Topic: ransomware attacks
-
October 2025 Threat Report: Barracuda SOC Insights
Akira ransomware is exploiting unpatched SonicWall VPN vulnerabilities (CVE-2024-40766), bypassing multi-factor authentication through stolen credentials and encrypting data rapidly. Attackers are increasingly using Python scripts to automate and disguise malicious activities, such as deploying p...
Read More » -
Microsoft Thwarts Ransomware Attack on Teams Users
Microsoft invalidated over 200 fraudulent digital certificates to disrupt a ransomware campaign that used fake Teams installers, blocking the Rhysida ransomware's distribution network in early October. The attack, orchestrated by the Vanilla Tempest group, involved malvertising and spoofed websit...
Read More » -
Unpatched Cisco Firewalls, Red Hat's GitLab Breached by Hackers
Cybersecurity threats are intensifying due to unpatched devices and supply chain compromises, as seen in attacks on Cisco firewalls and Red Hat, highlighting the need for timely updates and third-party risk management. Global infrastructure, including undersea cables, is increasingly vulnerable t...
Read More » -
Akira Ransomware Bypasses MFA to Breach SonicWall VPNs
Akira ransomware is bypassing multi-factor authentication on SonicWall SSL VPN devices, likely using stolen OTP seeds to generate valid tokens despite security patches. Attackers exploit the CVE-2024-40766 vulnerability to steal credentials, which they reuse even on patched systems, gaining rapid...
Read More » -
Google's AI Ransomware Defense Has Critical Limits
Google has introduced an AI-powered defense for its Drive desktop application that detects ransomware behavior in real-time and stops cloud synchronization to prevent widespread infection. This feature acts as a supplementary security layer, using an AI model trained on millions of ransomware-enc...
Read More » -
Akira Ransomware: 4 Hours from VPN Login to Total Encryption
Akira ransomware attacks can achieve full network encryption in as little as four hours after initial VPN access, leaving organizations with a very narrow window for detection and response. Attackers exploit stolen SonicWall VPN credentials and bypass multi-factor authentication to systematically...
Read More » -
Ransomware Hackers Exploit Misconfigured EDR to Disable Security
Modern ransomware groups exploit minor security oversights, such as human error and misconfigurations, to bypass multi-factor authentication and disable critical defenses like EDR systems. Attackers used a variety of tools, including common utilities and legitimate Windows drivers, to disable sec...
Read More » -
2025's Top Cyber Threats: Ransomware, Outages & AI Attacks
The 2025 digital threat landscape is dominated by sophisticated ransomware, third-party vendor disruptions, and AI-driven social engineering campaigns. AI is amplifying social engineering attacks, making them more convincing and accounting for over half of cyber claims and losses in early 2025. R...
Read More » -
Akira Ransomware Exploits SonicWall Firewalls to Breach Organizations
SonicWall firewalls are still being exploited by Akira ransomware affiliates due to unpatched vulnerabilities and misconfigurations, including CVE-2024-40766 and SSLVPN settings. Attackers gain initial access through SSLVPN, escalate privileges, and deploy ransomware after exfiltrating data and d...
Read More » -
AI Transforms Enterprise Ransomware Defense Strategies
Ransomware attacks are increasing globally, with 70% of organizations reporting incidents, but fewer are paying ransoms (down from 76% to 57%), as cybercriminals now often threaten data exposure even after payment. Paying ransoms no longer ensures data recovery, with 25% of organizations failing ...
Read More » -
Proactive Risk Management: Outsmarting Emerging Threats
Global 2000 companies lose an average of $200 million annually due to unplanned downtime from system failures and cyber incidents, which also damage customer trust and operational efficiency. Recent high-profile cyberattacks, such as those on Change Healthcare and CDK Global in 2024, caused massi...
Read More » -
Security Researchers Uncover New LockBit Ransomware Targets
The LockBit ransomware group has officially resumed operations in late summer 2025, with at least a dozen new victims confirmed across multiple continents, indicating their infrastructure and affiliate network are fully functional again. A new LockBit 5.0 variant is being used in half of the rece...
