has evolved, increasingly impersonating U.S. government agencies like the IRS and expanding its domain registration, with most domains active for less than a week. The campaign’s short lifespan and widespread impersonation efforts suggest it is highly active and adaptable, though the total number of…
Top Highlights 85% of organizations report a rise in mobile device attacks, affecting all sectors regardless of size or industry. Most firms lack specific defenses against AI-assisted threats like deepfakes and SMS phishing, with only 12-17% having deployed relevant protections. Despite high confidence in detection and recovery, mobile incidents have increased impact, with 63% facing significant downtime in 2024—up from 47%. A strong majority (89%) have dedicated mobile security budgets, with most investing more recently; experts recommend implementing robust MDM, zero-touch security, and ongoing staff training. The Issue The Verizon 2025 Mobile Security Index reveals a troubling rise in mobile…
Quick Takeaways Jingle Thief, a cybercriminal group likely from Morocco, targets retail and consumer organizations to steal credentials through phishing and smishing, aiming to issue unauthorized gift cards for resale on gray markets. The group maintains long-term footholds in compromised cloud environments, conducting reconnaissance, lateral movement, and evading detection for over a year in some cases. Their sophisticated tactics include targeted phishing, credential harvesting, internal reconnaissance, creating auto-forwarding rules, and bypassing multi-factor authentication to deepen access. Jingle Thief’s focus on cloud infrastructure and identity misuse, rather than malware, enables stealthy, scalable gift card fraud while evading traditional detection methods. The…