Ransomware

Gunra ransomware gang claims 16 victims across multiple countries.

Signature Healthcare in Massachusetts diverts ambulances after cyberattack disrupts operations.

ClickFix campaign uses fake CAPTCHAs to deploy Node.js RAT malware via Tor to steal crypto.

Medusa ransomware group exploits zero-days and fresh vulnerabilities to breach 300+ organizations within days.

German police identify Russian national as REvil/GandCrab ransomware leader.

Wynn Resorts confirms 21,000 employees affected by ShinyHunters data breach targeting HR systems.

Iran-linked actor wages password-spraying campaign against 300+ Israeli Microsoft 365 organizations.

Germany identifies Daniil Maksimovich Shchukin as UNKN, leader of GandCrab and REvil ransomware gangs.

New ransomware group Krybit emerges with multiple Tor infrastructure.

New ransomware group Krybit emerges with Tor-based infrastructure.

Insikt Group report on 2025 LAC cybercrime landscape reveals 452 ransomware incidents targeting Brazil, Mexico,

SecurityWeek roundup: Android rootkit, ChatGPT data leak, water facility ransomware, FBI breach.

REF1695 operation deploys RATs and crypto miners via ISO file lures since November 2023.

Handala Hack claims breach of St. Joseph County with 2TB of data stolen.

ShadowByt3s claims 10GB Starbucks breach via misconfigured S3 bucket with source code, firmware, and management tools.

Google Drive ransomware detection now enabled by default for paid workspace users.

TeamPCP compromises Trivy, KICS, LiteLLM, and Telnyx SDK in multi-stage supply chain attack.

TeamPCP escalates supply chain attacks with BreachForums and Vect ransomware partnership.

Stolen credentials fuel ransomware, SaaS breaches, and state-sponsored attacks at industrial scale.

Iranian APTs deploy pseudo-ransomware targeting US orgs via revived Pay2Key operations.

PLAY ransomware group claims 10 new victims across UK, US, Germany, and Sweden.

Lynx ransomware campaign exploits internet-exposed RDP with valid credentials starting March 2025.

Fortinet FortiClient EMS SQL injection flaw CVE-2026-21643 actively exploited in attacks.

Dark Web Informer daily digest reports Handala Hack breaches at Lockheed Martin and Stryker, FBI Director compromise,

Ransomware broker sentenced to 7 years; malware in resumes and package repository hijacks reported.

SnowTeam launches Leak Bazaar, a dark web marketplace for stolen corporate data with ML analysis and ransomware

SnowTeam launches Leak Bazaar, a criminal marketplace for stolen corporate data with ML analysis tools.

Daily dark web threat intelligence digest reporting multiple data breaches, ransomware incidents, and hacktivist claims.

Russian cybercriminal Ilya Angelov sentenced to 2 years for administering botnet facilitating ransomware attacks.

Russian national sentenced to 2 years prison for managing TA551 botnet ransomware attacks.

Russian access broker sentenced to 81 months for Yanluowang ransomware attacks causing $9M+ losses.

National Oil Corporation of Ethiopia suffers alleged full infrastructure compromise with 800GB ERP database

Tax-themed malvertising campaign delivers ScreenConnect malware with EDR-killing Huawei driver since January 2026.

Russian access broker sentenced to 81 months for facilitating ransomware attacks via Yanluowang group.

Russian initial access broker sentenced to 81 months for supplying network access to Yanluowang ransomware gang.

U.S. sentences Russian hacker to 6.75 years for facilitating $9M in ransomware attacks.

Mazda discloses breach of 692 employee and partner records via warehouse management system vulnerability.

TeamPCP deploys CanisterWorm wiper targeting Iran via compromised cloud infrastructure.

Trio-Tech semiconductor subsidiary in Singapore hit by ransomware; data stolen and published.

Weekly security recap covering Trivy scanner backdoor, IoT botnets takedown, and rapid zero-day exploitation.

Intoxalock breathalyzer cyberattack strands 150,000 US drivers unable to start vehicles.