Read More » -
Microsoft GoAnywhere Bug Fuels Medusa Ransomware Attacks
A critical vulnerability (CVE-2025-10035) in Fortra's GoAnywhere platform allows unauthenticated attackers to execute remote code, prompting urgent patching and removal of internet exposure. The flaw was exploited as a zero-day by Storm-1175, who used legitimate tools for reconnaissance and deplo...
Read More » -
Hackers Now Use RMM Tools for Phishing Attacks
Threat actors are using legitimate remote monitoring and management (RMM) software to gain unauthorized access to devices through deceptive tactics like fake browser updates and fraudulent meeting invitations. These attacks leverage trusted platforms such as ITarian, PDQ, and Atera to establish c...
Read More » -
Senator Accuses Microsoft of "Gross Cybersecurity Negligence"
Senator Ron Wyden has called for a federal investigation into Microsoft's cybersecurity practices, citing negligence that has left critical infrastructure vulnerable to attacks. Wyden specifically highlighted a ransomware attack on Ascension Health, where hackers exploited a vulnerability via a m...
Read More » -
Cybercriminals Target Drug Formulas and Patient Data
Cybercriminals target pharmaceutical companies for valuable clinical trial data, patient records, and proprietary formulas, posing significant financial and public health risks. Data breaches in the sector average $4.61 million per incident, with ransomware and third-party vulnerabilities leading...
Read More » -
Sen. Wyden Demands FTC Probe Into Ascension Ransomware Attack
Senator Ron Wyden has requested an FTC investigation into Microsoft's cybersecurity practices following a ransomware attack on Ascension that compromised 5.6 million patients' data. The breach was enabled by a contractor clicking a malicious link and attackers exploiting Microsoft's default confi...
Read More » -
SonicWall warns admins: Disable SSLVPN now to stop attacks
SonicWall has issued an urgent alert to disable SSLVPN services due to potential zero-day exploits targeting Gen 7 firewalls, with ransomware attacks bypassing multi-factor authentication. Security researchers suspect an unpatched flaw in SonicWall’s SSL VPN technology, advising immediate mitigat...
Read More » -
Infostealer Attacks Surge 800% - Protect Your Credentials Now
Identity-based attacks are surging, with 1.8 billion stolen credentials in early 2025, an 800% increase, highlighting the need for stronger defenses like multi-factor authentication (MFA). Over 20,000 new vulnerabilities were disclosed, with 12,200 not yet in the National Vulnerability Database (NV...
Read More » -
Cognizant and Rubrik Partner to Deliver Business Resilience-as-a-Service
Cognizant and Rubrik have launched a Business Resilience-as-a-Service (BRaaS) solution, offering a flexible, subscription-based model to help enterprises recover from cyberattacks and ensure operational continuity. The rise of AI increases IT complexity and expands the attack surface, necessitati...
Read More » -
Patient Safety at Risk: The Hidden Cost of Hospital Hacks
Nearly all U.S. healthcare organizations experienced multiple cyberattacks in the past year, primarily involving ransomware, cloud account takeovers, and supply chain compromises, posing a direct threat to patient safety. These cyber incidents severely disrupt patient care, with 72% of providers ...
Read More » -
Cybercrime Crisis: Developing Economies Lag Behind
Developing economies face disproportionate cybercrime impacts due to underinvestment in cybersecurity, viewing it as a luxury rather than a necessity, which leads to vulnerabilities and attracts individuals to illicit activities as an economic alternative. Africa experiences a sharp rise in cyber...
Read More » -
Ransomware Gangs Now Exploiting Critical Linux Flaw
A critical Linux kernel vulnerability (CVE-2024-1086) is now being actively exploited by ransomware gangs, allowing attackers to gain complete control over affected systems. The flaw enables local privilege escalation to root access, permitting attackers to disable security, deploy malware, and s...
Read More » -
Oceania's Tech Pros Brace for AI Risks, Rules, and Resilience
Technology leaders in Australia and New Zealand are prioritizing AI risks, sophisticated cyber threats, and regulatory demands for 2026, amid workforce shortages and rapid technological change. Generative AI and large language models are the dominant technology trend, yet only 8% of organizations...
