Lucene search
K

19 matches found

HackRead
HackRead
added 2026/04/08 2:19 p.m.7 views

Storm-1175 Deploys Medusa Ransomware Within 24 Hours of Flaw Disclosure

Microsoft researchers have uncovered a fast-moving group, Storm-1175, launching high-speed Medusa ransomware attacks against healthcare and education sectors in the UK, US, and Australia by exploiting security flaws in as little as 24 hours...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/07 6:35 a.m.19 views

China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware

A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate "high-velocity" attacks and break into susceptible internet-facing systems. "The threat actor's high operational tempo and...

10CVSS7.4AI score0.99999EPSS
Exploits133
Microsoft Secure
Microsoft Secure
added 2026/04/06 4:0 p.m.20 views

Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations

In this article 1. Storm-1175’s rapid attack chain: From initial access to impact 2. Mitigation and protection guidance 3. Microsoft Defender detections 4. Indicators of compromise The financially motivated cybercriminal actor tracked by Microsoft Threat Intelligence as Storm-1175 operates...

10CVSS7.4AI score0.99999EPSS
Exploits162
HackRead
HackRead
added 2026/02/24 11:40 p.m.6 views

North Korean Lazarus Group Adopts Medusa Ransomware in Global Attacks

Lazarus Group is now using Medusa ransomware in attacks on healthcare and social services, signaling a move toward profit-focused cybercrime...

5.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/24 11:52 a.m.10 views

Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks

The North Korea-linked Lazarus Group aka Diamond Sleet and Pompilus has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team. Broadcom's threat intelligence division said it...

5.8AI score
Exploits0
HackRead
HackRead
added 2025/10/23 7:27 p.m.8 views

Medusa Ransomware Leaks 834 GB of Comcast Data After $1.2M Demand

Medusa ransomware leaks 186 GB of Comcast data, claiming 834 GB stolen after a $1.2M ransom demand apparently went unpaid...

7AI score
Exploits0
HackRead
HackRead
added 2025/10/07 3:33 p.m.5 views

Medusa Ransomware Exploiting GoAnywhere MFT Flaw, Confirms Microsoft

Latest reports suggest the critical GoAnywhere MFT vulnerability CVE-2025-10035, CVSS 10.0 is actively exploited by the Medusa ransomware gang for unauthenticated RCE. Patch immediately...

10CVSS7.5AI score0.99614EPSS
Exploits3
The Hacker News
The Hacker News
added 2025/10/07 8:15 a.m.13 views

Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware

Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. The vulnerability is CVE-2025-10035 CVSS score: 10.0, a critical deserialization bug that could...

10CVSS8.8AI score0.99614EPSS
Exploits3
Microsoft Secure
Microsoft Secure
added 2025/10/06 5:0 p.m.11 views

Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability

On September 18, 2025, Fortra published a security advisory regarding a critical deserialization vulnerability in GoAnywhere MFT's License Servlet, which is tracked as CVE-2025-10035 and has a CVSS score of 10.0. The vulnerability could allow a threat actor with a validly forged license response...

10CVSS8.8AI score0.99614EPSS
Exploits3
HackRead
HackRead
added 2025/09/28 11:41 p.m.6 views

Medusa Ransomware Claims Comcast Data Breach, Demands $1.2M

Medusa ransomware group claims 834 GB data theft from Comcast, demanding $1.2M ransom while sharing screenshots and file listings...

7AI score
Exploits0
HackRead
HackRead
added 2025/07/25 4:46 p.m.4 views

NASCAR Confirms Medusa Ransomware Breach After $4M Demand

Medusa Ransomware breached NASCAR, demanded $4 million, leaked sensitive data including maps and staff info, exposing major security failures. The incident was exclusively reported by Hackread.com...

7.3AI score
Exploits0
HackRead
HackRead
added 2025/04/08 8:48 p.m.24 views

Medusa Ransomware Claims NASCAR Breach in Latest Attack

Medusa ransomware hits NASCAR, demands $4M ransom, leaks internal files. Group also claims Bridgebank, McFarland, and Pulse Urgent Care...

7.4AI score
Exploits0
HackRead
HackRead
added 2025/03/25 11:56 a.m.10 views

Medusa Ransomware Disables Anti-Malware Tools with Stolen Certificates

Cybercriminals exploit AbyssWorker driver to disable EDR systems, deploying MEDUSA ransomware with revoked certificates for stealthy attacks...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/21 12:58 p.m.15 views

Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates

The threat actors behind the Medusa ransomware-as-a-service RaaS operation have been observed using a malicious driver dubbed ABYSSWORKER as part of a bring your own vulnerable driver BYOVD attack designed to disable anti-malware tools. Elastic Security Labs said it observed a Medusa ransomware...

7.5AI score
Exploits0
HackRead
HackRead
added 2025/03/13 9:0 p.m.8 views

FBI and CISA Urge Enabling 2FA to Counter Medusa Ransomware

FBI and CISA warn of Medusa ransomware attacks impacting critical infrastructure. Learn about Medusa's tactics, prevention tips, and…...

7.4AI score
Exploits0
CISA
CISA
added 2025/03/12 12:0 p.m.3 views

CISA and Partners Release Cybersecurity Advisory on Medusa Ransomware

Today, CISA—in partnership with the Federal Bureau of Investigation FBI and Multi-State Information Sharing and Analysis Center MS-ISAC—released joint Cybersecurity Advisory, StopRansomware: Medusa Ransomware. This advisory provides tactics, techniques, and procedures TTPs, indicators of compromi...

7.5AI score
Exploits0References3
The Hacker News
The Hacker News
added 2025/03/06 12:1 p.m.31 views

Medusa Ransomware Hits 40+ Victims in 2025, Demands $100K–$15M Ransom

The threat actors behind the Medusa ransomware have claimed nearly 400 victims since it first emerged in January 2023, with the financially motivated attacks witnessing a 42% increase between 2023 and 2024. In the first two months of 2025 alone, the group has claimed over 40 attacks, according to...

10CVSS9.7AI score0.99959EPSS
Exploits12
hivepro
hivepro
added 2024/01/15 6:12 a.m.8 views

Medusa Ransomware Unleashed A Growing Cybersecurity Menace

Summary: Medusa ransomware, a potent threat since late 2022, employs a multi-extortion approach via its Medusa Blog, disclosing victim data and pressuring non-compliant organizations. Operating as a ransomware-as-a-service, Medusas global impact underscores the need for proactive cybersecurity...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2024/01/12 1:23 p.m.57 views

Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion

The threat actors associated with the Medusa ransomware have ramped up their activities following the debut of a dedicated data leak site on the dark web in February 2023 to publish sensitive data of victims who are unwilling to agree to their demands. "As part of their multi-extortion strategy,...

9.1CVSS7AI score0.21583EPSS
Exploits0
Rows per page
Query Builder