Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1941+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
208 articles

#Ransomware

All CosmicBytez Labs articles tagged #Ransomware, across news, security advisories, how-to guides, and projects.

  • NewsJul 17, 2026

    Abbott Laboratories Probes Two Cyber Incidents Amid Extortion Claims

    Abbott Laboratories is investigating two separate cybersecurity incidents: confirmed unauthorized access to legacy Exact Sciences systems in its Cancer Diagnostics unit, and a separate claim of a breach of its LabCentral portal with extortion threats.

  • NewsJul 17, 2026

    In Other News: Iran Tracks US Military Phones, CrashStealer macOS Malware, CVD Blueprint

    This week's security roundup covers Iranian threat actors tracking US military personnel's phones, the newly discovered CrashStealer macOS infostealer, a coordinated vulnerability disclosure blueprint, ransomware targeting naval defense firm TKMS, and more.

  • NewsJul 17, 2026

    Inc Ransomware Exploits Chained SonicWall SMA Zero-Days for Root Access

    The Inc ransomware group is actively exploiting two chained zero-day vulnerabilities in SonicWall Secure Mobile Access appliances. When combined, the flaws allow unauthenticated attackers to gain root-level control over SMA devices.

  • NewsJul 16, 2026

    Coca-Cola Fairlife Ransomware Attack Halts All US Dairy Production

    The Coca-Cola Company filed an SEC 8-K disclosure after a ransomware attack on its Fairlife dairy subsidiary temporarily suspended all US production of Ultra-Filtered Milk, Core Power Protein Shakes, and Nutrition Plan beverages.

  • NewsJul 16, 2026

    Identity Attacks Overtake Exploits as Top Ransomware Cause

    Sophos 2026: 79% of ransomware attacks start with stolen identities. MFA was present in 97% of credential-based cases yet failed to stop every one of them.

  • NewsJul 16, 2026

    New Spirals Ransomware Encrypts Victim Network in Under 24 Hours

    A newly identified ransomware group called Spirals has demonstrated alarming operational speed, completing the full attack lifecycle — initial access, lateral movement, data theft, and network-wide encryption — in less than 24 hours.

  • NewsJul 16, 2026

    Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack

    Owen Flowers, 18, and Thalha Jubair, 20, were each sentenced to five and a half years at Woolwich Crown Court for their roles in the 2024 cyberattack on Transport for London that downed 148 systems and disrupted 27,000 employees.

  • NewsJul 15, 2026

    US Charges Three Russians for Operating Bulletproof Hosting Behind $62M Ransomware Campaign

    Federal prosecutors unsealed a 2024 indictment against three Russian nationals who ran Medialand LLC and ML.Cloud LLC — bulletproof hosting services used by LockBit, BlackSuit, and Play ransomware gangs to victimize 44 organizations across 21 US states.

  • NewsJul 14, 2026

    U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support

    The U.S. Treasury's OFAC has designated two individuals and a VPN service provider for enabling ransomware actors and other cybercriminals — marking a significant escalation in targeting the infrastructure that makes ransomware operations possible.

  • NewsletterJul 14, 2026

    Weekly Digest #27 — Zero-Days Everywhere, Sanctions Escalate, and Your Browser Extension Just Betrayed You

    This week: Progress ShareFile and SonicWall hit with chained zero-days, the US sanctions its first VPN provider, ShinyHunters walks into Salesforce through the front door, and a 1.6M-install browser extension was hiding a dormant data collector the whole time.

  • NewsJul 13, 2026

    US Treasury Sanctions 1VPNS: The VPN Service Favored by Ransomware Groups

    The US Treasury's OFAC sanctioned First VPN Service (1VPNS) and its Ukrainian administrator for providing anonymization cover to ransomware groups attacking US critical infrastructure, causing billions in losses. Action is coordinated with the UK and follows a May 2026 European infrastructure takedown.

  • NewsJul 13, 2026

    Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, and AI Coding Attacks

    This week's biggest threats: Progress Software orders ShareFile shutdown over an undisclosed zero-day-level risk, ransomware groups weaponize Citrix Bleed 2 to bypass MFA across 91+ victims, and five AI coding assistants fall to a shared attack pattern.

  • NewsJul 12, 2026

    Ransomware Negotiator Gets 70 Months in Prison for Aiding BlackCat Attacks

    A 41-year-old former cybersecurity professional has been sentenced to 70 months in federal prison for conspiring with the now-defunct BlackCat ransomware group to extort victims and coordinating additional attacks alongside two other cybersecurity professionals.

  • NewsJul 11, 2026

    Ryuk Operator Pleads Guilty; BlackCat/AlphV Conspirator Gets Nearly 6-Year Sentence

    A Ryuk ransomware operator pleaded guilty in Oregon federal court while a BlackCat/AlphV conspirator received a 70-month prison sentence in Florida,...

  • NewsJul 11, 2026

    Third US Security Expert Sentenced to Prison for Helping Ransomware Gang

    Angelo Martino, a former ransomware negotiator turned insider threat, was sentenced to 70 months in federal prison for actively assisting the...

  • NewsJul 10, 2026

    Armenian National Pleads Guilty to Ryuk Ransomware Attacks

    Karen Vardanyan, an Armenian national, has pleaded guilty to federal charges related to Ryuk ransomware attacks and faces up to 15 years in prison with...

  • NewsJul 10, 2026

    In Other News: DHS Database Hacked, Adobe Boosts Patch Cadence, Canada Disrupts Ransomware Ops

    A weekly cybersecurity roundup covering the DHS database breach, Adobe accelerating its patch release schedule, Canada's law enforcement disruption of...

  • NewsJul 9, 2026

    Former DigitalMint Ransomware Negotiator Sentenced to 70 Months for Defrauding Clients

    Angelo Martino, a former cyber recovery specialist at DigitalMint, was sentenced to nearly six years in federal prison after secretly feeding confidential...

  • NewsJul 9, 2026

    GodDamn Ransomware Deploys Microsoft-Signed PoisonX Driver to Kill EDR Tools

    GodDamn ransomware — a rebrand of Beast/Monster — uses PoisonX, a malicious kernel driver that passed Microsoft's signing process, to terminate 400+...

  • NewsJul 9, 2026

    'GodDamn' Ransomware Uses BYOVD Technique to Kill Security Software at US Companies

    A new ransomware strain dubbed 'GodDamn' is leveraging a Microsoft-signed malicious kernel driver through the Bring Your Own Vulnerable Driver technique...