Read More » -
Legit Tools Turned Malicious: Velociraptor and Nezha Weaponized
Legitimate open-source tools Velociraptor and Nezha are being weaponized by threat actors to maintain access, evade detection, and deploy ransomware or malware on enterprise systems. A China-linked ransomware group exploited an outdated Velociraptor version with a privilege escalation flaw to dep...
Read More » -
Healthcare Breach Hits 600k, ShinyHunters Strike, DeepSeek Bias Exposed
Healthcare and luxury brands face significant cybersecurity threats, with major breaches at Goshen Medical Center and Kering-owned fashion labels exposing sensitive data of hundreds of thousands. Critical software vulnerabilities, such as Chaotic Deputy in Chaos-Mesh, and AI-generated code biases...
Read More » -
The Unseen Threat: Why Maritime Cybersecurity is the Next Big Risk
The global shipping industry, responsible for over 80% of world trade, faces increasing cyber threats due to its reliance on digital systems, which introduce vulnerabilities that can lead to operational disruptions, safety risks, and environmental damage. Key vulnerabilities include the lack of i...
Read More » -
Cybersecurity Journey: From Data Recovery to Battling Ransomware
The shift from data recovery to cybersecurity reflects the growing threat of ransomware, which disrupts operations and demands proactive defense strategies over reactive fixes. Modern cybersecurity requires skills like ransomware mitigation and secure data recovery, emphasizing prevention and tre...
Read More » -
Bolster Defenses Against Scattered Spider Attacks, Experts Warn
The Scattered Spider hacking group poses a severe threat to businesses by using sophisticated methods like social engineering and ransomware, requiring immediate improvements in identity management, security processes, and third-party risk management. Their attack strategy often starts with vishi...
Read More » -
Small Business Cyber Insurance Demand Jumps 50%
Small business cyber insurance adoption surged 50% in one year and 85% over three years, reflecting a major shift in risk management strategies. The increase is driven by growing awareness of cyberattacks' devastating financial impacts, including operational costs, legal fees, and reputational da...
Read More » -
Chrome 0-Day Patched, npm Attack, LinkedIn AI Data Scandal
A large majority (89%) of enterprise AI usage is undetected by IT and security teams, posing significant data privacy and compliance risks. Security experts emphasize the importance of engineering-driven protection and secure-by-design approaches over mere compliance checkboxes. Emerging threats ...
Read More » -
Microsoft to Remove WMIC Tool After Windows 11 25H2 Update
Microsoft is removing the WMIC tool starting with the Windows 11 25H2 update, as part of a planned shift to modern management tools. IT administrators are advised to transition to PowerShell and other programmatic alternatives for WMI-related tasks, while the underlying WMI infrastructure remains...
Read More » -
Interpol Seizes $97M in Major African Cybercrime Bust
A major international law enforcement effort has resulted in the seizure of nearly $100 million and the arrest of more than 1,200 suspects across Africa in one of the largest cybercrime crackdowns in recent history. The operation, known as Operation Serengeti 2.0, united authorities from ...
Read More » -
US Treasury Sanctions North Korea for IT Worker Malware Plot
Treasury has imposed sanctions on a North Korean cyber operative involved in a sophisticated scheme using fake identities to infiltrate American companies and fund Pyongyang’s weapons programs.** The move targets **Song Kum Hyok**, a key member of the **Andariel hacking group**, known for orchest...
Read More » -
Businesses Seek AI Gains Without the Security Risks
European IT experts predict AI-driven cyber threats and deepfakes will be a major concern in 2026, with organizations largely unprepared for these risks. AI is viewed as both a significant threat and a transformative opportunity, with generative AI and predictive analytics leading technology tren...
Read More » -
Semperis Unifies Identity Recovery for Faster Cyber Response
Semperis has launched Ready1 for Identity Crisis Management, a no-cost offering that integrates its identity recovery tools with a structured crisis management system to help businesses quickly resume operations after identity attacks. The platform provides automated features like a command-and-c...
Read More » -
NCA Chairs Five Eyes Group, Singles Out "The Com"
The UK's National Crime Agency now leads the Five Eyes Law Enforcement Group, focusing on combating digital threats and dismantling criminal networks like "The Com." "The Com" is a dangerous online network involved in cybercrime, financial laundering, child exploitation, and links to groups like ...
