Cybersecurity analysts have raised alarms about a ransomware operation known as VECT 2.0, which behaves more like a destructive wiper than traditional ransomware. A major flaw in its encryption logic causes permanent data loss, even if victims decide to pay the ransom. Ransomware That Cannot Restore Data Unlike typical ransomware, VECT 2.0 fails to properly […]
Cybersecurity researchers have uncovered new evidence connecting a large-scale botnet to the rapidly growing ransomware group known as The Gentlemen. The discovery reveals that attackers are leveraging the SystemBC proxy malware to strengthen their operations and expand their reach globally. Large Botnet Discovered Through SystemBC Server A recent investigation by cybersecurity firm Check Point exposed
A cyber threat group associated with China, identified as Storm-1175, has been observed conducting rapid and highly coordinated cyberattacks by exploiting both undisclosed (zero-day) and known (N-day) vulnerabilities. The group is primarily focused on deploying Medusa ransomware across compromised systems. Security researchers from Microsoft Threat Intelligence report that the attackers are capable of executing high-speed intrusions, often breaching systems within
A pro-Ukraine hacking group has intensified its cyber operations against Russian businesses, deploying a newly developed ransomware strain to maximize disruption and financial gain. The group, known as Bearlyfy, has rapidly evolved into a serious threat actor since emerging in early 2025. Rapid Rise of a Dual-Purpose Threat Actor Since its appearance, Bearlyfy has been linked
Bearlyfy Targets Russian Firms with Custom GenieLocker Ransomware Read More »
A Russian cybercriminal has been sentenced in the United States for his involvement in operating a botnet that played a key role in launching ransomware attacks against multiple organizations. Authorities confirmed that Ilya Angelov, aged 40 and originally from Tolyatti, received a two-year prison sentence along with a $100,000 fine. He was known online by aliases such as “milan”
Russian Hacker Sentenced to 2 Years for TA551 Botnet Ransomware Attacks Read More »
A U.S. federal court has sentenced a 26-year-old Russian national, Aleksei Olegovich Volkov, to 6.75 years in prison for his involvement in facilitating ransomware attacks that caused millions in damages. The case highlights the growing role of cybercrime networks and initial access brokers in enabling large-scale ransomware operations targeting organizations worldwide. Key Role in Ransomware Attacks
U.S. Sentences Russian Hacker to 6.75 Years in Prison for $9M Ransomware Scheme Read More »
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding the active exploitation of critical vulnerabilities affecting Zimbra Collaboration Suite (ZCS) and Microsoft Office SharePoint. The agency has urged organizations, especially government entities, to immediately apply security patches to mitigate risks. Actively Exploited Vulnerabilities The two vulnerabilities highlighted by CISA include: CISA
Amazon Threat Intelligence has issued a warning regarding an active Interlock ransomware campaign exploiting a critical zero-day in Cisco Secure Firewall Management Center (FMC) software. The vulnerability, CVE-2026-20131 (CVSS 10.0), stems from insecure deserialization of user-supplied Java byte streams, enabling unauthenticated attackers to execute arbitrary Java code as root. According to Amazon’s MadPot global sensor
Interlock Ransomware Exploits Cisco FMC Zero Day CVE-2026-20131 to Gain Root Access Read More »
Cybersecurity researchers have identified a new attack technique used by the ransomware group LeakNet that combines social engineering with a memory based malware loader. The group is now leveraging the ClickFix tactic through compromised websites to gain initial access to victim systems. According to analysis published by ReliaQuest, the campaign represents a strategic change in
LeakNet Ransomware Uses ClickFix on Hacked Sites to Deploy Deno In Memory Loader Read More »
Cybersecurity experts have revealed a new AI-assisted malware strain named Slopoly, reportedly used by the financially motivated threat actor Hive0163 to maintain long-term access in ransomware attacks. IBM X-Force researcher Golo Mühr commented, “Although still relatively unsophisticated, AI-generated malware like Slopoly demonstrates how easily attackers can leverage artificial intelligence to accelerate malware development.” Overview of Hive0163 Operations Hive0163