Ransomware

STAC6565 Focuses on Canada in Most Attacks While Gold Blade Spreads QWCrypt Ransomware

Canadian organizations have become the primary focus of a targeted cyber campaign led by the threat cluster STAC6565. Cybersecurity company Sophos investigated nearly 40 intrusions linked to the group between February 2024 and August 2025, finding strong overlaps with the hacking group Gold Blade, also tracked under names such as Earth Kapre, RedCurl, and Red […]

STAC6565 Focuses on Canada in Most Attacks While Gold Blade Spreads QWCrypt Ransomware Read More »

Storm 0249 Amplifies Ransomware Attacks Using ClickFix, Fileless PowerShell, and DLL Sideloading

The threat actor identified as Storm 0249 is expanding its tactics beyond its previous role as an initial access broker and is now deploying more advanced intrusion methods that include domain spoofing, DLL sideloading, and fileless PowerShell execution. These upgraded techniques are being used to support ransomware operations targeting enterprise networks. In research shared with

Storm 0249 Amplifies Ransomware Attacks Using ClickFix, Fileless PowerShell, and DLL Sideloading Read More »

Qilin ransomware exploits South Korean MSP breach, leaking data of 28 victims

A major cyber incident has struck South Korea’s financial sector after a sophisticated supply chain attack enabled the deployment of Qilin ransomware. The intrusion unfolded through a compromised Managed Service Provider, allowing attackers to infiltrate multiple organizations simultaneously. Cybersecurity company Bitdefender reported that this operation blended the expertise of the notorious Ransomware as a Service

Qilin ransomware exploits South Korean MSP breach, leaking data of 28 victims Read More »

Akira Ransomware Hits 250 Plus Organizations and Extracts 42 Million Dollars, CISA Warns in New Report

A recent advisory from the Cybersecurity and Infrastructure Security Agency highlights the growing threat of the Akira ransomware group, which has rapidly become one of the most aggressive cybercrime operations targeting global businesses. Ransomware Impact and Financial Losses Since March 2023, Akira has compromised more than 250 organizations across North America, Europe, and Australia. According

Akira Ransomware Hits 250 Plus Organizations and Extracts 42 Million Dollars, CISA Warns in New Report Read More »

Vibe-Coded Malicious VS Code Extension Found Containing Built-In Ransomware Functionality

Cybersecurity researchers have uncovered a malicious extension for Microsoft’s Visual Studio Code (VS Code) that contains basic ransomware functionality. The extension, which appears to have been “vibe-coded” or created with the assistance of artificial intelligence, highlights a new frontier in software supply chain threats. A Brazenly Malicious Extension Discovered by Secure Annex researcher John Tuckner,

Vibe-Coded Malicious VS Code Extension Found Containing Built-In Ransomware Functionality Read More »

U.S. Prosecutors Charge Cybersecurity Insiders for Involvement in BlackCat Ransomware Attacks

In a case that blurs the line between defender and attacker, U.S. federal prosecutors have charged three individuals, including two cybersecurity professionals, for their alleged involvement in a series of BlackCat (ALPHV) ransomware attacks targeting American companies. The accused allegedly exploited their industry positions to carry out and negotiate extortion schemes. The Accused: From Threat

U.S. Prosecutors Charge Cybersecurity Insiders for Involvement in BlackCat Ransomware Attacks Read More »

Russian Ransomware Groups Weaponize Open-Source AdaptixC2 for Advanced Attacks

A powerful open-source command-and-control (C2) framework named AdaptixC2 is rapidly being adopted by a wide range of cybercriminals, with strong links to Russian ransomware operations. This trend highlights the ongoing weaponization of legitimate security tools by threat actors to conduct more advanced and evasive attacks. What is AdaptixC2? AdaptixC2 is an emerging, extensible post-exploitation framework

Russian Ransomware Groups Weaponize Open-Source AdaptixC2 for Advanced Attacks Read More »

Qilin Ransomware Uses Linux Payload and BYOVD Exploit in Sophisticated Hybrid Attack

Qilin, also tracked as Agenda, Gold Feather, and Water Galura, has become one of the most active ransomware-as-a-service operations since mid-2022. In 2025 the group averaged more than 40 victims per month, peaking at around 100 data-leak posts in June, and reaching 84 victims in both August and September 2025. Cisco Talos data shows significant

Qilin Ransomware Uses Linux Payload and BYOVD Exploit in Sophisticated Hybrid Attack Read More »

Monolock Ransomware Reportedly Being Sold by Threat Actors on Dark Web Forums

Monolock ransomware has appeared for sale on underground forums, with operators advertising version 1.0 and offering stolen corporate credentials alongside the malware. First observed in late September, the campaign spreads through phishing messages that deliver malicious Microsoft Word documents, which, when opened, trigger an embedded macro to download the ransomware binary from a compromised host.

Monolock Ransomware Reportedly Being Sold by Threat Actors on Dark Web Forums Read More »

Microsoft Revokes 200 Fake Certificates Abused in Rhysida Ransomware Attacks

Microsoft has taken decisive action against a cyber campaign linked to the Rhysida ransomware group by revoking more than 200 fraudulent code-signing certificates. These certificates were misused by a threat actor known as Vanilla Tempest to disguise malicious software as legitimate Microsoft Teams installers. Discovery and Disruption According to the Microsoft Threat Intelligence team, the

Microsoft Revokes 200 Fake Certificates Abused in Rhysida Ransomware Attacks Read More »