Read More » -
Jaguar Land Rover Faces $2.5 Billion Cyberattack Fallout
The cyberattack on Jaguar Land Rover is the UK's most financially damaging cyber incident, costing the nation an estimated £1.9 billion and disrupting over 5,000 organizations. The attack forced a month-long production shutdown, leading to a £1.5 billion government loan guarantee to help the comp...
Read More » -
Microsoft Fights 100 Trillion AI Attacks Daily
Microsoft processes over 100 trillion security signals daily, indicating a massive surge in AI-powered cyberattacks that threaten economic stability and personal safety. AI is dual-use, enabling both advanced cyberattacks like autonomous malware and faster defenses, with identity-based attacks an...
Read More » -
NCSC: Senior Execs Unprepared for Cyber-Attacks
UK government and security officials are urging business leaders to take immediate ownership of cybersecurity, emphasizing it is a top-level responsibility and not just a middle-management issue. Senior executives, including CEOs and board members, are ultimately accountable for leading crisis ma...
Read More » -
The Energy Sector's Urgent Cybersecurity Crisis
The global energy sector is increasingly targeted by sophisticated cyberattacks, threatening power grids, national security, and economic stability due to rising electricity demand and vulnerabilities. Recent incidents, including a blackout in Spain and Portugal and attacks by groups like Sandwor...
Read More » -
2025 Fraud Trends: Rising Risks for Online Retailers
The eCommerce sector is experiencing a surge in fraudulent activities driven by financial pressures, geopolitical instability, and evolving cyber threats, requiring urgent action from retailers. Emerging fraud trends include remote access attacks, card testing, and loyalty program exploitation, w...
Read More » -
AI Social Engineering: Top Cyber Threat by 2026, ISACA Finds
AI-driven social engineering is identified as the top cybersecurity threat for 2026, using AI to create convincing deceptive communications that are hard to detect, surpassing ransomware and supply chain attacks. Organizations feel underprepared for AI risks, with only 13% very prepared, and many...
Read More » -
US Government Shutdown Cuts Cybersecurity Staff
The US government shutdown has drastically reduced staffing at key cybersecurity agencies, with CISA losing 65% of its personnel and NIST retaining only 34%, severely limiting national digital defense capabilities. Critical cybersecurity functions are impaired, including vulnerability management,...
Read More » -
PQC Adoption, Android Spyware, and FEMA Data Breach: Key Updates
Microsoft has enhanced its security products with AI-ready Sentinel and Security Copilot, enabling automated threat response and easier deployment through the Microsoft Security Store. Insider threats and data breaches were highlighted, including a bribery attempt on a BBC journalist and breaches...
Read More » -
Get FREE Cybersecurity For Dummies, 3rd Edition eBook Now
The digital world faces constant sophisticated cyber threats like ransomware, data breaches, and social engineering scams, posing risks to individuals and organizations. "Cybersecurity For Dummies, 3rd Edition" by Joseph Steinberg offers clear, practical advice on personal and organizational secu...
Read More » -
Palo Alto Portal Scans Skyrocket 500%
GreyNoise reported a 500% surge in reconnaissance scans targeting Palo Alto Networks login interfaces, with 1,300 distinct IPs detected on October 3rd, primarily originating from the United States. Similar scanning campaigns have targeted other remote access services like Cisco ASA, with shared c...
Read More » -
Clop Hackers Use Oracle Zero-Day to Steal Executive Data
Oracle has patched a critical zero-day vulnerability (CVE-2025-61882) in its E-Business Suite, which hackers exploited to steal sensitive personal data from corporate executives without needing login credentials. The hacking group Clop has been linked to this mass exploitation campaign, sending e...
Read More » -
Google Denies Widespread Gmail Data Breach Rumors
Google has officially denied a new Gmail data breach, clarifying that recent reports stem from misinterpreted collections of old stolen credentials and not a new security incident. The confusion arose when a large set of 183 million compromised credentials from various sources was added to a cybe...
Read More » -
Sotheby's Data Breach Exposes Client Financial Data
Sotheby's confirmed a significant data breach on July 24, 2025, involving the theft of confidential employee information, including full names, Social Security numbers, and financial account details. The company conducted a two-month investigation and is offering affected individuals a compliment...
Read More »
