Author: Staff Writer
Staff Writer
John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.
Fast Facts Zero-Click Vulnerability Exposed: A new zero-click flaw, codenamed "ShadowLeak," in OpenAI’s ChatGPT Deep Research can exfiltrate sensitive Gmail data through invisible email commands, requiring no user interaction. Indirect Prompt Injection Technique: Attackers utilize complex HTML manipulations (e.g., white text on a white background) to embed prompts within emails that instruct ChatGPT to collect personal information unnoticed. Cloud Infrastructure Risk: Unlike previous client-side leak attacks, ShadowLeak operates directly within OpenAI’s cloud, evading traditional security measures and increasing the difficulty of detection and prevention. Broader Attack Surface: This vulnerability can be exploited across various integrations supported by ChatGPT, such as…
Essential Insights Zero-day vulnerabilities surged in 2025, with over 23,600 published in the first half, a 16% increase from 2024, and nearly 30% exploited within 24 hours of disclosure, highlighting rapid weaponization by sophisticated threat actors. Major exploits include critical flaws in Google Chrome (e.g., CVE-2025-10585), Citrix NetScaler, Microsoft SharePoint, SAP NetWeaver, and Apple’s image frameworks, demonstrating widespread targeting of browsers, enterprise systems, and mobile platforms. Attack techniques have grown more complex, involving chained exploits, remote code execution, privilege escalation, and use of web shells and web app vulnerabilities, often linked to nation-state actors and organized cybercriminal groups. The evolving…
Essential Insights Cybersecurity researchers have identified "MalTerminal," the earliest known malware leveraging Large Language Models (LLMs), capable of generating ransomware or reverse shells, though likely a proof-of-concept. LLMs are increasingly embedded in malicious tools like LAMEHUG and PromptLock, enabling cybercriminals to generate malicious code dynamically and adapt to defenses. Threat actors are exploiting AI to bypass email security through prompt injections and embedding hidden malicious prompts in phishing HTML attachments, leading to malware downloads via vulnerabilities like Follina. AI-powered hosting platforms are being weaponized for large-scale phishing campaigns, using fake CAPTCHA pages and credible branding to steal credentials, showcasing the…
Quick Takeaways A threat actor is selling a fully undetectable Remote Access Trojan (RAT) on underground forums, claiming it can bypass modern security defenses and evade detection during analysis. The malware is bundled with a valid Extended Validation (EV) certificate, making it appear trustworthy to browsers and users, and includes anti-bot and cloaking features to evade automated security tools. It offers real-time visual control, data exfiltration, and uses fileless PowerShell techniques to remain hidden, serving as a stealthy "FUD loader" for initial access and secondary payload deployment. The seller promotes professional delivery within 24 hours, highlighting the increasing sophistication and…
Essential Insights Ransomware attack prevention has significantly declined, with effectiveness dropping from 69% in 2024 to 62% in 2025, and data exfiltration prevention plummeting to just 3%, exposing organizations to heightened risk. Both known and emerging ransomware strains are equally effective in bypassing defenses, highlighting the erosion of protection over time and the need for continuous testing against evolving threats. Critical defense gaps persist, especially in malware delivery, detection, data exfiltration, and endpoint security, enabling attackers to exploit these vulnerabilities repeatedly. Breach and Attack Simulation (BAS) provides ongoing, real-time validation of defenses, transforming assumptions into measurable proof of resilience and…
Top Highlights In early 2025, Russian APT groups Gamaredon and Turla collaborated to target Ukrainian organizations, marking a strategic escalation in cyber operations, with Gamaredon gaining initial access and Turla deploying its stealthy Kazuar backdoor for long-term espionage. The attack chain begins with Gamaredon’s noisy spear-phishing and malware delivery, which then leverages encrypted channels to fetch sophisticated payloads like PteroOdd and Kazuar, utilizing dual-stage loaders to evade detection and ensure implant resilience. Kazuar v3, once installed, establishes encrypted, modular command-and-control channels over WebSockets and Web Services, operating through roles such as KERNEL and WORKER, and employs advanced techniques like DLL…
Essential Insights Fortra released patches for a critical vulnerability (CVE-2025-10035) in GoAnywhere MFT’s License Servlet, which could allow remote command injection through deserialization flaws. The vulnerability primarily affects systems with an externally accessible Admin Console, making immediate configuration review and removal of internet exposure crucial. Despite no confirmed active exploitation yet, security experts recommend urgent patching due to the high attractiveness of GoAnywhere MFT to threat actors and its past exploit history. Over 470 GoAnywhere instances are monitored by Shadowserver, but the extent of unpatched systems remains uncertain, emphasizing the importance of prompt vulnerability mitigation. Underlying Problem Fortra has issued…
Fast Facts Non-Human Identities (NHIs), or machine identities, are critical for secure cloud communication, and mismanagement can lead to severe security breaches, especially in sensitive sectors like finance and healthcare. Effective NHI management involves discovery, threat detection, and remediation, with advanced monitoring providing better visibility, risk reduction, compliance, and operational efficiency. Integrating AI, machine learning, and DevOps practices enhances NHI security, supports automation, and addresses emerging challenges like IoT device proliferation and remote workforce security. Cross-departmental collaboration and a security-centric culture are vital for comprehensive NHI management, ensuring organizations remain resilient against evolving digital threats. The Issue The story highlights…
Summary Points Rise of Phishing-as-a-Service: Lighthouse and Lucid phishing platforms are linked to over 17,500 phishing domains targeting 316 brands in 74 countries, reflecting a surge in PhaaS operations. Targeted and Customizable Campaigns: Lucid offers customizable phishing kits for various industries, ensuring only designated targets access phishing URLs while serving generic sites to others. Evolution of Tactics: Cybercriminals are shifting from platforms like Telegram back to email for credential harvesting, with a 25% rise in phishing attacks detected recently. Homoglyph Attacks and Brand Exploitation: Attackers are using deceptive lookalike domains and impersonating brands to conduct scams, including schemes involving fake…
Top Highlights CVE-2025-10035 is a critical vulnerability in Fortra’s GoAnywhere MFT that closely mirrors the widely exploited CVE-2023-0669, raising concerns about potential malicious exploitation. Although not yet confirmed to be exploited in the wild, cybersecurity experts warn ransomware and APT groups are likely to develop exploits targeting this flaw. The vulnerability was patched swiftly within five days of discovery on September 13, with users urged to update to versions 7.8.4 or 7.6.3 to mitigate risks. Exploitation requires attackers to access the GoAnywhere Admin Console and forge a license response signature, emphasizing the importance of not exposing the console directly to…