6523 matches found
The Attack Cycle is Accelerating: Announcing the Rapid7 2026 Global Threat Landscape Report
The predictive window has collapsed. In 2025, high-impact vulnerabilities weren’t quietly accumulating risk. They were operationalized, and often within days. Today, Rapid7 Labs released the 2026 Global Threat Landscape Report, an in-depth analysis of how attacker behavior is evolving across...
Dark Web Roast February 2026 Edition
Dark Web Roast - February 2026 Edition By Trellix Advanced Research Center · March 18, 2026 Executive Summary February 2026 delivered another stellar month in the ongoing theatre of the absurd that is the cybercriminal underground, where ransomware gangs bulk-scheduled their extortion like a...
LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader
The ransomware operation known as LeakNet has adopted the ClickFix social engineering tactic delivered through compromised websites as an initial access method. The use of ClickFix, where users are tricked into manually running malicious commands to address non-existent errors, is a departure fro...
Web Shells, Tunnels, and Ransomware: Dissecting a Warlock Attack
Warlock continues to enhance its attack chain with new tactics to improve persistence, lateral movement, and defense evasion using an expanded toolset: TightVNC Yuze, and a persistent BYOVD technique leveraging the NSec driver...
PT-2026-25544
Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A weakness exists in the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. Manipulation of the mode argument can lead to operating system command injection. This attack can be...
Ransomware and Artificial Intelligence: A Comprehensive Systematic Review of Reviews
This study provides a comprehensive synthesis of Artificial Intelligence AI, especially Machine Learning ML and Deep Learning DL, in ransomware defense. Using a "review of reviews" methodology based on PRISMA, this paper gathers insights on how AI is transforming ransomware detection, prevention,...
Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks
Cybersecurity researchers have disclosed details of a suspected artificial intelligence AI-generated malware codenamed Slopoly put to use by a financially motivated threat actor named Hive0163. "Although still relatively unspectacular, AI-generated malware such as Slopoly shows how easily threat...
PT-2026-25137
Massive ransomware attack hits US healthcare sector, exploiting MedSys CVE-2026-0456 and compromising 1.5M patient records as DarkSky demands $10M ransom, disrupting hospital operations. Ransomware https://t.co/jcKWMlplzA...
Malicious code in synapseml-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4ddf16f7a9941918ea74e21a3742e8f03d7b5c6f5720d7d031d2c69f8d6495c3 Installing the package starts encrypting the user's file and demanding ransom for the decryption. --- Category: MALICIOUS - The campaign has clearly malicious...
MAL-2026-1325 Malicious code in synapseml-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4ddf16f7a9941918ea74e21a3742e8f03d7b5c6f5720d7d031d2c69f8d6495c3 Installing the package starts encrypting the user's file and demanding ransom for the decryption. --- Category: MALICIOUS - The campaign has clearly malicious...
Malicious code in alinet-w (npm)
Package is malware due to ransomware-like behavior: file encryption, key exfiltration, terminal locking, ransom note, and persistence attempts. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c18fd7e3ffa16f370fa25fcc489c381958d8200bf01cd8bf3627c91301eb397 The...
Post-Quantum Federated Learning: Secure and Scalable Threat Intelligence for Collaborative Cyber Defense
Collaborative threat intelligence via federated learning FL faces critical risks from quantum computing, which can compromise classical encryption methods. This study proposes a quantum-secure FL framework using post-quantum cryptography PQC to protect cross-organizational data sharing. We expose...
Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations
Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control C2 framework as a precursor to data exfiltration or ransomware attack. The intrusions, identified by Huntress last month across five partner...
Expert Recommends: Prepare for PQC Right Now
Introduction: Steal It Today, Break It in a Decade Digital evolution is unstoppable, and though the pace may vary, things tend to fall into place sooner rather than later. That, of course, applies to adversaries as well. The rise of ransomware and cyber extortion generated funding for a complex a...
SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks
The notorious cybercrime collective known as Scattered LAPSUS$ Hunters SLH has been observed offering financial incentives to recruit women to pull off social engineering attacks. The idea is to hire them for voice phishing campaigns targeting IT help desks, Dataminr said in a new threat brief. T...
The Post-RAMP Era: Allegations, Fragmentation, and the Rebuilding of the Ransomware Underground
Executive summary The January 2026 seizure of RAMP disrupted a major ransomware coordination hub, but it did not dismantle the ecosystem behind it. Instead, it destabilized trust and accelerated fragmentation across the underground. Rather than consolidating around a single successor, ransomware...
North Korean Lazarus Group Adopts Medusa Ransomware in Global Attacks
Lazarus Group is now using Medusa ransomware in attacks on healthcare and social services, signaling a move toward profit-focused cybercrime...
Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks
The North Korea-linked Lazarus Group aka Diamond Sleet and Pompilus has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team. Broadcom's threat intelligence division said it...
ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware
Cybersecurity researchers have disclosed details of a new ClickFix campaign that abuses compromised legitimate sites to deliver a previously undocumented remote access trojan RAT called MIMICRAT aka AstarionRAT. "The campaign demonstrates a high level of operational sophistication: compromised...
Orbital Escalation: Modeling Satellite Ransomware Attacks Using Game Theory
Ransomware has yet to reach orbit, but the conditions for such an attack already exist. This paper presents the first game-theoretic framework for modeling ransomware against satellites: the orbital escalation game. In this model, the attacker escalates ransom demands across orbital passes, while...