- Home
- Cybercrime and Ransomware
- Emerging Tech
- Threat Intelligence
- Expert Insights
- Careers and Learning
- Compliance
Subscribe to Updates
Subscribe to our newsletter and never miss our latest news
Subscribe my Newsletter for New Posts & tips Let's stay updated!
Author: Staff Writer
John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.
Top Highlights The upcoming Pwn2Own Automotive 2026 contest in Tokyo offers over $3 million in prizes, targeting vulnerabilities in connected vehicles and charging infrastructure. The event features six categories, including Tesla hacking, new supercharger vulnerabilities, and the Open Charge Alliance’s OCPP Protocol, with rewards up to $60,000. Researchers can win up to $500,000 or a Tesla vehicle by remotely hacking Tesla’s autopilot, controlling ECUs, or gaining root access to various car systems. Additional challenges include hacking EV chargers, superchargers, and automotive operating systems like Linux, QNX, and Android Automotive, with prizes reaching $60,000. What’s the Problem? The Zero Day Initiative…
Top Highlights Over 17 million Prosper users’ personal data, including Social Security numbers, names, addresses, and other sensitive information, were compromised in a recent breach. Hackers accessed Prosper’s database by querying and exfiltrating data without gaining access to individual user accounts or funds. Prosper has contained the breach, notified law enforcement, and is investigating, with plans to offer free credit monitoring based on findings. Have I Been Pwned has added the stolen information to its database, allowing affected individuals to verify if they were impacted by the breach. Underlying Problem A significant data breach at the U.S.-based peer-to-peer lending platform…
Top Highlights Microsoft revoked over 200 certificates used by the Vanilla Tempest threat actor to sign malicious binaries, enabling ransomware and backdoor deployment. These fake signatures were used in counterfeit Teams setup files to deliver the Oyster backdoor and Rhysida ransomware, often via SEO poisoning and malicious websites. Vanilla Tempest, active since 2022 and linked to various ransomware strains, used trusted signing services like DigiCert and GlobalSign to authenticate malicious content. Users are advised to download software only from verified sources and avoid clicking suspicious links to prevent infection via compromised search results and ads. The Issue In October 2025,…
Summary Points EtherHiding, a sophisticated North Korea-linked malware campaign, exploits blockchain networks, especially Binance Smart Chain, to distribute stealthy, modular malicious payloads, complicating detection and takedowns. The campaign initially used targeted phishing but evolved into multi-stage attacks, injecting code into legitimate websites to fetch malicious scripts from blockchain, enabling persistent updates and operational agility. Its cryptographic anonymity and blockchain-based payload updates hinder forensic tracking and disrupt traditional security measures, facilitating asset theft, espionage, and ransomware deployments. EtherHiding’s reliance on obfuscated, multi-layered JavaScript payloads delivered via blockchain nodes challenges enterprise defenses, emphasizing the need for heightened security audits of web assets…
Top Highlights Cybercriminals are increasingly exfiltrating data rather than just encrypting files, with data theft rising 92% year-over-year and causing significant financial and reputational damage, including regulatory fines and lawsuits. Insurance claims data fails to capture the full scope of cyber risks, as many companies lack coverage or have reduced coverage, making breach data essential for accurate risk assessment across all sectors. Traditional risk models are inadequate for modern ransomware, as data theft triggers complex, multi-layered claims involving business interruption, liability, regulatory fines, and lengthy legal proceedings, often extending over years. The rapid evolution of AI-powered cyberattack tools accelerates threat…
Fast Facts Sotheby’s discovered a data breach on July 24, 2025, where threat actors stole sensitive information, including full names, SSNs, and financial details, impacting at least a few individuals in Maine and Rhode Island. The company conducted a two-month investigation to assess the scope, which remains partially undisclosed, and confirmed that the incident involved employee data, not customer information. Past security incidents include website skimming and supply-chain attacks, and there is no current attribution to ransomware gangs, though auction houses are common targets for financially motivated cyberattacks. impacted individuals are offered a 12-month free identity protection and credit monitoring…
Top Highlights Effective management of Non-Human Identities (NHIs) is crucial for reducing security risks, ensuring compliance, and enabling innovation across industries, especially within cloud environments. Traditional security measures are insufficient; organizations need holistic, lifecycle-based strategies that include discovery, monitoring, behavior analysis, and continuous management of NHIs. Collaboration between security and R&D teams is essential from the outset of projects to embed security, reduce vulnerabilities, and support seamless innovation. Proactive, data-driven approaches—including real-time behavioral monitoring and insights—are vital for anticipating threats, maintaining trust, and fostering a resilient cybersecurity culture. Problem Explained The article reports on the critical importance of securing Non-Human…
Quick Takeaways Microsoft disrupted Vanilla Tempest’s Rhysida ransomware campaign in October by revoking over 200 malicious certificates used to sign fake Teams installers distributing Oyster backdoor malware. The attackers employed phishing tactics using mimic domains (e.g., teams-install.top) and SEO poisoning to spread infected "MSTeamsSetup.exe" files, granting remote access and enabling data theft. Vanilla Tempest, also known as Vice Society, has been active since 2021, primarily targeting sectors like education, healthcare, and manufacturing with ransomware such as Rhysida, BlackCat, and Zeppelin. The group has historically exploited malvertising for malware delivery, and their use of trusted signing certificates since September 2025 has…
Quick Takeaways Cisco disclosed a critical vulnerability in IOS and IOS XE—stemming from a stack overflow in the SNMP subsystem—that allows remote attackers to crash devices or execute arbitrary code, risking full system control. The flaw affects all SNMP versions and has been actively exploited, with attackers using compromised credentials to cause DoS or gain root access on affected devices. Vulnerable devices include routers, switches, and access points with SNMP enabled; IOS XR and NX-OS are unaffected, but default configurations often leave networks exposed. Mitigation involves restricting SNMP access, disabling vulnerable OIDs, and applying available patches; Cisco stresses immediate upgrades…
Essential Insights File sanitization not only neutralizes threats but also captures detailed intelligence—such as attack tactics, techniques, and targets—embedded in malicious files, transforming it into a strategic security asset. Votiro enhances this process by logging and converting threat indicators from sanitized files into actionable data that integrates with existing SIEM, SOAR, and threat platforms, providing richer context for security teams. Real-time extraction of threat attributes, including file origin, malicious content types, hashes, and attack patterns, enables continuous learning from threats without exposing organizations to risk. Integrating sanitized file intelligence into security workflows shifts SOC operations from reactive to proactive, allowing…