Ransomware's Fragmentation Reaches a Breaking Point While LockBit Returns
Key Takeaways: 85 active ransomware and extortion groups observed in Q3 2025, reflecting the most decentralized ransomware ecosystem to date.…
Ransomware Defense Using the Wazuh Open Source Platform
Ransomware is malicious software designed to block access to a computer system or encrypt data until a ransom is paid. This cyberattack is one…
Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack
The ransomware group known as Qilin (aka Agenda, Gold Feather, and Water Galura) has claimed more than 40 victims every month since the start…
ThreatsDay Bulletin: $176M Crypto Fine, Hacking Formula 1, Chromium Vulns, AI Hijack & More
Criminals don’t need to be clever all the time; they just follow the easiest path in: trick users, exploit stale components, or abuse…
Capita to pay £14 million for data breach impacting 6.6 million people
The Information Commissioner’s Office (ICO) in the UK has fined Capita, a provider of data-driven business process…
Harvard investigating breach linked to Oracle zero-day exploit
Harvard University is investigating a data breach after the Clop ransomware gang listed the school on its data leak site, saying the alleged…
Ransomware crims that exploited SharePoint 0-days add Velociraptor to their arsenal
The ransomware gang caught exploiting Microsoft SharePoint zero-days over the summer has added a new tool to its arsenal: Velociraptor, an…
ShinyHunters Wage Broad Corporate Extortion Spree
A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has…
Clop exploited Oracle zero-day for data theft since early August
The Clop ransomware gang has been exploiting a critical Oracle E-Business Suite (EBS) zero-day bug in data theft attacks since at least early…
Qilin Ransomware Gang Claims Asahi Cyber-Attack
The Qilin ransomware group has claimed responsibility for the cyber-attack on Japan’s Asahi Group and says it has stolen sensitive data…
Cl0p-Linked Gang Attempts to Extort Oracle E-Business Customers
Cybersecurity experts are on high alert as a group claiming ties to the infamous Cl0p ransomware gang is bombarding companies with emails that…
Oracle links Clop extortion attacks to July 2025 vulnerabilities
Oracle has linked an ongoing extortion campaign claimed by the Clop ransomware gang to E-Business Suite (EBS) vulnerabilities that were…
Clop extortion emails claim theft of Oracle E-Business Suite data
Mandiant and Google are tracking a new extortion campaign where executives at multiple companies received emails claiming that sensitive data…
Ransomware gang sought BBC reporter’s help in hacking media giant
Threat actors claiming to represent the Medusa ransomware gang tempted a BBC correspondent to become an insider threat by offering a…
New LockBit Ransomware Variant Emerges as Most Dangerous Yet
Trend Micro has identified a new LockBit ransomware variant that is “significantly more dangerous” than previous versions and is being…
Critical CVSS 10 Flaw in GoAnywhere File Transfer Threatens 20,000 Systems
Thousands of companies using Fortra’s GoAnywhere Managed File Transfer (MFT) solution are facing an immediate threat of full system…
SonicWall releases SMA100 firmware update to wipe rootkit malware
SonicWall has released a firmware update that can help customers remove rootkit malware deployed in attacks targeting SMA 100 series devices.…
Kawa4096: A New Ransomware Group with Akira-Style Branding and Qilin-Like Notes
In June 2025, a new ransomware group known as Kawa4096 surfaced, launching disruptive attacks against multinational organizations in finance,…
Unpatched Fortra GoAnywhere instances at risk of full takeover (CVE-2025-10035)
If you’re running Fortra’s GoAnywhere managed file transfer solution and you haven’t updated to the latest available version…
WannaCry Ransomware: A DFIR & SOC Monitoring Lab Walkthrough
Hello fellow defenders, I hope you are having a great day. In this article, I’m going to show you how you can make a cybersecurity home…
Fortra warns of max severity flaw in GoAnywhere MFT’s License Servlet
Fortra has released security updates to patch a maximum severity vulnerability in GoAnywhere MFT's License Servlet that can be exploited in…
UK arrests 'Scattered Spider' teens linked to Transport for London hack
Two teenagers, believed to be linked to the August 2024 cyberattack on Transport for London, have been arrested in the United Kingdom.…
NCA Singles Out “The Com” as it Chairs Five Eyes Group
The UK’s leading serious and organized crime agency has said it will harness the full force of law enforcement across Five Eyes countries to…
WatchGuard warns of critical vulnerability in Firebox firewalls
WatchGuard has released security updates to address a remote code execution vulnerability impacting the company's Firebox firewalls. Tracked…
SonicWall warns customers to reset credentials after breach
SonicWall warned customers today to reset credentials after their firewall configuration backup files were exposed in a security breach that…
New FileFix attack uses steganography to drop StealC malware
A newly discovered FileFix social engineering attack impersonates Meta account suspension warnings to trick users into unknowingly installing…
Phishing Campaigns Drop RMM Tools for Remote Access
Malicious actors are using multiple lures in new phishing campaigns designed to install remote monitoring and management (RMM) software onto…
New HybridPetya Weaponizing UEFI Vulnerability to Bypass Secure Boot on Outdated Systems
In late July 2025, a series of ransomware samples surfaced on VirusTotal under filenames referencing the notorious Petya and NotPetya attacks.…
HybridPetya: More proof that Secure Boot bypasses are not just an urban legend
A new ransomware strain dubbed HybridPetya was able to exploit a patched vulnerability to bypass Unified Extensible Firmware Interface (UEFI)…
Akira ransomware exploiting critical SonicWall SSLVPN bug again
The Akira ransomware gang is actively exploiting CVE-2024-40766, a year-old critical-severity access control vulnerability, to…
SonicWall SSL VPN Flaw and Misconfigurations Actively Exploited by Akira Ransomware Hackers
Threat actors affiliated with the Akira ransomware group have continued to target SonicWall devices for initial access. Cybersecurity firm…
Ukrainian Ransomware Fugitive Added to Europe’s Most Wanted
A 28-year-old Ukrainian has been added to a list of Europe’s most wanted fugitives for alleged participation in LockerGoga ransomware attacks.…
ACSC Warns Of Sonicwall Access Control Vulnerability Actively Exploited In Attacks
The Australian Cyber Security Centre (ACSC) has issued a critical alert regarding a severe access control vulnerability in…