  • NewsJul 9, 2026

    GodDamn Ransomware Uses PoisonX Kernel Driver to Neutralize Endpoint Security

    Symantec's Threat Hunter Team has flagged GodDamn, a new ransomware family that deploys the PoisonX kernel driver to disable endpoint detection and...

  • NewsJul 9, 2026

    Latvian State Forests Still Restoring Systems Weeks After Ransomware Attack

    Latvia's state-owned forest management company LVM remains in recovery mode weeks after a ransomware attack that went undetected for nearly two weeks,...

  • NewsJul 9, 2026

    Mount Royal University Confirms Breach as Hackers Claim Attack

    Mount Royal University in Calgary has confirmed that hackers breached its network, stole data from file storage systems, and subsequently deleted it —...

  • NewsJul 9, 2026

    GigaWiper: New Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware

    Microsoft has dissected GigaWiper, a destructive Windows backdoor that combines three distinct destructive capabilities — full disk wiping, fake...

  • NewsJul 7, 2026

    County Government Reportedly Paid $1 Million to Cyber Extortion Group

    A small Ohio county reportedly paid a cyber extortion group $1 million to prevent the public release of sensitive stolen government data, highlighting the...

  • NewsletterJul 7, 2026

    Weekly Digest #26 — AI Ransomware, Mega-Breaches, and the Supply Chain Under Siege

    This week: the first fully autonomous LLM-powered ransomware attack, 16 million people caught in two massive breaches, North Korean supply chain...

  • NewsJul 6, 2026

    Canada's Spy Agency Reports Hacking Three Criminal Groups in 2025

    Canada's Communications Security Establishment publicly disclosed offensive cyber operations against a ransomware-as-a-service gang, a foreign online...

  • NewsJul 6, 2026

    JadePuffer: The First Fully Autonomous LLM-Driven Ransomware Attack

    Security researchers at Sysdig have documented JadePuffer — an agentic threat actor powered entirely by a large language model that independently...

  • NewsJul 6, 2026

    Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware

    This week's threat roundup covers residential proxy botnets hiding in streaming boxes, browser-based ransomware campaigns, AI agent abuse techniques, and...

  • NewsJul 5, 2026

    Teen Suspect in Scattered Spider Hacks Is Extradited to US

    Peter Stokes, 19, has been extradited from Finland to face federal charges tied to Scattered Spider's hundred-million-dollar cybercrime spree — the latest...

  • NewsJul 4, 2026

    Agentic AI Used to Conduct Ransomware Attack via Langflow Vulnerability

    Threat group JadePuffer leveraged an LLM agent to autonomously execute a multi-stage ransomware-style attack through a critical Langflow vulnerability,...

  • NewsJul 4, 2026

    Alleged Scattered Spider Hacker Peter Stokes Extradited to the United States

    Peter Stokes, 19, a dual US-Estonian citizen known online as 'Bouquet,' has been extradited from Finland to face federal charges for his alleged role in...

  • NewsJul 4, 2026

    JadePuffer Ransomware Used an AI Agent to Automate the Entire Attack

    Security researchers have documented what appears to be the first ransomware operation conducted entirely by a large language model agent — JadePuffer...

  • NewsJul 4, 2026

    U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case

    A leaked negotiation chat and blockchain analysis reveal that a U.S. government entity paid approximately $1 million to the Kairos extortion group to...

  • NewsJul 3, 2026

    New Avalon Malware Framework Packs CrownX Ransomware Capabilities

    Blackpoint Cyber researchers have uncovered Avalon, an AI-assisted modular malware framework that chains phishing, credential theft, lateral movement, and...

  • NewsJul 2, 2026

    AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack

    Sysdig researchers documented the first fully autonomous AI-driven ransomware campaign, where threat actor JADEPUFFER used an AI agent to chain Langflow...

  • NewsJul 2, 2026

    AI-Generated Browser Ransomware Abuses Chromium API on Windows, Linux, macOS, Android

    Researchers have uncovered a novel malware artifact generated using DeepSeek that weaponizes the Chromium File System Access API to encrypt files entirely...

  • NewsJul 2, 2026

    FortiBleed Actors Collaborating With Inc, Lynx Ransomware Gangs

    Threat actors who exploited the FortiBleed vulnerability to gain persistent access to thousands of Fortinet firewalls are now monetizing that access by...

  • NewsJul 2, 2026

    FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations

    SOCRadar uncovered FortiBleed — a large-scale credential-harvesting campaign targeting 11,250 FortiGate portals across 150+ countries, resulting in 110...

  • NewsJul 2, 2026

    Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials

    Anubis ransomware affiliates are exploiting CVE-2025-5777 (Citrix Bleed 2) for initial access while pairing BYOVD techniques and stolen supply chain...

  • NewsJul 2, 2026

    Ransomware Thugs Masquerade as Interpol to Entice Small Biz

    A ransomware campaign is impersonating Interpol to pressure small and medium-sized businesses into paying extortion demands, using law enforcement...

  • NewsJul 2, 2026

    ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories

    This week's security roundup covers AI compute theft, a newly discovered Apple Mail vulnerability, the emerging BlueHammer ransomware group, and 14...

  • NewsJul 1, 2026

    FortiBleed Credential-Theft Campaign Linked to Lynx Ransomware Group

    Researchers have connected the massive FortiBleed credential-theft operation — which harvested credentials from over 86,000 FortiGate firewalls — directly...

  • NewsJun 30, 2026

    Blackfield Ransomware Demands $2 Million from Nidec Corporation

    The Blackfield ransomware gang is demanding a $2 million ransom from Nidec Corporation after attacking its Taiwanese subsidiary, Nidec Chaun Choung...

  • NewsJun 30, 2026

    BlueHammer Vulnerability Exploited in Ransomware Attacks Before Microsoft Patch

    The Microsoft Defender vulnerability CVE-2026-33825 was actively exploited as a zero-day by ransomware groups before Microsoft had the chance to release a...

  • NewsJun 30, 2026

    CISA: Windows BlueHammer Flaw Now Exploited by Ransomware Gangs

    CISA has confirmed that ransomware gangs are actively exploiting BlueHammer, a Microsoft Defender privilege escalation vulnerability previously used in...

  • NewsJun 30, 2026

    How Ransomware Syndicates Weaponize Corporate-Style Organization

    From outsourced labor to tiered pricing models, today's top ransomware groups operate less like rogue hackers and more like Fortune 500 companies — with...

  • NewsletterJun 30, 2026

    June 30 Digest: BlueHammer Zero-Day, Ransomware Goes Corporate, AI Supply Chain Risks & Nation-State ICS Threats

    A Microsoft Defender zero-day fuels ransomware before any patch exists; researchers dissect how syndicate groups run HR departments and tiered pricing;...

