INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023
Cybersecurity researchers have charted the evolution of INC from an nascent ransomware-as-a-service (RaaS) operation to one of the most…
Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline
A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials.…
⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More
Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running…
ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More
Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy…
Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company's Artifact Signing system…
⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More
Everything is dumb again. This week feels broken in a very familiar way. Old tricks are back. New tools are doing shady crap. Supply chains…
LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader
The ransomware operation known as LeakNet has adopted the ClickFix social engineering tactic delivered through compromised websites as an…
ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories
Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an…
Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools
Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring…
ThreatsDay Bulletin: New RCEs, Darknet Busts, Kernel Bugs & 25+ More Stories
This week's updates show how small changes can create real problems. Not loud incidents, but quiet shifts that are easy to miss until they add…
⚡ Weekly Recap: USB Malware, React2Shell, WhatsApp Worms, AI IDE Bugs & More
It's been a week of chaos in code and calm in headlines. A bug that broke the internet's favorite framework, hackers chasing AI tools, fake…
⚡ Weekly Recap: Fortinet Exploited, China's AI Hacks, PhaaS Empire Falls & More
This week showed just how fast things can go wrong when no one's watching. Some attacks were silent and sneaky. Others used tools we trust…
ThreatsDay Bulletin: AI Tools in Malware, Botnets, GDI Flaws, Election Attacks & More
Cybercrime has stopped being a problem of just the internet — it's becoming a problem of the real world. Online scams now fund organized…
SonicWall Confirms State-Sponsored Hackers Behind September Cloud Backup Breach
SonicWall has formally implicated state-sponsored threat actors as behind the September security breach that led to the unauthorized exposure…
Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks
The open-source command-and-control (C2) framework known as AdaptixC2 is being used by a growing number of threat actors, some of whom are…
The Death of the Security Checkbox: BAS Is the Power Behind Real Defense
Security doesn't fail at the point of breach. It fails at the point of impact. That line set the tone for this year's Picus Breach and…
ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising
The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact…
Critical RCE Flaws CVE-2025-48983 & CVE-2025-48984 (CVSS 9.9) Found in Veeam Backup & Replication
Veeam Software has released patches addressing three newly disclosed , including two critical Remote Code Execution (RCE) in Veeam Backup…
Experts Warn of Widespread SonicWall VPN Compromise Impacting Over 100 Accounts
Cybersecurity company Huntress on Friday warned of "widespread compromise" of SonicWall SSL VPN devices to access multiple customer…
Threat Actors Exploiting SonicWall SSL VPN Devices in Wild to Deploy Akira Ransomware
Threat actors have reemerged in mid-2025 leveraging previously disclosed vulnerabilities in SonicWall SSL VPN appliances to deploy Akira…
Exploited Zero-Day: Gladinet/Triofox Flaw CVE-2025-11371 Allows RCE via LFI
Huntress has sounded the alarm over active exploitation of a newly discovered Local File Inclusion (LFI) in Gladinet CentreStack and Triofox…
LockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware Ecosystem
Three prominent ransomware groups DragonForce, LockBit, and Qilin have announced a new strategic ransomware alliance, once underscoring…
Microsoft: Critical GoAnywhere bug exploited in ransomware attacks
A cybercrime group, tracked as Storm-1175, has been actively exploiting a maximum severity GoAnywhere MFT vulnerability in Medusa ransomware…
Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More
The cyber world never hits pause, and staying alert matters more than ever. Every week brings new tricks, smarter attacks, and fresh lessons…
⚡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More
The cyber world never hits pause, and staying alert matters more than ever. Every week brings new tricks, smarter attacks, and fresh lessons…
Scanning of Palo Alto Portals Surges 500%
Security experts have observed a massive increase in reconnaissance activity targeted at login portals for Palo Alto Networks products.…
Week in review: Many Cisco ASA firewalls still unsecure, hackers claim Red Hat’s GitLab breach
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Keeping the internet afloat: How…
Akira ransomware: From SonicWall VPN login to encryption in under four hours
Four hours or less: that’s how long it takes for Akira affiliates to break into organizations and deploy the ransomware on their…
Weekly Recap: Cisco 0-Day, Record DDoS, LockBit 5.0, BMC Bugs, ShadowV2 Botnet & More
Cybersecurity never stops—and neither do hackers. While you wrapped up last week, new attacks were already underway. From hidden…
SonicWall SSL VPN Attacks Escalate, Bypassing MFA
Security experts have warned of a surge in malicious activity from Akira ransomware actors targeted at victims running SonicWall SSL VPN…
Akira Ransomware Exploits SonicWall VPN Accounts With Lightning-Fast Intrusions
Akira ransomware Leaksite Arctic Wolf has observed a major uptick in Akira ransomware activity since late July 2025, with attackers…
Akira ransomware breaching MFA-protected SonicWall VPN accounts
Ongoing Akira ransomware attacks targeting SonicWall SSL VPN devices continue to evolve, with the threat actors found to be successfully…
Threat Actors Exploiting SonicWall Firewalls to Deploy Akira Ransomware Using Malicious Logins
A new wave of cyberattacks targeting organizations using SonicWall firewalls has been actively deploying Akira ransomware since late July…
2025 Ransomware Trends: How Australia’s Wealth Makes It a Prime Target
Australia’s strong economy and high per-capita wealth have made it a prime target for ransomware groups, with the country facing a…
How One Bad Password Ended a 158-Year-Old Business
Most businesses don't make it past their fifth birthday - studies show that roughly 50% of small businesses fail within the first five years.…
SonicWall releases rootkit-busting firmware update following wave of attacks
SonicWall on Monday released a firmware update that the security vendor says will remove rootkit malware deployed in recent attacks targeting…
22 Vulnerabilities Under Attack – And Another That Could Be
Cyble researchers detailed 22 vulnerabilities under active attack in a blog post today – and nine of them aren’t in CISA’s…
OnePlus leaves researchers on read over Android bug that exposes texts
Security researchers report that OnePlus smartphone users remain vulnerable to a critical bug that allows any application to read SMS and MMS…
SonicWall releases SMA100 firmware update to wipe rootkit malware
SonicWall has released a firmware update that can help customers remove rootkit malware deployed in attacks targeting SMA 100 series devices.…
Attacker Breakout Time Falls to 18 Minutes
Threat actors are accelerating their attacks and adopting innovative new ways to circumvent endpoint detection mechanisms, according to a new…
Kawa4096: A New Ransomware Group with Akira-Style Branding and Qilin-Like Notes
In June 2025, a new ransomware group known as Kawa4096 surfaced, launching disruptive attacks against multinational organizations in finance,…
SonicWall Urges Password Resets After Cloud Backup Breach Affecting Under 5% of Customers
SonicWall is urging customers to reset credentials after their firewall configuration backup files were exposed in a security breach impacting…