Author: Staff Writer

Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Fast Facts A Pakistan-linked threat group, SideCopy, launched a targeted cyberattack on Afghanistan’s Ministry of Finance, using spear phishing to deploy the XenoRAT remote access trojan across all 34 provincial finance offices. The attack involved convincing spear phishing emails with Pashto-labeled ZIP attachments, exploiting precise knowledge of Afghan government environments, and utilizing legitimate Windows tools (mshta.exe) for stealthy in-memory payload delivery. Once active, XenoRAT established encrypted connections to servers in Frankfurt, Germany, with persistent infection mechanisms in the Windows Registry, scheduled tasks, and hidden processes, ensuring long-term unauthorized access. The malware’s infrastructure exploited Afghan government domains and local hosting, blending…

Read More

Quick Takeaways The "Operation Dragon Weave" campaign uses spear-phishing with ZIP files and DLL side-loading to deliver a Rust-based loader that exploits Azure Blob Storage for command-and-control, enabling attackers to remotely exfiltrate data and take full control of compromised systems. Chinese-aligned threat actors are actively deploying advanced malware tools like TencShell, ShadowPad, and new backdoors such as PhiliKit, targeting global government, infrastructure, and corporate entities through spear-phishing, DLL sideloading, and custom payloads. Recent campaigns demonstrate targeted espionage in multiple regions (Europe, Asia, Americas), with attackers leveraging stealthy C2 communication via cloud storage and deploying flexible malware frameworks such as Cobalt…

Read More

Essential Insights The Gentlemen is a growing ransomware-as-a-service (RaaS) platform, emerging mid-2025, that uses advanced cryptography (Curve25519 and XChaCha20) to encrypt files and exfiltrate data, employing aggressive self-propagation techniques to infect entire networks rapidly. It targets multiple sectors globally (education, healthcare, finance, etc.) across all regions, leveraging lateral movement methods and privilege escalation to maximize spread and impact after initial access. The operation operates through a modular, configurable malware written in Go, enabling precise control over encryption scope and infection behaviors, and employs double extortion tactics—encrypting and stealing data to pressure victims. Organizations can defend against The Gentlemen by implementing…

Read More

Summary Points Threat actors are actively exploiting a privilege escalation flaw in WP Maps Pro (CVE-2026-8732) to create malicious admin accounts and hijack WordPress sites. The vulnerability allows unauthenticated attackers to fully compromise a site by triggering a process that unconditionally creates admin users via an insecure temporary access feature. Over 2,800 attacks targeting this flaw have been blocked in the past 24 hours, highlighting the critical need for site owners to update to the patched version 6.1.1 immediately. Threat, Attack Techniques, and Targets Threat actors are actively exploiting a critical security flaw in WP Maps Pro, a popular WordPress…

Read More

Essential Insights A North Korean threat group, Famous Chollima, infiltrated a legitimate PHP package on Packagist, hiding malicious JavaScript within a configuration file to target developers discreetly. The malware, disguised as a Tailwind CSS config, uses blockchain services (TRON, Aptos, BNB) to fetch encrypted payloads, bypassing traditional detection mechanisms. The attack relies on dev versions requiring specific install commands, aiming to target individual developers during onboarding or code updates with minimal suspicion. Once activated, the malware gains extensive access to system credentials, environment variables, and files, with indicators linked to known malware families like DEV#POPPER RAT and OmniStealer. Problem Explained…

Read More

Quick Takeaways Many organizations face critical cybersecurity gaps, with one-third of CISOs feeling data isn’t adequately protected and over half unprepared for cyberattacks. The primary security gaps include a perception gap—seeing cybersecurity as solely IT protection instead of business resilience—and gaps in speed of threat response, business agility, skills, securing AI, and legacy systems. CISOs must shift perspectives—viewing security as a business enabler, adopting rapid, AI-driven defenses, closing skills gaps through continuous learning, and modernizing legacy infrastructure. Addressing these gaps requires proactive leadership, increased investment in personnel and AI governance, and a risk-based approach to legacy systems to prevent exploitation…

Read More

Fast Facts 1. The integration of Pindrop Protect into FICO Platform enables real-time, multi-signal risk assessment of phone interactions, combining voice, device, behavioral, and consortium data. 2. This combined approach significantly improves fraud detection rates (claimed at 80%) and reduces false positives, helping prevent billions in potential losses. 3. The partnership shifts contact centers from reactive risk management to proactive, integrated fraud decisioning, addressing cross-channel attack patterns. 4. It signifies a major industry shift away from segregated, channel-specific assessments to a unified fraud framework essential for countering AI-enabled threats like deepfakes and synthetic voices. AI Voice Fraud Reshaping Contact Center…

Read More

Summary Points A persistent, encoded RAT communicates with a malicious C2 server at 89.110.110.119 on TCP port 443, originating from the SmartApeSG ClickFix campaign, enabling remote control and data exfiltration. The infection deploys a multi-stage payload, including zip archives, scripts, and CAB files, which establish persistence by installing the NetSupport RAT and deleting initial infection files. Indicators such as malicious URLs, IP addresses, file hashes, and unique script activity are dynamic, requiring continuous monitoring to detect and respond effectively to ongoing SmartApeSG activity. Threat, Techniques, and Targets The threat involves an unidentified Remote Access Trojan (RAT) followed by a NetSupport…

Read More

The theme “Secure our World” emphasizes shared responsibility in cybersecurity, advocating for inclusive education and a diverse workforce to better protect vulnerable communities. The interviewee’s career journey highlights transitioning from advocacy and education into cybersecurity at NIST, demonstrating that many roles in the field are non-technical and service-oriented. At NIST, they manage programs like NICE to foster workforce development, diversity, and multistakeholder collaborations, actively impacting cybersecurity education and community engagement. They value NIST’s work-life balance, societal impact of their projects, and strong community relationships, which collectively create a fulfilling and supportive professional environment. Bringing Staff Stories into Daily IT Operations…

Read More

Top Highlights Cohesity’s partnership with CISA signifies a strategic commitment to contribute threat intelligence directly to the national cybersecurity ecosystem, extending benefits beyond its own clients to critical infrastructure and government agencies. The framework enables real-time, specific sharing of threat data and technical analysis, which enhances early detection and sector-wide prevention of cyber threats like ransomware. Participation in voluntary, structured information sharing with CISA underscores the importance of meaningful engagement over mere compliance, amplifying national defense capabilities. This collaboration signals to the enterprise security market that contributing to and leveraging national threat intelligence is crucial for effective defense against sophisticated,…

Read More