  • NewsJun 28, 2026

    In Other News: Chinese Mythos-Like AI, Tata Electronics Breach, Snyk Layoffs

    Qihoo 360 unveils Tulongfeng — a Chinese rival to Anthropic's Mythos AI vulnerability finder; the World Leaks ransomware group dumps 630 GB from Tata...

  • NewsJun 27, 2026

    Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Risk

    Rising third-party breach incidents are forcing schools and universities to play defense as ransomware gangs and supply chain attackers increasingly...

  • NewsJun 25, 2026

    Europe Evolves Into Ransomware's Favorite Region

    New research from Black Kite shows ransomware attacks against European organizations surged 55% in the first four months of 2026 compared to the same...

  • NewsJun 25, 2026

    Malicious Edge Extension "Edgecution" Abuses Native Messaging to Deploy Ransomware Backdoor

    Zscaler researchers exposed 'Edgecution', a rogue Microsoft Edge extension that exploits Chrome's Native Messaging protocol to escape the browser sandbox...

  • NewsJun 24, 2026

    Amadey and StealC Malware Operations Disrupted in Operation Endgame Action

    Microsoft, Europol, and international law enforcement partners have dismantled infrastructure supporting the Amadey malware loader and StealC infostealer...

  • NewsJun 24, 2026

    Edgecution: Malicious Edge Extension Escapes Browser Sandbox via Native Messaging

    A malicious Microsoft Edge extension dubbed 'Edgecution' abused the Native Messaging API to escape the browser sandbox and deliver a Python backdoor used...

  • NewsJun 24, 2026

    Stealthy Mistic Backdoor Linked to Ransomware Access Broker KongTuke

    Security researchers have identified a new backdoor malware named Mistic being deployed by KongTuke, a ransomware initial access broker, in financially...

  • NewsJun 22, 2026

    INTERPOL Warns Phishing, Ransomware, and AI Scams Are Rising Across Asia-Pacific

    A new INTERPOL report reveals a dramatic surge in Asia-Pacific cybercrime, with phishing rates nearly double the global average, ransomware attacks...

  • NewsJun 22, 2026

    Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More

    This week's threat roundup covers the Usbliter8 iPhone boot exploit, NarwhalRAT spread via fake Microsoft alerts, The Gentlemen ransomware's GentleKiller...

  • NewsJun 21, 2026

    New Prinz Eugen Ransomware Prioritizes Recent Files for Encryption

    A new Go-based ransomware operation named Prinz Eugen targets recently modified files first, uses ChaCha20-Poly1305 encryption, and communicates with...

  • NewsJun 21, 2026

    Nintendo Confirms Employee Data Stolen in TinyPulse Cyberattack by Shadowbyt3$

    Nintendo of America has confirmed that approximately 1GB of employee data — including W-9 forms, bank statements, and HR survey responses — was...

  • NewsJun 19, 2026

    The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes

    The Gentlemen ransomware-as-a-service operation distributes a sophisticated EDR-killing toolkit called GentleKiller to affiliates, capable of terminating...

  • NewsJun 18, 2026

    Australian Sugar Producer Works to Restore Operations After Ransomware Attack

    Mackay Sugar, one of Australia's largest sugar producers, is working urgently to restore harvesting and milling operations after The Gentlemen ransomware...

  • NewsJun 18, 2026

    Gentlemen Ransomware Uses Multiple EDR Killers to Disable Defenses

    The Gentlemen ransomware-as-a-service operation is actively developing and maintaining a suite of EDR killer tools to help affiliates evade detection and...

  • NewsJun 18, 2026

    INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023

    Cybersecurity researchers have charted the evolution of INC ransomware from a nascent RaaS operation to one of the most prolific cybercrime groups in...

  • NewsJun 17, 2026

    INC Ransomware Thrives by Mastering the Basics

    The INC ransomware group has risen to prominence not through exotic exploits but by relentlessly targeting sectors — particularly healthcare — where...

  • NewsJun 17, 2026

    Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack

    Security researchers have uncovered a DragonForce ransomware attack deploying a new Go-based backdoor that uses Microsoft Teams relay infrastructure for...

  • NewsletterJun 17, 2026

    June 17 Digest: Teams C2 Evasion, Copilot Data Theft, iRhythm Breach, cPanel KEV

    DragonForce hides C2 inside Microsoft Teams relay traffic; a SearchLeak attack weaponizes M365 Copilot for one-click data exfiltration; iRhythm confirms...

  • NewsJun 16, 2026

    iRhythm Confirms Patient Data Stolen in Ransomware Attack

    Digital health company iRhythm has confirmed that attackers stole data in a cyber intrusion discovered on June 8, 2026, with the threat actors demanding a...

  • NewsJun 16, 2026

    'Lorem Ipsum' Malware Pivots to ClickFix Delivery via WordPress

    New analysis reveals the 'Lorem Ipsum' malware campaign has adopted ClickFix social engineering as its primary delivery mechanism, leveraging compromised...

  • NewsJun 16, 2026

    DragonForce Ransomware Hides C2 Traffic Inside Microsoft Teams Relays

    DragonForce ransomware operators deployed a custom implant called Backdoor.Turn to camouflage command-and-control communications inside legitimate...

  • NewsJun 14, 2026

    Check Point VPN Zero-Day Exploited Since Early May by Qilin Ransomware

    A critical zero-day vulnerability in Check Point's VPN products has been under active exploitation since at least early May 2026, with a Qilin ransomware...

  • NewsJun 14, 2026

    Conti Ransomware Member Pleads Guilty, Faces Up to 20 Years in Prison

    Oleksii Lytvynenko, a 44-year-old Ukrainian national, has pleaded guilty to participating in the prolific Conti ransomware group after being arrested in...

  • NewsJun 13, 2026

    In Other News: Google Security Layoffs, AudiA6 Takedown, $400M Coupang Fine

    This week's security roundup covers Google's controversial security team layoffs, Europol's dismantling of the AudiA6 ransomware crypto laundering...

  • NewsJun 13, 2026

    ShinyHunters Uses Oracle Zero-Day to Rampage Higher Education

    The ShinyHunters hacking group exploited a critical Oracle PeopleSoft ERP zero-day (CVE-2026-35273) that disproportionately impacted American...

  • NewsJun 12, 2026

    Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs

    Europol has dismantled AudiA6, a cryptocurrency laundering service described as a key financial pipeline for ransomware gangs and cybercriminal networks...

  • NewsJun 12, 2026

    Ukrainian National Pleads Guilty to Role in Conti Ransomware Operation

    A Ukrainian national extradited from Ireland to the United States has pleaded guilty to conspiracy charges tied to the Conti ransomware operation, which...

