Author: Staff Writer

Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Top Highlights A North Korea-linked threat group (UNC5342) has adopted the EtherHiding technique to distribute malware and steal cryptocurrencies, marking its first use by a state-sponsored actor. The campaign, named Contagious Interview, operates via social engineering on LinkedIn to deceive targets into executing malicious code on messaging apps like Telegram or Discord. EtherHiding embeds malicious code within smart contracts on blockchains (e.g., Ethereum), making malware distribution resilient, untraceable, and easily updatable at a low gas fee. The campaign infects devices with multiple malware, including code stealers, JavaScript downloaders, and backdoors, targeting high-value assets like cryptocurrency wallets and credentials, exemplifying the…

Read More

Top Highlights Increased Cyber Threats: Cybersecurity experts highlight heightened risks for critical industries, particularly the automotive sector, from sophisticated ransomware attacks by nation-state actors. Real-World Consequences: Recent cyberattacks on the automotive industry have caused severe disruptions, including prolonged production shutdowns and significant financial repercussions, as seen with companies like Jaguar Land Rover. Regulatory Response: In response to escalating cyber threats, the U.S. Department of Commerce has banned sales of connected vehicle technologies from Russia and China, aimed at protecting critical infrastructure and customer data. Call for Cyber Resilience: Authorities, including the UK’s National Cyber Security Centre, emphasize that corporate leaders…

Read More

Top Highlights The US CISA has issued a warning that the Adobe Experience Manager Forms (AEM Forms) vulnerability (CVE-2025-54253, CVSS 10.0) has been actively exploited in attacks after being patched in August. Discovered by Searchlight Cyber researchers, the flaw involves an authentication bypass and a misconfiguration allowing remote code execution via OGNL expressions. Adobe addressed this critical vulnerability in AEM Forms Java EE version 6.5.0-0108, alongside fixing related issues like XML External Entity restrictions. CISA has added CVE-2025-54253 to its KEV list, warning organizations—especially federal agencies—to prioritize patching, with all organizations advised to update their systems promptly. Problem Explained The…

Read More

Quick Takeaways Microsoft disrupted Vanilla Tempest’s Rhysida ransomware campaign by revoking over 200 certificates used to sign malware, making detection easier. Vanilla Tempest, also known as Vice Spider/ Society, has targeted education and healthcare sectors since 2021, deploying various file encryptors. The hackers signed fake Microsoft Teams setup files to install a backdoor named Oyster, which facilitated Rhysida ransomware deployment. Despite the disruption, the threat group may adapt with new certificates and tactics, implying ongoing risks. Underlying Problem Microsoft announced on Wednesday that it successfully disrupted a campaign by the cybercriminal group Vanilla Tempest, also known as Vice Spider or…

Read More

Essential Insights The Qilin ransomware group, operating under a Ransomware-as-a-Service model since 2022, targets critical sectors globally using sophisticated multi-language variants and advanced infiltration tactics like spear phishing and RMM tools. They employ double extortion strategies—encrypting data and exfiltrating sensitive information—while managing operations via user-friendly platforms and maintaining a Tor-based Data Leak Site. Their infrastructure is deeply intertwined with a complex web of Russian, Hong Kong, and Cyprus-based bulletproof hosting providers, leveraging anonymous shell companies and no-KYC protocols for resilience and anonymity. Law enforcement and sanctions have targeted these hosting services, prompting providers like BEARHOST to rebrand and restrict access,…

Read More

Fast Facts Matters.AI, a data security startup founded in 2023, raised $6.25 million in seed and pre-seed funding to develop its autonomous enterprise data safeguarding platform. The platform functions as an AI Security Engineer, unifying security functions and proactively preventing data misuse across devices and environments using semantic intelligence and behavioral context. It offers visibility into endpoints, data lineage, and governance, supporting both on-premises and SaaS deployments, enhancing security and compliance. The funds will be used for R&D, expanding the engineering team, and increasing market presence in the US to address security gaps between visibility and enforcement. The Core Issue…

Read More

Fast Facts The evolving AI-driven cyber threat landscape demands higher standards of transparency, accountability, and resilience from hosting providers, beyond traditional privacy policies and SSL certificates. The SHA Trust Seal introduces a rigorous certification for hosting providers, emphasizing fair terms, responsible incident response, proactive monitoring, and lawful handling of government requests. Transparency and trust are critical in a cybersecurity landscape where attacks like DDoS and supply chain breaches threaten internet infrastructure, yet consumer awareness remains low. The Trust Seal fosters industry-wide cooperation, raising standards and making security commitments visible, thus transforming security from a hidden feature into a clear, verifiable…

Read More

Top Highlights A Massachusetts college student, Matthew D. Lane, was sentenced to four years in prison for hacking into and extorting two companies, including PowerSchool, affecting approximately 70 million individuals. Lane pleaded guilty to hacking into a telecom provider and a school software company’s networks, stealing data such as personal and medical information, and demanding nearly $3 million in Bitcoin ransom. He extorted $200,000 from a telecom company in April-May 2024, threatening to leak customer data, and accessed the school software company’s network in September and December 2024, exfiltrating sensitive educational data. Lane returned about $160,000 but most of the…

Read More

Top Highlights Criminal syndicates, like the Prince Group, orchestrate large-scale scams involving forced labor, cryptocurrency fraud, and laundering billions, exploiting unencrypted crypto wallets and operating out of luxury venues. Cyberattacks are evolving with threats including sophisticated banking trojans via WhatsApp, unencrypted satellite communications exposing sensitive data, and malware using trusted remote management tools for unauthorized access. Nation-state hacking campaigns, notably by China, are surging, with satellites, firmware vulnerabilities, and cloud infrastructures increasingly exploited for espionage and control. In response, authorities worldwide are cracking down on illegal websites, patching critical vulnerabilities, and employing advanced detection methods—highlighting the need for heightened awareness…

Read More

Summary Points Samba vulerability CVE-2025-10230 allows unauthenticated remote code execution on Active Directory domain controllers via a flaw in the WINS hook mechanism, scored 10.0 CVSS. The flaw affects all Samba versions ≥4.0 when WINS support and a custom ‘wins hook’ script are enabled, enabling attackers to inject malicious commands through crafted WINS name requests. Exploitation could lead to complete system compromise, data exfiltration, ransomware deployment, or privilege escalation in hybrid Windows-Linux enterprise environments. Mitigations include applying patches (versions 4.23.2, 4.22.5, 4.21.9), disabling the ‘wins hook’ parameter, or turning off WINS support, with experts advising to phase out WINS altogether.…

Read More