Topic: ransomware operations
-
AdaptixC2: The New Tool for Malicious Payload Delivery
AdaptixC2, a legitimate penetration testing tool, is now being widely misused in global ransomware campaigns, marking a shift in attacker strategies to blend in with normal software. Its adoption surged after detection signatures were publicized, linking it to the CountLoader malware and use by g...
Read More » -
Security Can't Keep Up with Modern Attackers
Cyber threats are evolving faster than defenses, with attackers constantly refining their tactics, techniques, and procedures (TTPs), creating a widening gap between their innovation and traditional security coverage. Zero-day exploits are now widely used by criminal groups, not just nation-state...
Read More » -
Clop Ransomware Group Claims Oracle Data Theft in New Extortion Emails
A sophisticated extortion campaign is targeting corporate executives with emails alleging data theft from Oracle E-Business Suite systems, tracked by security firms Mandiant and Google. Attackers, potentially linked to the Clop ransomware group and historically connected to FIN11, demand payment ...
Read More » -
SafePay ransomware leaks 3.5TB of Ingram Micro data
The SafePay ransomware group stole 3.5TB of sensitive data from Ingram Micro, a major global IT distributor, marking another high-profile attack by the increasingly notorious cybercriminal operation. SafePay has targeted over 260 organizations in 2024, using tactics like data exfiltration and enc...
Read More » -
Ukraine Arrests Admin for Suspected XSS Forum Hack
Ukrainian authorities arrested a key administrator of the cybercrime platform XSS, marking a major breakthrough in international law enforcement efforts through collaboration with French police and Europol. The suspect, linked to ransomware operations and $7 million in profits, was tracked via en...
Read More » -
Microsoft Teams Targeted by Fake IT Support Scams
A new wave of phishing attacks is exploiting Microsoft Teams, using fake IT support accounts to trick employees into installing malware that gives attackers full network control. Attackers are shifting from email to Teams due to its trusted role in business, impersonating IT staff to deploy remot...
Read More » -
Nike Probes Data Breach Following Hacker Leak
Nike is investigating a potential cybersecurity incident after the World Leaks ransomware group published a large trove of allegedly stolen internal business data online. The World Leaks group is a rebrand of the Hunters International operation, which has shifted to pure data theft and extortion,...
Read More » -
NSA-Reported VMware Flaws Patched by Broadcom
Broadcom has released critical patches for two VMware NSX vulnerabilities (CVE-2025-41251 and CVE-2025-41252) that allow unauthenticated attackers to enumerate valid usernames, posing risks of unauthorized access. Additional high-severity flaws were addressed in VMware vCenter (CVE-2025-41250) an...
Read More » -
Google Warns of Rising Cyber-Physical Attacks in Europe
Google Cloud Security forecasts a major increase in cyber-physical attacks on Europe's critical infrastructure by 2026, targeting sectors like energy, transportation, and digital systems, which threatens public safety and economic stability. State-sponsored cyber espionage from countries such as ...
Read More » -
Stop Malicious PowerShell with New ExtraHop Security Tools
ExtraHop has introduced new security enhancements to detect and neutralize malicious PowerShell activity, which attackers use to operate stealthily within networks by blending in with normal administrative tasks. The platform integrates detection mechanisms that identify specific malicious behavi...
Read More » -
Google Warns of New AI-Powered Malware Threat
Google has identified a new generation of AI-powered malware, such as PromptFlux and PromptSteal, that dynamically rewrites its own code to evade detection, using modules like the 'Thinking Robot' to query AI models for new evasion tactics. State-sponsored threat actors from China, Iran, and Nort...
Read More » -
Red Hat Breach Worsens as ShinyHunters Demands Ransom
The ShinyHunters group is publicly extorting Red Hat after a breach exposed 570GB of data, including sensitive customer reports, and has threatened to release all data by October 10th if ransom demands are not met. ShinyHunters operates an Extortion-as-a-Service model, taking a 25–30% cut of rans...
Read More » -
Revil Ransomware Members Freed After Serving Time for Carding
Four REvil members were freed by Russian courts after their pretrial detention counted toward their sentences for financial cybercrimes, despite originally receiving five-year terms. REvil, a notorious ransomware group, extorted over $100 million and executed a high-profile attack in 2021, prompt...
Read More »