  • NewsJun 11, 2026

    Authorities Dismantle 'AudiA6' Ransomware Crypto-Laundering Service

    Law enforcement has dismantled the AudiA6 cryptocurrency laundering service used by ransomware actors and cybercriminals to clean more than $380 million...

  • NewsJun 11, 2026

    The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm

    A new analysis of The Gentlemen ransomware operation reveals the financially motivated group has claimed 478 victims and evolved a worm-like...

  • NewsJun 10, 2026

    Infostealers Turn Millions of Devices Into Credential Theft Machines

    Attackers increasingly favor stolen credentials over exploits, and infostealers have become the primary access broker feeding ransomware and cybercrime...

  • NewsJun 10, 2026

    Who Runs the Ransomware Group 'The Gentlemen'?

    KrebsOnSecurity investigates the identity and structure behind The Gentlemen, the second most active ransomware gang of 2026, known for offering...

  • NewsJun 9, 2026

    CISA Gives Feds 3 Days to Patch Check Point VPN Bug Exploited as Zero-Day

    CISA ordered federal agencies to patch a critical Check Point Remote Access VPN flaw within 3 days after Qilin ransomware affiliates were confirmed...

  • NewsJun 5, 2026

    In Other News: Anthropic Maps AI Threats, Unpatched Comodo Flaw, Palantir Chief Eyed for CISA

    This week's cybersecurity roundup covers Anthropic's new AI threat taxonomy, an unpatched Comodo security flaw, Palantir's Alex Karp reportedly under…

  • NewsJun 3, 2026

    The U.S. Sanctions Nobitex Crypto Exchange Used by Ransomware

    The U.S. Treasury's OFAC has sanctioned Nobitex, Iran's largest cryptocurrency exchange, for facilitating payments linked to terrorist activities and…

  • NewsletterJun 3, 2026

    June 3 Digest: AI Ransomware, Netlogon RCE, Miasma Supply Chain

    An AI-generated ransomware toolkit automates EDR evasion; Windows Netlogon RCE is actively exploited on domain controllers; the Miasma campaign hits Red Hat…

  • NewsJun 2, 2026

    AI-Built Ransomware Toolkit Automates EDR Evasion and AD Discovery

    A threat actor has deployed an AI-generated ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and…

  • HOWTOJun 2, 2026

    Anatomy of a Ransomware Attack on a Canadian Ag Operation

    A composite case study of a typical 2026 ransomware incident hitting a Canadian agricultural business — from the first phishing email through full encryption…

  • NewsMay 27, 2026

    Ransomware Actors Show Up In Person to Steal Law Firm Data

    FBI warns the Silent Ransom Group is targeting law firms by physically arriving on-site and social-engineering access to sensitive client databases.

  • NewsletterMay 26, 2026

    May 26 Digest: SharePoint RCE, Megalodon CI/CD Blitz

    Microsoft patches a CVSS 8.8 SharePoint RCE; the Megalodon campaign poisons 5,561 GitHub repos in six hours; 7-Eleven's ShinyHunters breach hits 185,000; and a.

  • NewsMay 22, 2026

    ''First VPN'' Cybercrime Service Disrupted, Administrator

    The FBI and international partners have disrupted First VPN, a criminal VPN service used by dozens of ransomware groups for network reconnaissance and...

  • NewsMay 22, 2026

    First VPN Dismantled in Global Takedown Over Use by 25

    International authorities have disrupted a criminal VPN service called First VPN that was used by more than 25 ransomware groups to conceal network...

  • NewsMay 22, 2026

    Verizon DBIR 2026: Healthcare Fends Off Rising Social

    The 2026 Verizon Data Breach Investigations Report highlights how evolving social engineering tactics are making the healthcare sector more vulnerable,...

  • NewsMay 21, 2026

    Europe Dismantles VPN Service Used by Cybercriminals to Hide Ransomware Attacks

    European law enforcement has taken down First VPN, a privacy service that had been openly advertised on Russian-language cybercrime forums as a tool for...

  • NewsMay 21, 2026

    Police Seize 'First VPN' Service Used in Ransomware and Data Theft Attacks

    International law enforcement has dismantled 'First VPN,' a criminal VPN service marketed on Russian-speaking cybercrime forums and used to facilitate...

  • NewsMay 20, 2026

    Hackers Bypass SonicWall VPN MFA Due to Incomplete Patching

    Threat actors brute-forced credentials and bypassed multi-factor authentication on SonicWall Gen6 SSL-VPN appliances to deploy ransomware tools,...

  • NewsletterMay 20, 2026

    May 20 Digest: Exchange Zero-Day, Verizon DBIR, GitHub

    A Microsoft Exchange zero-day is being exploited with no patch in sight; Verizon DBIR 2026 marks a landmark shift — vulnerability exploitation now...

  • NewsMay 19, 2026

    Cybercrime Service Disrupted for Abusing Microsoft Platform

    Microsoft has disrupted a malware-signing-as-a-service operation that exploited the company's Artifact Signing service to produce fraudulent code-signing...

  • NewsMay 19, 2026

    Verizon DBIR 2026: Vulnerability Exploitation Overtakes

    Verizon's 2026 Data Breach Investigations Report reveals a landmark shift: vulnerability exploitation has surpassed credential abuse as the leading breach...

  • HOWTOMay 19, 2026

    Why Your Accountant is a Ransomware Target

    Small accounting firms in rural Alberta have become primary ransomware targets in 2025–2026. The reasons are structural: high-value data, weak security…

  • NewsMay 18, 2026

    Millions Impacted Across Several US Healthcare Data Breaches

    Multiple healthcare data breaches impacting hundreds of thousands to millions of individuals have been added to the HHS breach tracker, continuing a...

  • NewsMay 17, 2026

    Foxconn Attack Highlights Manufacturing's Cyber Crisis

    A Nitrogen ransomware attack on Foxconn's North American facilities is one of more than 600 hits on manufacturers so far in 2026, as ransomware gangs...

  • NewsMay 15, 2026

    American Lending Center Data Breach Affects 123,000

    The non-bank lender discovered a ransomware attack nearly one year ago but only recently completed its investigation, notifying over 123,000 individuals...

  • NewsMay 13, 2026

    Foxconn Confirms Cyberattack Claimed by Nitrogen Ransomware

    Foxconn, the world's largest electronics manufacturer, confirmed a cyberattack on its North American factories claimed by the Nitrogen ransomware gang,...

