Kaseya VSA 2017 ConnectWise ManagedITSync - Remote Code Execution

ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run...

Cybercrime Crew Claims It Hacked Mike Lindell’s MyPillow

Plus: A ransomware group is now stealing data in person, BusPatrol wants to hand its license plate surveillance data to the cops, and more...

The Gentlemen ransomware: Dissecting a self-propagating Go encryptor

In this article 1. Pre-encryption 2. File encryption 3. Post-encryption 4. Defending against The Gentlemen ransomware 5. Microsoft Defender detections and hunting guidance 6. Indicators of compromise Ransomware that combines robust encryption with rapid lateral movement significantly increases th...

Analyzing Concentration, Temporal Routines and Targeting in Public Ransomware Leak Site Data

Ransomware has grown to become one of the most damaging types of cybercrime, affecting private and public organizations in any sector. While early types of ransomware targeted many victims via automated attacks, ransomware groups have started to specifically target organizations and companies in...

First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups

Authorities in Europe and North America have announced the dismantling of a criminal virtual private network VPN service used by criminal actors to obscure the origins of ransomware attacks, data theft, scanning, and denial-of-service attacks. Codenamed Operation Saffron, the disruption of First...

Europol Seizes First VPN Used by Ransomware Gangs, Arrests Administrator

Europol has seized First VPN, a service used by ransomware gangs, arrested its administrator and gained access to data linked to thousands of users...

Fake malware-signing service Fox Tempest dismantled by Microsoft

Microsoft says it dismantled a malware-signing-as-a-service MSaaS called Fox Tempest, which helped cybercriminals make malware appear legitimate. The service let customers submit malicious files to be digitally signed with short-lived Microsoft-issued certificates, making the malware look...

Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

Microsoft on Tuesday said it disrupted a malware-signing-as-a-service MSaaS operation that weaponized the company's Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world. The tech giant attribut...

Exposing Fox Tempest: A malware-signing service operation

In this article 1. Fox Tempest’s role and impact 2. Fox Tempest’s malware signing as a service infrastructure 3. Defending against Fox Tempest-enabled attacks 4. Microsoft Defender detections 5. Indicators of compromise Fox Tempest is a financially motivated threat actor that operates a...

Exposing Fox Tempest: A malware-signing service operation

In this article 1. Fox Tempest’s role and impact 2. Fox Tempest’s malware signing as a service infrastructure 3. Defending against Fox Tempest-enabled attacks 4. Microsoft Defender detections 5. Indicators of compromise Fox Tempest is a financially motivated threat actor that operates a...

IT threat evolution in Q1 2026. Non-mobile statistics

IT threat evolution in Q1 2026. Non-mobile statistics IT threat evolution in Q1 2026. Mobile statistics The statistics in this report are based on detection verdicts returned by Kaspersky products unless otherwise stated. The information was provided by Kaspersky users who consented to sharing...

The Gentlemen Ransomware Gang Hit by Internal Breach, Operations Exposed

The Gentlemen ransomware gang suffered an internal breach in May 2026, exposing victim data, affiliate activity, and backend operations...

Cybercriminal Twins Caught After They Forgot to Turn Off Microsoft Teams Recording

Plus: Instructure’s Canvas ransomware debacle comes to a close, an alleged dark net market kingpin gets arrested, OpenAI workers fall victim to a supply chain attack, and more...

From Backup Restoration to Minimum Viable Factory Recovery: A Systematization of Ransomware Recovery in Manufacturing Systems

Ransomware recovery in critical manufacturing infrastructure is not only a backup-restoration problem. Production capability depends on coupled information-technology, operational-technology, physical-process, quality, logistics, identity, and supplier systems. After ransomware, a plant may rebui...

STRIKE: A Structured Taxonomy of Cybercrime for Risk, Impact, Knowledge, and Evolution

Cybercrime has grown exponentially in both scale and sophistication, posing significant threats. As attack methods evolve rapidly, traditional classification schemes often fail to capture the complexity and diversity of modern threats. To address this gap, we introduce STRIKE,a Structured Taxonom...

Why Canadian Telecom Providers Are Prime Targets for Cyberattacks

Canadian telecom providers face mounting cyber threats from ransomware, SIM swapping, data breaches, and nation-state attacks targeting critical infrastructure...

Foxconn Ransomware Attack Shows Nothing Is Safe Forever

Famous for helping build Apple’s iPhones, Foxconn just suffered another cyberattack, highlighting the perils of warehousing some of the world’s most valuable data...

The Canvas Hack Is a New Kind of Ransomware Debacle

Thousands of schools around the US were paralyzed on Thursday after education tech firm Instructure shut down access to its Canvas platform following a breach by hackers going by the name ShinyHunters...

Why Outdated Maintenance Software Is a Growing Ransomware Risk

Outdated maintenance software increases ransomware risk by exposing weak access controls, unpatched systems, and critical operational data to attackers...

MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack

The Iranian state-sponsored hacking group known as MuddyWater aka Mango Sandstorm, Seedworm, and Static Kitten has been attributed to a ransomware attack in what has been described as a "false flag" operation. The attack, observed by Rapid7 in early 2026, has been found to leverage social...