- Home
- Cybercrime and Ransomware
- Emerging Tech
- Threat Intelligence
- Expert Insights
- Careers and Learning
- Compliance
Subscribe to Updates
Subscribe to our newsletter and never miss our latest news
Subscribe my Newsletter for New Posts & tips Let's stay updated!
Author: Staff Writer
John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.
AI-Driven Automation: Empowering Ransomware-as-a-Service to Dominate the Cyber Underworld
Top Highlights Most ransomware-as-a-service groups now utilize AI-powered tools, significantly accelerating attack speeds, with a drop in breach breakout time from 48 to 18 minutes between 2024 and mid-2025. AI enhancements include automatic malware detection and suppression features, helping ransomware groups improve their effectiveness and attractiveness to affiliates. Prominent groups like LockBit are embracing advanced AI capabilities to rebuild and expand, while others like Medusa decline, highlighting differing adoption levels within the ecosystem. Currently, only about 50% of RaaS groups offer AI tools, indicating still-early adoption and limiting their ability to attract top talent capable of targeting very secure organizations.…
Fast Facts 38% of security leaders prioritize AI-enabled ransomware as their top concern amid rapidly evolving, more sophisticated attacks. Cybercriminals are weaponizing AI across attack stages, from malware development to social engineering, reducing response times. Conventional defenses are increasingly inadequate against AI-driven attacks, necessitating smarter, more adaptive security measures. The threat landscape emphasizes that in AI-powered cyber threats, every second counts, underscoring the urgent need for improved defenses. The Core Issue Recent studies highlight a troubling escalation in ransomware threats powered by artificial intelligence (AI). According to CSO’s 2025 Security Priorities study, 38% of security leaders now view AI-enabled ransomware…
Top Highlights Veeam is acquiring Securiti AI for $1.725 billion, its largest deal, to enhance data security and AI safety. The acquisition aims to address enterprise challenges in managing sensitive data across hybrid cloud environments for trustworthy AI deployment. Securiti’s tools and knowledge graph enable organizations to understand, govern, and secure data, mitigating risks of unauthorized access and compliance issues. CEO Rehan Jalil, with a strong cybersecurity background, will lead Veeam’s security and AI initiatives, reflecting broader industry moves toward integrating AI with cybersecurity practices. Underlying Problem Veeam, a company known for data backup and recovery solutions, is making a…
Fast Facts Phishing Vulnerability: Nearly two-thirds of senior IT executives have clicked on phishing links, with 17% not reporting the incidents due to fear of repercussions, highlighting a concerning culture of silence regarding cybersecurity. High Attack Rates: 70% of IT leaders reported being targeted by cyberattacks, with 39% specifically experiencing phishing attempts, yet over three-quarters remain confident in their organization’s phishing resistance. Global Breach Trends: Australia and New Zealand saw a significant jump in reported data breaches, rising to 78% in 2025, while U.S. numbers remained unchanged, indicating regional disparities in cybersecurity effectiveness. AI Usage Concerns: 60% of IT leaders…
Summary Points A Chinese-speaking APT, dubbed PassiveNeuron, has targeted high-profile organizations across Asia, Africa, and Latin America for over two years, primarily focusing on Windows Server machines with sophisticated implants. The campaign uses DLL loaders in the System32 directory to ensure persistence, deploying large, obfuscated implants like Neursite and NeuralExecutor, which have never been seen in previous attacks. Neursite offers versatile command-and-control capabilities via multiple protocols, supports plugin loading, and can exfiltrate system info, while NeuralExecutor loads .NET assemblies based on C2 commands. Attackers frequently obtain C&C server addresses from GitHub, with evidence linking the campaign to Chinese threat groups…
Summary Points Russian hackers have stolen hundreds of sensitive British military documents, including details of eight RAF and Royal Navy bases. The breach is linked to a cyberattack on the Dodd Group, a contractor for the UK Ministry of Defence, which was exploited via a Gateway attack to bypass security measures. The incident has been described as "catastrophic" and raises concerns over the security of military intelligence. The Dodd Group confirmed a ransomware attack that temporarily compromised part of their internal systems, prompting immediate containment efforts. Problem Explained Recently, the United Kingdom has become an increasingly frequent target for severe…
Cyber Heist: Hackers Exploit Snappybee Malware and Citrix Flaw to Breach Telecom Network
Essential Insights Targeted Attack: A European telecommunications organization was compromised by the China-linked cyber espionage group Salt Typhoon, exploiting a Citrix NetScaler Gateway for initial access. Advanced Techniques: The attackers employed sophisticated methods, including using a SoftEther VPN to hide their origins and targeting Citrix Virtual Delivery Agent hosts within the network. Malware Deployment: The attack utilized Snappybee (Deed RAT), delivered via DLL side-loading alongside trusted antivirus software, showcasing their technique of exploiting legitimate applications. Stealth and Persistence: Salt Typhoon’s tactics highlight ongoing challenges in cybersecurity, as their ability to repurpose trusted tools makes detection and defense particularly difficult. Cyber…
Quick Takeaways Dataminr plans to acquire ThreatConnect for $290 million to enhance its AI-driven platform with deeper cyber threat intelligence capabilities. The integration aims to combine Dataminr’s public data signals with ThreatConnect’s internal threat analysis to deliver real-time, tailored intelligence to clients. This strategic move seeks to empower clients with actionable insights on physical and cyber threats, improving response relevance and accuracy. The deal reflects a broader trend in cybersecurity M&A, with over 330 deals this year, including several involving threat intelligence firms. What’s the Problem? On Tuesday, real-time event and risk detection company Dataminr announced its plan to acquire…
Summary Points Many Microsoft 365 tenants unknowingly host malicious or suspicious OAuth apps, including "traitorware" (legitimate apps exploited for malicious purposes) and custom "stealthware" apps designed specifically for attacks. Azure’s OAuth app ecosystem is complex and easily exploitable due to default permissions enabling any user to install apps and grant permissions without review, creating significant attack vectors. Huntress research indicates around 10% of surveyed tenants have at least one malicious or high-risk app, with stealthy, rare apps with powerful permissions playing a key role in intrusions. To combat this, Huntress released ‘Cazadora,’ an open-source tool for Azure app auditing, helping…
Fast Facts Sophos has significantly expanded its Security Operations portfolio by integrating Secureworks’ capabilities, including the launch of Sophos Identity Threat Detection and Response (ITDR) and Sophos Advisory Services, to enhance threat visibility and cybersecurity assessments. The integration of Secureworks’ Counter Threat Unit (CTU) into Sophos X-Ops enriches threat intelligence with adversary tracking, dark web insights, and law enforcement collaborations, powering all Sophos security solutions. Key product updates include native integration of Sophos Endpoint with Taegis MDR and XDR, a simplified licensing tier, and advanced AI tools—Security Analyst and Threat Hunting AI Assistants—accelerating threat detection and response. Sophos’ global scale…