Mobile apps have quietly become critical infrastructure for global commerce but security practices haven’t kept up.

This webinar exposes why traditional assumptions no longer hold, and what modern mobile defenses really require from device intelligence to RASP, attestation, and anti-tampering controls.

Join us on January 20th for a deep dive into the risks shaping the next era of mobile security.

Welcome to another_secpro!

If you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!

Cheers!
Austin Miller
Editor-in-Chief

Today’s executives are expected to be visible—on LinkedIn, in the press, at conferences, and across digital channels. That visibility fuels brand trust, investor confidence, and talent attraction. But it also creates a dangerous imbalance: as executive exposure increases, digital threats accelerate even faster.

This is the Visibility Paradox.

Most executive risk doesn’t start with sophisticated hacks. It starts with unmanaged digital exposure—home addresses, family details, travel patterns, and credentials scattered across the open and dark web. These gaps turn influence into liability.

Our latest thought leadership article introduces a modern framework for Safe Visibility, built on five critical pillars:

• Public data elimination
• Continuous monitoring and rapid removal
• Secure communication protocols
• Organization-wide security alignment
• Integrated physical security

Each pillar matters. Miss one, and the entire protection strategy weakens. The ultimate metric? High executive visibility with zero digital or physical incidents. VanishID is the category leader in executive digital-risk protection, delivering end-to-end coverage—from PII removal and dark web monitoring to real-time exposure dashboards and fully managed operations with zero lift for security teams.

Clopis a well‑known cybercrime group that has operated since at least 2019. The group, sometimes spelled “Cl0p” and is characterised by highly organised ransomware and extortion operations that target large organisations globally.Clopdoes not rely solely on traditional encryption of victim systems. Instead, it often focuses on data theft and extortion.

If you'd like to find out about our series on social engineering, start here: the adversary moves in the age of AI, then make sure to check out the articles link in this introduction: here, here, here, here, and here.

Chinese-linked hackers target US entities with Venezuelan-themed malware: Researchers uncovered a cyberespionage campaign by “Mustang Panda” using Venezuela-themed phishing ZIPs to deliver malware designed for long-term data theft and persistence. Artifacts left behind helped analysts attribute the activity, though impact on targets remains unclear.

Oracle Hack Still Generating Ransom Demands: The Clop ransomware group’s mid-2025 breach of Oracle E-Business Suite continues to ripple out, with ransom extortion ongoing and sensitive data held at risk. Attackers used a zero-day to gain unauthenticated access, affecting hundreds of firms.

New Ransomware Variant Emerges Using Blockchain: DeadLock ransomware abuses Polygon smart contracts to distribute proxy info, sidestepping traditional discovery and allowing multiple variant generation. It deploys via remote tools, deletes backups, and marks files “.dlock”.

Investigating React2Shell Fake POC: A malicious “fake proof-of-concept CVE scanner” script is circulating, designed to target researchers by masquerading as legitimate vulnerability tools. Early analysis highlights poor obfuscation but warns of sandbox/AV-evasion triggers and delayed execution tactics.

‘VoidLink’ Malware Poses Advanced Threat to Linux Systems: Researchers revealed a modular, cloud-focused Linux malware framework with loaders, implants, rootkits, and plugin modules designed for stealthy persistent access in cloud/container environments.

Linux Malware “VoidLink” Analysis: Security researchers described VoidLink’s cloud-native capabilities, credential harvesting, and awareness of cloud platforms (AWS, Azure, GCP, containerization), emphasizing its potential future risk.

TCP #116: Starlink v. Iran, Agents Attack …(Darwin Salazar, Head of Growth at Monad): A weekly digest of the hottest security news covering global high-profile events such as satellite internet warfare, AI attack probes, malware leaks, and major cybersecurity M&A activity. This issue highlights geopolitical cyber interplay (Starlink vs Iran), high-volume AI infrastructure scanning by adversaries, leaked cybercrime data, and high-value acquisitions by CrowdStrike — offering broad industry impact context and emerging threat developments.