  • NewsMay 13, 2026

    Foxconn Confirms North American Factories Hit by Cyberattack

    Electronics manufacturing giant Foxconn has confirmed a cyberattack on its North American operations after the Nitrogen ransomware group claimed...

  • NewsMay 13, 2026

    Government to Scrutinize Instructure Over Canvas

    The House Committee on Homeland Security has demanded a briefing from Instructure, the company behind the Canvas LMS platform, after a ransomware attack...

  • NewsMay 13, 2026

    Tables Turn on 'The Gentlemen' RaaS Gang With Data Leak

    An OPSEC failure provides a rare window into the inner workings of The Gentlemen ransomware-as-a-service group, exposing their affiliate model, TTPs, and...

  • NewsMay 12, 2026

    Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65 TB Canvas Leak

    Educational technology company Instructure, parent of Canvas LMS, has reached an undisclosed 'agreement' with the ShinyHunters extortion group after a...

  • NewsMay 12, 2026

    UK Fines Water Supplier $1.3M for Exposing Data of 664K

    The UK's Information Commissioner's Office has fined South Staffordshire Water Plc and its parent company £963,900 ($1.3 million) after a cyberattack...

  • NewsMay 12, 2026

    West Pharmaceutical Services Hit by Disruptive Ransomware

    West Pharmaceutical Services, a global manufacturer of drug delivery systems and packaging, has taken systems offline worldwide after hackers exfiltrated...

  • NewsMay 12, 2026

    West Pharmaceutical Warns of Ransomware Attack Impacting

    West Pharmaceutical Services filed an SEC disclosure warning that hackers breached the company on May 4, stole data, and encrypted systems — forcing a...

  • NewsletterMay 12, 2026

    May 12 Digest: AI-Generated Zero-Day, Shai-Hulud Worm

    Google confirms the first AI-generated zero-day in the wild; TeamPCP's Mini Shai-Hulud worm hits TanStack, Mistral AI, and Guardrails AI; Instructure pays...

  • NewsMay 11, 2026

    UK Water Utility Fined £963,900 After Cl0p Lurked

    The UK's Information Commissioner's Office fined South Staffordshire Water nearly £1 million after the Cl0p ransomware group maintained undetected access...

  • NewsMay 10, 2026

    Canvas Breach Disrupts Schools & Colleges Nationwide

    A data extortion attack against Canvas LMS defaced login pages with a ransom demand, disrupting classes and coursework at school districts and...

  • NewsMay 8, 2026

    Trellix Source Code Breach Claimed by RansomHouse Hackers

    The RansomHouse threat group has claimed responsibility for the Trellix source code repository breach disclosed last week, leaking a set of proof images...

  • NewsMay 2, 2026

    Critical cPanel Flaw Mass-Exploited in 'Sorry' Ransomware

    A newly disclosed critical vulnerability in cPanel and WHM tracked as CVE-2026-41940 is being mass-exploited by ransomware actors to breach web hosting...

  • NewsMay 1, 2026

    Cyber Incident Responders Sentenced to 4 Years for Carrying

    Two cybersecurity incident responders who abused their trusted positions to secretly carry out ransomware attacks against the organizations they were...

  • NewsMay 1, 2026

    US Ransomware Negotiators Get 4 Years in Prison Over

    Two former cybersecurity incident responders from Sygnia and DigitalMint were each sentenced to four years in federal prison for leveraging their trusted...

  • NewsApr 30, 2026

    Former Incident Responders Sentenced to 4 Years for Ransomware Attacks on Clients

    Ryan Goldberg and Kevin Martin, who worked as incident responders, were sentenced to four years in federal prison after using their trusted access to...

  • NewsApr 30, 2026

    Sandhills Medical Says Ransomware Breach Affects 170,000

    Healthcare organization took nearly one year to publicly disclose a data breach after being targeted by Inc Ransom ransomware, with approximately 170,000...

  • NewsApr 29, 2026

    Vect 2.0 Ransomware Acts as Wiper Thanks to Design Error

    The emerging Vect 2.0 ransomware — deployed against TeamPCP supply chain attack victims — permanently destroys files larger than 131KB due to a critical...

  • NewsApr 29, 2026

    VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB

    Threat hunters warn that VECT 2.0 ransomware contains a critical flaw in its encryption implementation that acts more like a wiper for files over 131KB...

  • NewsApr 28, 2026

    Broken VECT 2.0 Ransomware Acts as a Data Wiper for Large

    Researchers have found that VECT 2.0 ransomware contains a critical flaw in its nonce handling that causes encryption to permanently destroy large files...

  • NewsApr 28, 2026

    Feuding Ransomware Groups Leak Each Other's Data

    When rival ransomware groups 0APT and KryBit turned on each other, they exposed infrastructure details, operational data, victim lists, and internal...

  • NewsletterApr 28, 2026

    Apr 28 Digest: Medtronic 9M Breach, GitHub RCE, LiteLLM

    ShinyHunters hits Medtronic and ADT in the same week, exposing millions of records; a critical one-push RCE lands in GitHub; LiteLLM's pre-auth SQL...

  • NewsApr 25, 2026

    CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal

    CISA has added four actively exploited vulnerabilities affecting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X routers to its Known...

  • NewsApr 23, 2026

    Trigona Ransomware Deploys Custom CLI Exfiltration Tool in Active Attacks

    Recently observed Trigona ransomware attacks are using a bespoke command-line exfiltration tool to steal data from compromised environments faster and...

  • NewsApr 22, 2026

    Former Ransomware Negotiator Pleads Guilty to BlackCat

    Angelo Martino, 41, a former employee of cybersecurity incident response firm DigitalMint, has pleaded guilty to targeting U.S. companies with BlackCat...

  • NewsApr 22, 2026

    Kyber Ransomware Gang Uses Post-Quantum Encryption to Target Windows and ESXi

    A new ransomware operation called Kyber is targeting Windows systems and VMware ESXi endpoints, with one variant implementing Kyber1024 post-quantum...

  • NewsApr 21, 2026

    Former DigitalMint Ransomware Negotiator Pleads Guilty to $75.3M Extortion Scheme

    Angelo Martino, a former ransomware payment negotiator for DigitalMint, has pleaded guilty to helping accomplish extort $75.3 million in ransom from five...

  • NewsApr 21, 2026

    Surge in Bomgar RMM Exploitation Demonstrates Supply Chain

    A critical RCE flaw in BeyondTrust Bomgar remote monitoring and management software is being actively exploited to spread ransomware and compromise...

