- Home
- Cybercrime and Ransomware
- Emerging Tech
- Threat Intelligence
- Expert Insights
- Careers and Learning
- Compliance
Subscribe to Updates
Subscribe to our newsletter and never miss our latest news
Subscribe my Newsletter for New Posts & tips Let's stay updated!
Author: Staff Writer
John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.
Quick Takeaways Keylogger sind Überwachungssoftware, die Tastaturanschläge aufzeichnet, um persönliche und sensible Daten für Cyberkriminalität, aber auch legale Unternehmenszwecke zu sammeln. Sie können hardware- oder softwarebasiert sein, mit vielfältigen Angriffsmöglichkeiten, einschließlich infizierter Domains, Apps und Phishing-E-Mails, um unbemerkt Daten zu stehlen. Der Schutz vor Keyloggern umfasst Ressourcenüberwachung, Anti-Keylogger-Software, virtuelle Tastaturen, Deaktivierung selbstausführender Dateien und strikte Sicherheitsrichtlinien. Historisch wurden Keylogger schon in den 1970ern vom sowjetischen Geheimdienst eingesetzt, mit modernen Exemplaren, die in Malware und sogar in legitimen Diagnosetools auftauchen. The Core Issue The story explains how keyloggers—malware tools that secretly record what users type—remain a significant threat in modern cybersecurity.…
Fast Facts Federal authorities seized 127,271 Bitcoin (~$15 billion), marking the largest financial seizure related to cybercrime ever recorded, targeting Chen Zhi’s network based in Cambodia. Chen Zhi, a UK-Cambodian national and alleged leader of the Prince Group, operated a vast cybercrime empire involved in human trafficking, modern slavery, and scam compounds across over 30 countries. The indictment accuses Chen of managing scam operations, engaging in violence, and facilitating human trafficking, with a Brooklyn-based scam victimizing over 250 people and causing millions in losses. Coordinated sanctions by the US, UK, and allies targeted 146 entities linked to Prince Group, which…
Quick Takeaways Microsoft has revealed a critical zero-day (CVE-2025-59230) in Windows’ RasMan service, allowing low-privilege users to escalate to SYSTEM level and potentially take full control of affected systems. The vulnerability, affecting multiple Windows versions (including Windows 10, 11, and Server editions from 2019 onwards), is actively exploited in the wild with proof-of-exploit evidence observed. Exploiting RasMan involves manipulating service files via registry edits or DLL injections, facilitating privilege escalation and further lateral movement post-initial breach. With a high severity score of 7.8, Microsoft urges immediate patching through October 2025 updates, as unpatched systems face heightened risks from advanced threat…
Summary Points Files like PDFs, Word, Excel, PowerPoint, archives, executables, images, and cloud uploads are frequently exploited by cybercriminals via embedded malware, macros, hidden scripts, or layered attacks, posing a significant threat to organizations. Traditional security tools such as antivirus and endpoint defenses often fail to detect these concealed threats, emphasizing the need for proactive, automatic file sanitization methods. Votiro’s advanced file sanitization technology, leveraging Positive Selection®, rebuilds and cleanses files from known safe elements, removing malicious code while preserving original functionality across over 200 file types, including password-protected and nested archives. Implementing Zero Trust File Sanitization transforms file security…
Microsoft Patches 175 Vulnerabilities, Including Two Zero-Days Under Active Exploitation
Essential Insights Microsoft disclosed 175 vulnerabilities in its core products, including two actively exploited zero-days with a CVSS of 7.8, affecting system privilege levels. The zero-day CVE-2025-24990 impacts the Agere Windows Modem Driver, allowing attackers to gain admin rights; it has been removed in the October update. CVE-2025-59230 affects Windows Remote Access Connection Manager, enabling privilege escalation for authorized attackers; this is the first zero-day exploit observed in the wild for this service. The update also covers high-severity flaws, including CVEs with CVSS scores up to 9.9, impacting Azure Entra ID and Windows Server Update Service, highlighting ongoing critical security…
Top Highlights Cybersecurity researchers discovered a sophisticated phishing campaign leveraging the NPM ecosystem and unpkg.com CDN to target over 135 organizations, mainly in Europe’s industrial, tech, and energy sectors. The campaign uses over 175 disposable NPM packages with legitimate-seeming names to distribute malicious JavaScript that redirects victims to credential-harvesting sites via browser-based phishing. Attackers disguise HTML files as business documents, which, when opened, load malicious scripts from unpkg.com, turning legitimate open-source hosting into a covert phishing attack vector. The malware employs advanced anti-analysis techniques, such as anti-debugging, blocking developer tools, and frame-busting, to evade detection and ensure persistence across browsing…
Fast Facts Microsoft’s 2024 dCISO strategy involves 14 specialized Deputy CISOs, each managing risk within specific functions, to scale security leadership across its complex global organization. The role of dCISOs, who operate both within product domains and horizontally across the company, exemplifies a shift toward functional CISOs to address the vast scope and scale of enterprise cybersecurity. Both Ann Johnson and Mark Russinovich emphasize that qualities like agility, communication, and continuous learning—particularly in AI—are crucial for cybersecurity leadership success, regardless of technical background. Cyber threats remain focused on nation-state actors and AI-driven attacks, with adversaries leveraging AI for reconnaissance and…
Top Highlights TigerJack, a malicious threat actor, targets VSCode developers with extensions designed to steal cryptocurrency and install backdoors, operating on both Microsoft’s marketplace and OpenVSX, an open-source alternative. The group reuses malicious extensions like C++ Playground and HTTP Format, which exfiltrate source code and mine crypto secretly, despite being removed from official stores; they are republished under new names on VSCode. These extensions can fetch and execute remote JavaScript payloads, enabling arbitrary code execution, credential theft, ransomware deployment, and backdoor insertion without needing updates. TigerJack operates as a coordinated, multi-account operation, disguising malicious actors as legitimate developers with credible…
Summary Points Police have targeted and arrested members of Scattered Lapsus$ Hunters for over three years, but long-term damage to the group remains uncertain. Repeated law enforcement takedowns deter threat actors due to increased risks, but do not eliminate the underlying threat. Centralized hacking forums provide valuable intelligence on cybercriminal activities, yet they often have backups to quickly relaunch elsewhere. Disrupted forums tend to migrate to platforms like Telegram, making monitoring more challenging for cyber threat analysts. Problem Explained The story reports that law enforcement authorities have been targeting the hacker group known as Scattered Lapsus$ Hunters for over three…
Essential Insights Long-term Backdoor Access: A Chinese APT group, Flax Typhoon, exploited a geospatial mapping application (ArcGIS) to gain backdoor access to an organization for over a year. Clever Attack Chain: The attackers manipulated ArcGIS’s Java server component to create a Web shell, showcasing their sophistication and ensuring persistent access even after system recoveries. Universal Threat Warning: Reliaquest emphasized that the tactics used by Flax Typhoon could apply to any public application, urging organizations to reassess their security practices for such assets. Mitigation Strategies: Recommendations include strengthening credential hygiene, implementing multifactor authentication, auditing public-facing applications, and utilizing behavioral analytics for…