Art Appraisal Blog

Cybercrime is undergoing a structural transformation. What was once a fragmented ecosystem of independent ransomware operators and data extortion gangs has evolved into a highly collaborative network. These alliances are not informal partnerships—they resemble organized crime cartels, pooling resources, sharing infrastructure, and exchanging tactics to maximize impact. For defenders, this means faster attacks, more sophisticated techniques, and a broader threat surface. This article explores the growing trend of cybercrime collaboration,...

In August 2025, attackers exploited OAuth tokens from Salesloft’s Drift integration to infiltrate hundreds of Salesforce customer environments, triggering one of the largest SaaS supply-chain breaches in recent memory. Google’s Threat Intelligence Group attributed the campaign to UNC6395, while a parallel vishing campaign by cybercrime groups compounded the chaos. The blast radius? 700+ organizations, including major tech and cybersecurity firms. This wasn’t a Salesforce core vulnerability, infact it was a...

LockBit 5.0 has resurfaced as a hardened, cross‑platform ransomware family designed to disrupt heterogeneous enterprise estates at scale. Beyond simply updating an encryptor, this release aligns tooling, anti‑analysis, and operator ergonomics to enable affiliates to hit Windows, Linux, and VMware ESXi in the same campaign. The result is a refined kill chain: stealthier ingress, faster pre‑encryption suppression of defenses, and hypervisor‑level impact that magnifies downtime. For organizations that virtualize critical...

These days CISOs rarely sleep when they hear Cisco ASA. This September, a chilling new threat has jolted many security teams awake: the disclosure and active exploitation of critical zero-day vulnerabilities in Cisco ASA firewalls. For many organizations, these flaws represent a near-worst-case scenario: trusted perimeter appliances that suddenly become entrance vectors for sophisticated attackers. The Vulnerabilities That Keep CISOs Up at Night Cisco’s advisory and subsequent threat reports confirmed...

If you thought phishing was just about shady links in emails, think again. A new technique called ClickFix is making waves in the cybercrime world—and not in a good way. It’s clever, sneaky, and it’s growing fast. In fact, security researchers have seen a 500%+ spike in ClickFix attacks in 2025. So, what makes this technique different? Instead of tricking you into clicking a bad link, ClickFix tricks you into...

In an era of escalating cyber warfare, U.S. critical infrastructure organizations face an unprecedented barrage of threats. From nation-state actors to AI-enhanced malware, the digital battlefield has grown more complex, more targeted, and more unforgiving. As the guardians of national resilience, Chief Information Security Officers (CISOs) are tasked with defending systems that underpin energy, healthcare, transportation, and financial services. Their mission is clear: prevent disruption, protect data, and ensure operational...

Cybersecurity leaders today face an overwhelming challenge: too much data and too little clarity. Security operations centers (SOCs) are flooded with alerts from multiple point solutions—endpoint detection tools, identity monitoring platforms, vulnerability scanners, and more. Each system provides valuable information, but collectively they create noise. Analysts spend hours sorting through alerts, chasing false positives, and trying to piece together fragmented insights. The result is alert fatigue, slower response times, and...

In today’s digital-first world, cybercriminals are evolving faster than ever. Among the most concerning shifts in the threat landscape is the rise of artificial intelligence (AI) in cyberattacks. AI is no longer just a defensive tool; it has become an offensive weapon in the hands of attackers. One area where this is especially dangerous is social engineering. With the ability to generate highly convincing messages, mimic trusted voices, and analyze...

Executive Summary The People’s Republic of China (PRC) has deployed a sophisticated and multi-faceted cyber strategy that presents a significant and evolving threat to global security. At the forefront of this effort are two distinct but related state-sponsored cyber threat groups, Volt Typhoon and Salt Typhoon. While sharing a common national sponsor and a focus on critical infrastructure, their operational objectives are fundamentally different. Volt Typhoon, attributed to the People’s...

Identity is the new security perimeter. As organizations embrace hybrid work, cloud adoption, and federated identity models, attackers are shifting their focus away from perimeter defenses and toward the human and machine identities that grant access to sensitive systems. For years, phishing has dominated as the go-to tactic for identity compromise. But in 2025, threat actors are moving beyond simple phishing campaigns to exploit more advanced identity-based attack vectors. For...