  • NewsletterApr 21, 2026

    Apr 21 Digest: Vercel AI Tool Breach, DPRK $290M, ActiveMQ

    Vercel confirms breach through a compromised third-party AI coding tool; North Korean hackers attributed to a $290 million crypto theft; 6,400 Apache...

  • NewsApr 20, 2026

    The Backup Myth That Is Putting Businesses at Risk

    Backups protect your data, but they don't keep your business running during downtime. Understanding the difference between backup and BCDR is critical as...

  • NewsApr 20, 2026

    The Gentlemen Ransomware Now Uses SystemBC for Bot-Powered

    Researchers have discovered a SystemBC proxy botnet of over 1,570 compromised hosts linked to Gentlemen ransomware operations. The gang's affiliate is...

  • NewsApr 19, 2026

    6-Year Ransomware Campaign Targets Turkish Homes and SMBs

    A ransomware campaign operating since at least 2019 has persistently targeted Turkish home users and small-to-medium businesses, largely evading major...

  • NewsApr 18, 2026

    NAKIVO v11.2: Ransomware Defense, Faster Replication

    NAKIVO Backup & Replication v11.2 is generally available, bringing immutable backup enhancements for ransomware defense, faster replication performance,...

  • NewsApr 17, 2026

    Payouts King Ransomware Uses QEMU Virtual Machines to Bypass Endpoint Security

    The Payouts King ransomware group is deploying the QEMU open-source emulator as a covert reverse SSH backdoor, spinning up hidden virtual machines on...

  • NewsApr 17, 2026

    Ransomware Attack Still Disrupting London Healthcare Nearly

    More than 18 months after a ransomware attack crippled hospitals in South East London, at least one NHS trust is still operating without fully restored...

  • NewsApr 11, 2026

    In Other News: Cyberattack Stings Stryker, Windows

    A weekly roundup of notable cybersecurity stories: Iran-linked hackers wipe 200,000 Stryker devices, the BlueHammer Windows zero-day PoC goes public,...

  • NewsApr 10, 2026

    Dutch Hospitals Disrupted After Ransomware Hits Healthcare

    A ransomware attack on Dutch healthcare software vendor ChipSoft has forced hospitals and patients across the Netherlands offline, disrupting the HiX...

  • NewsApr 9, 2026

    Healthcare IT Provider ChipSoft Hit by Ransomware Attack

    Dutch healthcare software vendor ChipSoft has been struck by a ransomware attack, forcing the company to take its website and digital patient services...

  • NewsApr 8, 2026

    FBI: Cybercrime Losses Neared $21 Billion in 2025

    The FBI received over 1 million complaints of malicious activity in 2025, with investment scams, business email compromise, and tech support fraud causing...

  • NewsApr 7, 2026

    China-Linked Storm-1175 Chains Zero-Days for High-Velocity

    A China-based threat cluster designated Storm-1175 has been linked to high-velocity ransomware attacks deploying Medusa payloads using chained zero-day...

  • NewsApr 7, 2026

    Medusa Ransomware Is Fast to Exploit Fresh Vulnerabilities

    SecurityWeek reports that the Medusa ransomware group has developed a dangerous capability: rapidly weaponizing newly disclosed vulnerabilities —...

  • NewsApr 7, 2026

    Medusa Ransomware Exploits Zero-Days to Deploy Ransomware

    Microsoft has raised the alarm over Medusa ransomware's unprecedented operational speed, with the group now exploiting zero-day vulnerabilities before...

  • NewsApr 7, 2026

    Storm-1175 Deploys Medusa Ransomware at 'High Velocity'

    Microsoft says the financially motivated cybercrime group Storm-1175, linked to China, has exploited N-day and zero-day vulnerabilities in high-velocity...

  • HOWTOApr 7, 2026

    What Rural Alberta Businesses Get Wrong About Ransomware

    The five most common things rural Alberta business owners believe about ransomware that are wrong, expensive, and entirely fixable.

  • NewsletterApr 7, 2026

    Apr 7 Digest: Medusa Ransomware Surge, FBI $21B Record

    Storm-1175 runs sub-24-hour Medusa ransomware campaigns using zero-days; the FBI IC3 reports a record $21 billion in US cybercrime losses for 2025; North...

  • NewsApr 6, 2026

    BKA Identifies REvil Leaders Behind 130 German Ransomware

    Germany's Federal Criminal Police Office has publicly unmasked the real identity of "UNKN," the primary operator behind the now-defunct REvil and GandCrab...

  • NewsApr 6, 2026

    German Authorities Identify REvil and GandCrab Ransomware

    Germany's Federal Police have publicly named two Russian nationals as the leaders of the GandCrab and REvil ransomware operations, linking them to at...

  • NewsApr 6, 2026

    Medusa Ransomware Group Exploits Zero-Days to Strike Within

    Microsoft warns that Medusa ransomware operators are exploiting zero-day vulnerabilities approximately one week before public disclosure, enabling the...

  • NewsApr 6, 2026

    Microsoft Links Storm-1175 to Medusa Ransomware Zero-Day

    Microsoft has formally attributed Medusa ransomware zero-day attacks to Storm-1175, a China-based financially motivated cybercriminal group that has...

  • NewsApr 5, 2026

    Germany Doxes "UNKN," Head of RU Ransomware Gangs REvil

    German authorities have publicly identified the elusive "UNKN," the operator behind the GandCrab and REvil ransomware groups, as 31-year-old Russian...

  • NewsApr 4, 2026

    Evolution of Ransomware: Multi-Extortion Ransomware Attacks

    Modern ransomware has evolved far beyond simple file encryption. Multi-extortion tactics — combining encryption, data theft, and public leak threats —...

  • NewsApr 3, 2026

    Die Linke German Political Party Confirms Data Stolen by Qilin Ransomware

    The Qilin ransomware group has claimed responsibility for an attack against German political party Die Linke, forcing an IT systems outage and threatening...

  • NewsApr 3, 2026

    In Other News: ChatGPT Data Leak, Android Rootkit, Water

    This week's security stories you may have missed: a ChatGPT conversation data leak, a new Android rootkit on Google Play, a municipal water facility taken...

  • NewsApr 1, 2026

    Google Drive Ransomware Detection Now On by Default for Paying Users

    Google has announced that its AI-powered ransomware detection feature for Google Drive has reached general availability and is now enabled by default for...

  • NewsMar 31, 2026

    Iran Deploys 'Pseudo-Ransomware,' Revives Pay2Key Operations

    Iranian APT groups are increasingly blurring the lines between state-sponsored cyber espionage and financially motivated cybercrime, deploying destructive...

  • NewsMar 31, 2026

    Leak Bazaar: New Criminal Service Plans to Monetize Data

    A new underground platform called Leak Bazaar positions itself as a data-processing business, offering to monetize stolen records on behalf of ransomware...