Resilient Cyber Newsletter #62: Netskope IPO, AI-Driven Attacks, Black Hat Takeaways (Chris Hughes): This weekly issue covers major industry signals including Netskope’s S-1 filing pointing toward an IPO, enterprise earnings calls, AI-driven attack activity and tooling trends, and critical insights from Black Hat. Highlights include identity threat detection playbooks and discussion around detection blind spots and proactive posture improvements.

Cyber Markets Brief #42: Google Unified Security, Forrester & Gartner on Exposure Management (Dane Disimino, i.e., Cyber PMM): A deep market-focused cyber brief highlighting Google’s unified security push, Forrester’s proactive security framing, and Gartner’s new classification of exposure management platforms. Includes vendor shifts (Deepwatch, identity security), open AI tool updates (GPT 5.1), and job/gig alerts relevant to the cybersecurity product ecosystem.

Inside Ransomware Groups: An Analysis of Their Origins, Structures, and Dynamics (Andrew Phipps & Jason R. C. Nurse fromComputers & Security): This peer-reviewed study systematically analyses the criminal organisations behind major ransomware operations (e.g., Conti, LockBit, BlackCat/ALPHV). Using over 500 source materials — including leaked communications and industry reports — the authors develop a conceptual framework for understanding how ransomware groups are formed, organised, and sustain operations. It also discusses ransomware-as-a-service (RaaS), branding dynamics, and mitigation strategies based on group structures.

A Computational Model for Ransomware Detection Using Cross-Domain Entropy Signatures (Michael Mannon, Evan Statham, Quentin Featherstone, Sebastian Arkwright, Clive Fenwick, Gareth Willoughby): This article introduces an entropy-based detection model aimed at distinguishing ransomware behaviour from benign processes across multiple domains (file system, memory, and network). The mathematical framework quantifies entropy deviations over time, offering a way to detect malicious encryption activity even when signature-based methods fail. Their experimental results show promising accuracy and low false positives, suggesting this could enhance real-time defensive systems.

Unveiling Zero-Space Detection: A Novel Framework for Autonomous Ransomware Identification (Lafedi Svet, Arthur Brightwell, Augustus Wildflower, Cecily Marshwood): This research proposes Zero-Space Detection, an unsupervised multi-phase framework integrating clustering and ensemble learning to detect ransomware in high-velocity environments. It is specifically designed to overcome limitations of traditional signature and heuristic approaches, demonstrating high detection efficacy across diverse ransomware families (e.g., LockBit, Conti, REvil) while preserving real-time performance.

Federated Cyber Defense: Privacy-Preserving Ransomware Detection Across Distributed Systems (Daniel M. Jimenez-Gutierrez, Enrique Zuazua, Joaquin Del Rio, Oleksii Sliusarenko, Xabi Uribe-Etxebarria): Addressing the need for cross-organizational ransomware detection without compromising privacy, this paper applies federated learning to train collaborative models on distributed systems. The approach met or exceeded centralized training performance using the RanSAP dataset. It shows how networked defenders can share intelligence to improve malware detection while keeping sensitive data local — a key consideration for enterprise and regulatory environments.

Inside LockBit: Technical, Behavioral, and Financial Anatomy of a Ransomware Empire (Felipe Castaño, Constantinos Patsakis, Francesco Zola, Fran Casino): A detailed empirical reconstruction of the LockBit ransomware franchise, this study combines leaked management panel data, negotiation chat logs, and blockchain analysis to map technical artefacts, attacker behaviour, and ransom payment flows. It situates LockBit’s evolution within MITRE ATT&CK tactics and reveals systemic financial patterns relevant to tracking and disrupting ransomware economies.

SAFARI: A Scalable Air-Gapped Framework for Automated Ransomware Investigation (Tommaso Compagnucci, Franco Callegati, Saverio Giallorenzo, Andrea Melis, Simone Melloni, Alessandro Vannini): SAFARI is an open-source air-gapped analysis framework that enables safe, reproducible investigation of ransomware samples. It uses automation, virtualization, and infrastructure-as-code to characterise malware behaviour across environments without risk of infection or propagation. Case studies analysing strains like WannaCry and LockBit illustrate its use in profiling encryption strategies and countermeasure effectiveness.