Art Appraisal Blog

Ransomware did not take a holiday in 2025 and it will not in 2026. Executives and security teams continue to rank it as the top organizational cyber risk. Attackers have professionalized, adopted multi extortion models that combine encryption, data theft, and harassment, and are using automation and artificial intelligence to compress their attack timelines. In simple terms, velocity now defines risk. If your organization cannot detect and contain an intrusion...

Account Takeover (ATO) attacks have become one of the most devastating threats in modern cybersecurity. Recently, FBI said that cybercriminals impersonated bank support teams and successfully stole $262 million by exploiting weaknesses in identity and access management. This incident underscores the critical need for advanced identity security measures, particularly Identity Threat Detection and Response (ITDR) solutions. Understanding the Attack: How Cybercriminals Pulled It Off The attackers executed a highly sophisticated...

On December 9, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the FBI, NSA, DOE, EPA, and international partners, issued advisory AA25‑343A warning of opportunistic cyberattacks by pro‑Russia hacktivist groups targeting critical infrastructure worldwide. This advisory underscores the rising risk posed by multiple loosely affiliated hacktivists exploiting weakly defended Operational Technology (OT) environments, particularly those with exposed Virtual Network Computing (VNC) services. Background and Emergence of Hacktivist...

On December 4, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the National Security Agency (NSA) and the Canadian Centre for Cyber Security (Cyber Centre), released Malware Analysis Report AR25-338A detailing a significant cyber threat: BRICKSTORM, a highly advanced backdoor attributed to state-sponsored actors from the People’s Republic of China (PRC). This advisory underscores the growing complexity of nation-state cyber operations and the urgent need for organizations...

he modern cybersecurity landscape is more complex than ever before. Organizations rely on a multitude of tools—endpoint protection, firewalls, SIEMs, identity monitoring, and vulnerability scanners—to protect their digital assets. Each of these solutions provides valuable data, but together, they often create a flood of alerts and fragmented insights. Instead of clarity, security teams face chaos. In this environment, the real challenge isn’t the lack of information—it’s too much of it....

Qilin ransomware, previously known as Agenda, has emerged as one of the most sophisticated ransomware-as-a-service (RaaS) operations in recent years. Its evolution from Go-based binaries to Rust and Linux variants demonstrates a clear focus on cross-platform capability and operational efficiency. This article provides a technical deep dive into Qilin’s tactics, techniques, and procedures (TTPs), along with actionable defense strategies for enterprise environments. Evolution and RaaS Model Qilin operates under a...

Cybercrime is undergoing a structural transformation. What was once a fragmented ecosystem of independent ransomware operators and data extortion gangs has evolved into a highly collaborative network. These alliances are not informal partnerships—they resemble organized crime cartels, pooling resources, sharing infrastructure, and exchanging tactics to maximize impact. For defenders, this means faster attacks, more sophisticated techniques, and a broader threat surface. This article explores the growing trend of cybercrime collaboration,...

In August 2025, attackers exploited OAuth tokens from Salesloft’s Drift integration to infiltrate hundreds of Salesforce customer environments, triggering one of the largest SaaS supply-chain breaches in recent memory. Google’s Threat Intelligence Group attributed the campaign to UNC6395, while a parallel vishing campaign by cybercrime groups compounded the chaos. The blast radius? 700+ organizations, including major tech and cybersecurity firms. This wasn’t a Salesforce core vulnerability, infact it was a...

LockBit 5.0 has resurfaced as a hardened, cross‑platform ransomware family designed to disrupt heterogeneous enterprise estates at scale. Beyond simply updating an encryptor, this release aligns tooling, anti‑analysis, and operator ergonomics to enable affiliates to hit Windows, Linux, and VMware ESXi in the same campaign. The result is a refined kill chain: stealthier ingress, faster pre‑encryption suppression of defenses, and hypervisor‑level impact that magnifies downtime. For organizations that virtualize critical...

These days CISOs rarely sleep when they hear Cisco ASA. This September, a chilling new threat has jolted many security teams awake: the disclosure and active exploitation of critical zero-day vulnerabilities in Cisco ASA firewalls. For many organizations, these flaws represent a near-worst-case scenario: trusted perimeter appliances that suddenly become entrance vectors for sophisticated attackers. The Vulnerabilities That Keep CISOs Up at Night Cisco’s advisory and subsequent threat reports confirmed...