  • NewsMar 31, 2026

    Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

    A new report reveals how industrialized credential theft has become the common thread connecting ransomware campaigns, SaaS platform breaches, and...

  • HOWTOMar 31, 2026

    Why Every Business Needs Cyber Insurance in 2026

    Cyber insurance stopped being optional for Canadian small businesses in 2024. By 2026 it's table-stakes — but most owners are walking into renewal without…

  • NewsletterMar 31, 2026

    Mar 31 Digest: Axios npm RAT, Claude Code Source Leaked

    The Axios npm library was weaponized to deliver a cross-platform RAT; Anthropic accidentally leaked Claude Code's CLI source in an npm package; Google...

  • NewsMar 29, 2026

    Foster City Declares State of Emergency After Ransomware

    A ransomware attack on March 19 paralyzed Foster City's government systems for over six days, forcing officials to declare a state of emergency while...

  • NewsMar 28, 2026

    Bearlyfy Hits Russian Firms with Custom GenieLocker

    Pro-Ukrainian hacktivist group Bearlyfy has conducted over 70 cyberattacks against Russian companies since January 2025, recently deploying a custom...

  • NewsletterMar 27, 2026

    Mar 27 Digest: EU Commission AWS Breach, DarkSword iOS

    The European Commission confirms a 350 GB AWS breach; the DarkSword iOS exploit chain goes public on GitHub threatening hundreds of millions of iPhones;...

  • NewsMar 26, 2026

    Pro-Ukraine Hacker Group Bearlyfy Targets Russian Companies

    The pro-Ukrainian hacktivist group Bearlyfy has conducted over 70 cyberattacks against Russian businesses in the past year and is escalating operations...

  • NewsletterMar 26, 2026

    Mar 26 Digest: LeakBase Admin Arrested, WebRTC Skimmer

    This week: Russian authorities detain the alleged LeakBase admin weeks after the FBI-led global crackdown on the 147,000-subscriber stolen-data...

  • NewsMar 25, 2026

    Manager of Botnet Used in Ransomware Attacks Gets 2 Years

    Ilya Angelov, co-leader of the TA551/Mario Kart cybercrime group, was sentenced to two years in prison for operating a phishing botnet that sent 700,000...

  • NewsletterMar 25, 2026

    Mar 25 Digest: DarkSword Leaks iPhone Zero-Days

    This week: the DarkSword iOS exploit chain published on GitHub threatens to democratize nation-state-grade iPhone hacking; CanisterWorm turns the Trivy...

  • NewsMar 24, 2026

    Russian Hacker Who Helped Yanluowang Ransomware Gang Gets

    Aleksei Volkov, a Russian initial access broker who sold unauthorized access to U.S. companies for the Yanluowang ransomware group, has been sentenced to...

  • NewsMar 22, 2026

    Malaysia Airlines Listed by Qilin Ransomware Group

    The Qilin ransomware-as-a-service group has listed Malaysia Airlines on its leak site, claiming access to passenger records, personnel files, and...

  • NewsMar 21, 2026

    Two US Cybersecurity Professionals Plead Guilty to BlackCat

    Former incident responder Ryan Goldberg and ransomware negotiator Kevin Martin admitted to running ALPHV/BlackCat ransomware operations against five US...

  • NewsMar 21, 2026

    Interlock Ransomware Exploited Cisco FMC Zero-Day for 36

    CVE-2026-20131, a maximum-severity CVSS 10.0 insecure deserialization flaw in Cisco Firepower Management Center, was exploited by Interlock ransomware as...

  • NewsMar 21, 2026

    Marquis Fintech Breach Exposes 672,000 Banking Customers

    Plano-based fintech vendor Marquis disclosed that a ransomware attack exploiting a SonicWall firewall vulnerability compromised Social Security numbers,...

  • NewsMar 19, 2026

    CISA Adds Zimbra XSS and SharePoint RCE to KEV; Cisco FMC

    CISA added actively exploited Zimbra Collaboration Suite and Microsoft SharePoint vulnerabilities to its Known Exploited Vulnerabilities catalog on March...

  • NewsMar 18, 2026

    Marquis Ransomware Breach: 672K People Exposed as Attack

    Texas fintech Marquis Software Solutions has confirmed a ransomware attack in August 2025 exposed data of 672,000+ individuals and disrupted operations at...

  • NewsMar 18, 2026

    Interlock Ransomware Has Been Exploiting Cisco FMC Zero-Day

    The Interlock ransomware gang has been actively exploiting a CVSS 10.0 insecure deserialization flaw in Cisco Secure Firewall Management Center since late...

  • NewsMar 17, 2026

    LeakNet Ransomware Weaponizes ClickFix and Deno Runtime for Stealthy Corporate Attacks

    The LeakNet ransomware gang is using ClickFix social engineering for initial access and a Deno-based malware loader to execute fileless payloads from...

  • NewsletterMar 17, 2026

    Mar 17 Digest: GlassWorm Poisons Python, n8n RCE Hits KEV

    This week: GlassWorm escalates with 72 malicious Open VSX extensions and a GitHub token force-push campaign poisoning hundreds of Python repos; CISA adds...

  • NewsMar 15, 2026

    Operation Synergia III: Police Sinkhole 45,000 IPs in Global Cybercrime Crackdown

    An international law enforcement operation codenamed Operation Synergia III has sinkholed 45,000 IP addresses and seized servers linked to ransomware,...

  • NewsMar 13, 2026

    England Hockey Investigating Data Breach After AiLock

    England Hockey, the national governing body for field hockey in England, is investigating a potential data breach after the AiLock ransomware group listed...

  • NewsMar 13, 2026

    Telus Digital Confirms Massive Breach After ShinyHunters

    Canadian telecom giant Telus Digital has confirmed a security incident after the ShinyHunters hacking group claimed to have stolen nearly 1 petabyte of...

  • NewsletterMar 11, 2026

    Mar 11 Digest: npm Supply Chain Seizes AWS Admin, 3.4M

    This week: UNC6426 weaponizes a stale npm supply chain compromise to seize full AWS admin in 72 hours, Cognizant TriZetto leaks 3.4 million patient...

  • NewsMar 8, 2026

    Termite Ransomware Operator Velvet Tempest Chains ClickFix

    Microsoft-tracked threat actor Velvet Tempest is deploying Termite ransomware via a ClickFix social-engineering chain that loads DonutLoader and installs...

