- Home
- Cybercrime and Ransomware
- Emerging Tech
- Threat Intelligence
- Expert Insights
- Careers and Learning
- Compliance
Subscribe to Updates
Subscribe to our newsletter and never miss our latest news
Subscribe my Newsletter for New Posts & tips Let's stay updated!
Author: Staff Writer
John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.
Fast Facts Fake Claude Code sites are spreading malware that steals sensitive credentials, targeting developer API keys, crypto wallets, and cloud credentials, while appearing legitimate. The malware installation commands are cleverly masked within normal-looking commands, making detection difficult; attackers use multiple delivery methods to evade pattern recognition. Despite traditional security training, these scams succeed because the fraudulent pages and installation experiences mimic real platforms, requiring technical controls to defend effectively. The campaign’s infrastructure is highly resilient, utilizing constantly rotating domains across reputable hosting providers, emphasizing the need for stronger environment hardening and credential management. The Hidden Threat Behind Fake Installers…
Threat actors exploit AI branding in social engineering campaigns using phishing, malvertising, and SEO tactics to lure victims into credential theft, malware infection, or financial fraud. Notable campaigns include a ChatGPT-themed phishing attack that stole credit card data, and a Claude-themed scam that harvested credentials through fake account enforcement notices. They also use AI-themed malvertising, such as the “Awesome AI Windows Plugin” delivering Vidar stealer, and fake DeepSeek V4 installers on GitHub, employing fake branding and search-engine optimization. Microsoft recommends robust defense measures including multi-factor authentication, AI-powered security tools, email filtering, safe browsing, and proactive threat detection to mitigate these…
Top Highlights Threat actors exploit trusted collaboration tools like Microsoft Teams, impersonating internal or external entities to execute social engineering and credential harvesting attacks. Attack methods include leveraging typosquatted domains, compromised accounts, and default federation settings to initiate malicious chats from trusted or seemingly legitimate sources. These chat-based intrusions primarily target identity systems, making them a critical vector for data exfiltration, account compromise, and further lateral movement into organizations. Threat, Attack Techniques, and Targets The threat involves cybercriminals impersonating trusted entities, such as IT staff or service providers, through Microsoft Teams messages. Attackers use external or fake accounts that appear…
Quick Takeaways A critical vulnerability (CVE-2026-50751) in Check Point’s Security Gateways and Spark Firewalls has been exploited in the wild, allowing attackers to bypass VPN authentication and potentially access internal resources. The flaw affects VPN deployments using the deprecated IKEv1 protocol, which can be exploited to establish sessions without valid passwords through a certificate validation flaw. Check Point urges customers to urgently patch affected versions, and suggests mitigations such as disabling IKEv1 or enforcing machine certificate authentication. Attackers are known to be financially motivated, using tools like Tox for communication and infrastructure like VPS servers to conduct targeted exploits. Check…
Top Highlights An unprivileged Linux kernel flaw (CVE-2026-23111) enables local escalation to root and container breakout by exploiting a use-after-free vulnerability in nf_tables, especially when unprivileged user namespaces are enabled. Attackers can leverage this flaw after initial access, turning low-privilege shells or containers into full root access, with demonstrated exploits on Debian, Ubuntu, and RHEL systems. Immediate mitigation requires updating affected kernels across distributions such as Ubuntu, Debian, Red Hat, and others, as the flaw allows bypassing kernel memory protections and can be exploited remotely once unprivileged namespaces are accessible. Threat, Attack Techniques, and Targets Security researchers released a working…
Quick Takeaways Check Point has discovered active exploitation of CVE-2026-50751, a critical (CVSS 9.3) authentication bypass vulnerability in Check Point VPN products, linked to Qilin ransomware activity, affecting versions R80.20.X to R82.10, primarily via deprecated IKEv1 protocols. The flaw allows unauthenticated attackers to establish VPN sessions by exploiting a certificate validation weakness, requiring further steps for internal access; exploitation has been observed since early May 2026, escalating sharply in June. Threat actors involved are likely financially motivated, using Qilin Linux ransomware and Tox protocol for C&C, with infrastructure hosted across multiple cloud providers, targeting organizations globally. A related vulnerability, CVE-2026-50752,…
Fast Facts Meta detected and blocked spear-phishing campaigns and malicious account creation by NSO Group targeting WhatsApp users with external links and test accounts. NSO Group, previously sanctioned and fined, exploited WhatsApp servers to deploy Pegasus spyware, breaching US laws and causing significant privacy violations. Users at high risk are advised to enable strict account security features such as two-step verification and locked privacy controls to mitigate the threat of sophisticated cyberattacks. Threat Overview, Attack Techniques, and Targets Meta has detected a new spear-phishing campaign linked to the NSO Group, an Israeli spyware vendor. The campaign involves tricking users into…
Top Highlights The Pink group leverages social engineering, particularly vishing, to trick employees into revealing credentials and MFA codes, bypassing traditional security measures. Once inside, Pink rapidly exploits cloud environments using automation tools, stealing data from services like OneDrive and SharePoint, and then executing extortion via internal messaging demanding payments. The group operates with tactics resembling those of other cybercriminal communities, employing rebranding to evade detection and using legitimate account activity to avoid triggering security alarms. To defend against Pink, organizations should enhance employee verification protocols, adopt advanced MFA methods like FIDO2 keys, and monitor cloud activities for suspicious behavior.…
Summary Points Meta’s WhatsApp disrupted a new spear-phishing campaign linked to NSO Group, despite a court order prohibiting NSO from targeting WhatsApp users, indicating ongoing violations. In 2025, a U.S. jury ordered NSO to pay over $600 million for a 2019 attack that exploited WhatsApp vulnerabilities to install Pegasus spyware on approximately 1,400 devices. WhatsApp’s investigation found NSO-linked accounts attempting to lure users with malicious links, mainly targeting users in Jordan and Lebanon, with no device compromises detected. WhatsApp is seeking legal contempt charges against NSO, highlighting the company’s continued efforts to exploit vulnerabilities across different platforms beyond WhatsApp. Key…
Summary Points Hacktivist groups targeted South Korean military and government websites with DDoS attacks, indicating increased regional activism. A new cloud threat actor, PCPJACK, emerged, engaging in confrontations with other cyber threat groups. Law enforcement successfully disrupted multiple infrastructures, including botnets and underground marketplaces, highlighting ongoing efforts against cybercrime. Threat, Attack Techniques, and Targets Recent reports show that threat actors and hacktivists have focused on specific regions and methods. Mostly, they targeted South Korea, launching DDoS attacks against military and government websites. Some groups claimed responsibility for disrupting South Korean Army and government sites, as well as local customs services.…