Ransomware

CL0P-Linked Hackers Exploit Oracle Software Flaw to Breach Multiple Organizations

Dozens of organizations may have been impacted after threat actors exploited a zero-day vulnerability in Oracle E-Business Suite, starting around August 9, 2025, researchers from Google Threat Intelligence Group, GTIG, and Mandiant reported. The intrusion campaign, which shows hallmarks associated with the Cl0p ransomware brand, used a chain of vulnerabilities to gain remote code execution, […]

CL0P-Linked Hackers Exploit Oracle Software Flaw to Breach Multiple Organizations Read More »

LockBit, Qilin, and DragonForce Collaborate to Strengthen Ransomware Operations

Three leading ransomware groups—DragonForce, LockBit, and Qilin—have officially joined forces, signaling a notable shift in the global cyber threat landscape. This strategic partnership aims to enhance the effectiveness of ransomware operations, according to a report by ReliaQuest shared with The Hacker News. “Following LockBit’s recent return, this alliance is expected to enable the sharing of

LockBit, Qilin, and DragonForce Collaborate to Strengthen Ransomware Operations Read More »

Microsoft Links Storm-1175 to GoAnywhere Exploit, Medusa Ransomware Deployment

Microsoft has attributed a recent wave of cyberattacks to a threat group identified as Storm-1175, linking it to the exploitation of a critical flaw in Fortra’s GoAnywhere MFT software. The attacks ultimately led to the deployment of Medusa ransomware, affecting several organizations globally. The vulnerability, tracked as CVE-2025-10035 with a CVSS score of 10.0, is

Microsoft Links Storm-1175 to GoAnywhere Exploit, Medusa Ransomware Deployment Read More »

CountLoader expands Russian ransomware campaigns with multi-version malware loader

Cybersecurity experts have identified a new malware loader, dubbed CountLoader, being actively used by Russian ransomware operators. This loader is designed to deliver post-exploitation frameworks such as Cobalt Strike and AdaptixC2, along with a remote access trojan known as PureHVNC RAT. According to Silent Push, CountLoader is deployed either as part of an Initial Access

CountLoader expands Russian ransomware campaigns with multi-version malware loader Read More »

SafePay Ransomware Claims Attacks on 73 Organizations Within a Month

SafePay ransomware has rapidly become one of 2025’s most dangerous cyber threats. Reports indicate that the group was responsible for 73 confirmed attacks in June and an additional 42 in July, bringing its total number of victims this year to over 270. Unlike ransomware-as-a-service (RaaS) groups that work with affiliate networks, SafePay functions as a

SafePay Ransomware Claims Attacks on 73 Organizations Within a Month Read More »

add a heading (8)

Underground Ransomware Gang Reveals New Global Attack Tactics

Over the past year, the Underground ransomware group has risen as a major threat to organizations worldwide, spanning multiple industries and countries. Initially spotted in July 2023, the gang reappeared in May 2024 with a Dedicated Leak Site (DLS), signaling a shift toward more advanced and strategic operations. Their attacks now reach from the United

Underground Ransomware Gang Reveals New Global Attack Tactics Read More »

5g (6)

New Cephalus Ransomware Uses RDP for Initial Access

A newly discovered ransomware family named Cephalus has emerged as a serious cyber threat, infiltrating organizations by exploiting compromised Remote Desktop Protocol (RDP) credentials that lack multi-factor authentication (MFA). The ransomware’s name comes from Greek mythology, referencing Cephalus, the son of Hermes, who accidentally killed his wife with an infallible javelin. This symbolism underscores the

New Cephalus Ransomware Uses RDP for Initial Access Read More »

add a heading (7)

Colt Admits Customer Data Theft Following Ransomware Attack

Colt Technology Services, a leading telecommunications provider, has confirmed that a ransomware attack on August 12, 2025, resulted in the theft of sensitive customer data. The company revealed that attackers gained access to confidential files containing customer information. Soon after, the document titles were leaked on dark web forums, forcing Colt to take urgent containment

Colt Admits Customer Data Theft Following Ransomware Attack Read More »

add a heading (12)

Ransomware Groups Using Legit Tools with Malware to Evade Detection

Ransomware Groups Exploiting Legitimate Tools with Malware to Evade Detection A newly identified ransomware operation known as Crypto24 is raising alarms in the cybersecurity community. Unlike traditional groups, Crypto24 demonstrates advanced tactics by combining legitimate administrative tools with custom malware, enabling precise attacks against high-value organizations. Global Targeting of Critical Sectors The campaign has successfully

Ransomware Groups Using Legit Tools with Malware to Evade Detection Read More »

add a heading (5)

US Sanctions Garantex, Grinex Over $100M Crypto Ties

U.S. Targets Garantex and Grinex for Over $100 Million in Ransomware-Linked Crypto Transactions The United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) has renewed sanctions on the Russian cryptocurrency exchange Garantex, accusing it of processing over $100 million in transactions tied to ransomware groups and other cybercriminal activities since 2019. The

US Sanctions Garantex, Grinex Over $100M Crypto Ties Read More »