  • NewsMar 5, 2026

    Phobos Ransomware Admin Pleads Guilty — 1,000+ Victims

    Evgenii Ptitsyn, 43, a Russian national who administered the Phobos ransomware-as-a-service operation, pleaded guilty to wire fraud conspiracy in the U.S....

  • NewsMar 1, 2026

    Former Cybersecurity Responders Plead Guilty to BlackCat Attacks

    An incident response manager and a ransomware negotiator face up to 20 years after admitting to conducting BlackCat (ALPHV) ransomware attacks against...

  • NewsFeb 25, 2026

    Ransomware Forces University of Mississippi Medical Center

    A ransomware attack detected February 19 has taken down UMMC's EPIC EMR system and forced all 35 health clinics across Mississippi to close, canceling...

  • NewsletterFeb 25, 2026

    Feb 25 Digest: Ransomware Hits Healthcare & Semiconductors

    This week: UMMC closes 35 clinics after ransomware, Advantest semiconductor supplier hit, AT&T's 2024 breach resurfaces with 148M decrypted SSNs, Diesel...

  • NewsFeb 24, 2026

    Japanese Semiconductor Giant Advantest Hit by Ransomware

    Advantest Corporation, the world's leading manufacturer of semiconductor test equipment supplying companies like TSMC, Intel, and Samsung, disclosed a...

  • NewsFeb 23, 2026

    HellCat Ransomware Group Breaches Ascom, Exfiltrates 44GB

    The HellCat ransomware group has breached Swiss enterprise communications provider Ascom by exploiting Jira credentials harvested through infostealer...

  • NewsFeb 19, 2026

    Conduent Breach Balloons to Tens of Millions of Americans

    The January 2025 ransomware attack on government technology giant Conduent continues to expand in scope, now confirmed to affect 15.4 million in Texas and...

  • NewsFeb 17, 2026

    Nova (RALord) Ransomware Group Confirmed Active with 73

    The Nova ransomware group, formerly known as RALord, has been confirmed fully operational with 73 victims across nearly every continent, employing double...

  • NewsFeb 17, 2026

    Reynolds Ransomware Embeds BYOVD Driver to Disable EDR

    A new ransomware strain called Reynolds bundles a Bring Your Own Vulnerable Driver component directly in its payload, killing EDR processes from...

  • NewsFeb 17, 2026

    Warlock Ransomware Breaches SmarterTools via Its Own

    The Warlock ransomware group exploited CVE-2026-23760, an authentication bypass zero-day in SmarterMail, to breach SmarterTools itself, compromise 12...

  • NewsFeb 15, 2026

    Ransomware in 2026: Data-Only Extortion Replaces Encryption

    With 91 publicly disclosed ransomware attacks in January 2026 alone, the ransomware landscape is shifting toward data-only extortion while healthcare...

  • NewsFeb 12, 2026

    Romania's Oil Pipeline Operator Conpet Hit by Qilin Ransomware

    The Qilin ransomware group has compromised Romania's national oil pipeline operator Conpet, exfiltrating over 1 TB of data including passports, internal...

  • NewsFeb 12, 2026

    Ransomware Attacks Surge 49% Year-Over-Year: BlackFog 2026

    BlackFog's 2025 State of Ransomware Report reveals a 49% increase in ransomware attacks year-over-year, with evolving tactics shifting toward...

  • NewsFeb 11, 2026

    Ransomware Costs Projected to Hit $74 Billion in 2026, 30%

    Cybersecurity Ventures forecasts ransomware damage costs will surge to $74 billion globally in 2026, up from $57 billion in 2025, as attacks grow more...

  • NewsFeb 10, 2026

    BridgePay Payment Gateway Knocked Offline by Ransomware

    Major U.S. payment processor BridgePay remains completely offline after a ransomware attack, forcing merchants nationwide to revert to cash-only operations.

  • SecurityFeb 10, 2026

    WinRAR Path Traversal Flaw CVE-2025-8088 Actively Exploited

    Critical path traversal vulnerability in WinRAR enables ransomware and credential theft as Russian and Chinese threat actors weaponize phishing campaigns...

  • NewsletterFeb 8, 2026

    Global Threat Intelligence & New Tools - Issue #3

    This week: state-backed espionage campaigns across 155 countries, China-linked router hijacking, ransomware surge, new security tools, and site updates.

  • NewsFeb 5, 2026

    ShinyHunters Dumps 5.1 Million Panera Bread Customer

    The ShinyHunters hacking group published a 760 MB archive of 5.1 million Panera Bread customer records on the dark web after the company refused to pay a...

  • SecurityFeb 5, 2026

    Conduent Breach Expands: 15.4 Million Texans Affected, 8TB

    Government technology provider Conduent's January 2025 ransomware breach now confirmed to affect at least 15.4 million people in Texas alone, with 8TB of...

  • SecurityFeb 5, 2026

    Iron Mountain Responds to Everest Ransomware Breach Claims

    Information management giant Iron Mountain clarifies that alleged 1.4TB breach was limited to marketing materials after single credential compromise.

  • NewsFeb 4, 2026

    The Rise of Ransomware-as-a-Service: 14 Active Platforms

    Security researchers identify 14 active RaaS platforms operating sophisticated affiliate programs, with entry costs as low as $40 per month lowering the...

  • NewsFeb 4, 2026

    Ransomware Attacks Surge in Early 2026 with 26 Claims in One Day

    Threat intelligence reports show 8 active ransomware groups claimed 26 victims on February 2nd alone, with major corporations including BASF and Honeywell...

  • HOWTOFeb 3, 2026

    Incident Response Playbook: Ransomware

    Complete ransomware incident response playbook following NIST framework. Covers detection, containment, eradication, recovery, and lessons learned.

  • NewsJan 27, 2026

    Healthcare Sector Faces Unprecedented Ransomware Surge in 2026

    Ransomware attacks against healthcare organizations have increased 67% in the first month of 2026, with multiple hospital systems reporting service disruptions.

  • NewsJan 15, 2026

    Covenant Health Ransomware Attack Impacts 478,000 Patients

    Qilin ransomware group claims responsibility for massive healthcare breach, stealing 850GB of sensitive patient data across multiple states. Initial...

  • NewsJan 5, 2026

    Cybersecurity Predictions 2026: The Hype We Can Ignore and the Real Risks

    Industry experts separate signal from noise in 2026's threat landscape. AI-powered attacks, supply chain risks, and the evolution of ransomware top the...

  • NewsJan 5, 2026

    Sedgwick Government Solutions Hit by TridentLocker

    Claims administration firm Sedgwick confirms cybersecurity incident at government subsidiary after TridentLocker ransomware group claims theft of 3.4 GB...