- Home
- Cybercrime and Ransomware
- Emerging Tech
- Threat Intelligence
- Expert Insights
- Careers and Learning
- Compliance
Subscribe to Updates
Subscribe to our newsletter and never miss our latest news
Subscribe my Newsletter for New Posts & tips Let's stay updated!
Author: Staff Writer
John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.
Summary Points Rival ransomware groups KryBit and Everest exposed each other’s infrastructure, revealing operational details and exposing fake victim claims, which undermines their credibility and stability. KryBit publicly breached 0APT, leaking comprehensive operational data including logs, source code, and system files, confirming that previous victim lists were fabricated. Ransomware gang conflicts, such as these, inadvertently benefit defenders by revealing attack tactics, infrastructure, and indicators of compromise that can be used for proactive defense measures. Threat Overview, Attack Techniques, and Targets Recently, two ransomware groups, 0APT and KryBit, became involved in a public feud. Both are new ransomware-as-a-service (RaaS) actors. 0APT…
Quick Takeaways An attacker with push access can exploit CVE-2026-3854 to execute arbitrary code on GitHub’s infrastructure by injecting malicious push option values during a git push, bypassing protections through crafted header manipulation. The vulnerability allows remote code execution on shared storage nodes, potentially leading to cross-tenant data access and widespread repository compromise on GitHub cloud and enterprise instances. The flaw’s exploitation chain involves injecting specific parameters to bypass sandboxing, manipulate hook directories, and trigger path traversal, which could give attackers full control over affected systems. Threat, Attack Techniques, and Targets Cybersecurity researchers have identified a critical vulnerability in GitHub…
Essential Insights BlobPhish is a sophisticated, memory-resident phishing campaign active since October 2024, that uses browser Blob URL APIs to silently and invisibly steal credentials from high-value targets like Microsoft 365 users and major financial institutions, evading traditional security tools. Instead of hosting malicious pages on external servers, BlobPhish dynamically generates phishing content entirely within the victim’s browser using JavaScript Blob objects, leaving no files on disk or cache artifacts for detection. The attack’s design allows it to evade URL reputation engines, proxy logs, email gateways, and endpoint solutions, complicating detection and response, and its impact can cascade into major…
Top Highlights Checkmarx experienced a significant security breach beginning with a supply chain attack on March 23, 2026, resulting in the leak of company data on the dark web, linked directly to its GitHub repositories. Cybercriminals exploited the breach to access and exfiltrate proprietary source code and internal documentation, raising concerns about potential vulnerabilities and extortion risks. The company swiftly contained the incident by locking down GitHub access, isolating the compromised repository, and ensuring customer data remains secure through strict segmentation from production environments. Ongoing investigations aim to determine the full scope of the leak, with Checkmarx pledging transparency, continuous…
Essential Insights Iranian cyber activity targets U.S. entities mainly through opportunistic and socially engineered attacks, not sophisticated or disruptive operations. Key methods include social engineering and exploitation of valid credentials to breach organizations like Stryker. Future Iranian cyber threats are likely to focus on credential theft and identity security breaches rather than custom web application assaults. Threat, Attack Techniques, and Targets Iranian cyber operations are focused on opportunistic attacks and information campaigns. Experts, including Timothy Haugh and Kevin Mandia, noted that Iran mainly uses social engineering and exploits valid credentials. These tactics aim to magnify the impact of their intrusions.…
Essential Insights Sandworm has advanced its cyberattack tactics by implementing a dual-layer SSH and Tor tunneling system, enabling long-term, anonymous access to victim networks while evading detection. The attack begins with spear-phishing delivering malicious ZIP archives containing disguised shortcuts and decoys, which deploy covert tools like SSH daemons and Tor servers upon execution. Persistent control is maintained through hidden scheduled tasks that launch disguised executables, creating encrypted channels for data exfiltration via dark web Onion addresses, bypassing traditional firewalls. Organizations are advised to monitor scheduled tasks, block Tor/obfs4 traffic, educate employees on spear-phishing risks, and deploy endpoint detections targeting unusual…
Fast Facts A Chinese national, Xu Zewei, associated with the HAFNIUM (Silk Typhoon) hacking campaign, has been extradited from Italy to the U.S. and faces federal charges for cyber intrusions targeting U.S. organizations during 2020-2021. Xu was directed by China’s Ministry of State Security to breach COVID-19 research institutions, extracting sensitive data on vaccines and testing, significantly contributing to one of the most damaging espionage campaigns. The hacking operation involved exploiting Microsoft Exchange Server vulnerabilities using web shells, allowing persistent access and data searches aimed at intelligence gathering. The U.S. and allies officially linked the HAFNIUM campaign to China’s MSS…
Quick Takeaways Threat-led defense aligns security measures directly with adversary tactics, techniques, and procedures (TTPs), enhancing detection precision. Mapping attacker behaviors to your environment reveals critical gaps, reducing the risk of overlooked, sophisticated attack methods. Prioritized, automated response based on procedural intelligence minimizes residual risks and outmaneuvers attackers throughout the attack lifecycle. Threat, Attack Techniques, and Targets Threat-led defense focuses on understanding the tactics, techniques, and procedures (TTPs) used by cyber adversaries. Attackers follow specific steps during their campaigns, which can be mapped to real-world threats. By analyzing these steps, organizations learn how attackers operate and which systems they target.…
Fast Facts A critical Windows Shell zero-click vulnerability (CVE-2026-32202) exploited by Russian APT28 allows attackers to steal credentials silently via SMB, even after initial patches intended to fix a related bypass flaw. The vulnerability stems from an incomplete patch addressing a separate security bypass (CVE-2026-21510) that failed to fully prevent malicious LNK files from triggering automatic SMB connections and NTLM authentication. Exploited by embedding malicious control panel links in LNK files, the flaw enables remote code execution and credential theft without user interaction, with active exploitation confirmed by Microsoft and security firms. Organizations are urged to immediately apply April 2026…
Quick Takeaways AI agents in SaaS systems rely on Retrieval-Augmented Generation (RAG) to access sensitive data, but this introduces significant security vulnerabilities, including data leaks and prompt injections. Recent incidents, such as “EchoLeak” and vector database breaches, highlight the critical need to safeguard RAG pipelines against external manipulation and data poisoning. Securing RAG involves layered defenses across ingestion, retrieval, and generation phases—using data sanitization, access controls, encryption, and prompt filtering. Implementing comprehensive monitoring and security tools, especially on platforms like Google Cloud, is essential to detect threats and maintain trust in AI-driven enterprise applications. Key Challenge A recent surge in…