Lucene search
K

14 matches found

Securelist
Securelist
added 5 days ago10 views

The Gentlemen are knocking: сustom backdoors and evolving tactics

Introduction This year saw the emergence of The Gentlemen, a prominent example of a group operating under the ransomware-as-a-service RaaS model. Although our initial assessment suggested the group first appeared in mid-2025, it actually started ramping up its activities at the beginning of 2026...

6AI score
Exploits0
Talos Blog
Talos Blog
added 2025/11/13 11:0 a.m.10 views

Unleashing the Kraken ransomware group

In August 2025, Cisco Talos observed big-game hunting and double extortion attacks carried out by Kraken, a Russian-speaking group that has emerged from the remnants of the HelloKitty ransomware cartel. Talos observed in one intrusion that the Kraken actor exploited Server Message Block SMB...

7.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/10/07 10:45 p.m.14 views

ShinyHunters Wage Broad Corporate Extortion Spree

A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed...

9.8CVSS7.7AI score0.99722EPSS
Exploits14
The Hacker News
The Hacker News
added 2025/03/29 3:52 a.m.31 views

BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability

In what's an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial information about their modus operandi in the process. Resecurity said it identified a security vulnerability i...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2024/11/07 11:0 a.m.20 views

Unwrapping the emerging Interlock ransomware attack

Cisco Talos Incident Response Talos IR recently observed an attacker conducting big-game hunting and double extortion attacks using the relatively new Interlock ransomware. Our analysis uncovered that the attacker used multiple components in the delivery chain including a Remote Access Tool RAT...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2024/08/28 10:21 a.m.40 views

BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave

The threat actors behind the BlackByte ransomware group have been observed likely exploiting a recently patched security flaw impacting VMware ESXi hypervisors, while also leveraging various vulnerable drivers to disarm security protections. "The BlackByte ransomware group continues to leverage...

7.2CVSS7.6AI score0.2677EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/07/08 1:15 p.m.18 views

New Ransomware-as-a-Service 'Eldorado' Targets Windows and Linux Systems

An emerging ransomware-as-a-service RaaS operation called Eldorado comes with locker variants to encrypt files on Windows and Linux systems. Eldorado first appeared on March 16, 2024, when an advertisement for the affiliate program was posted on the ransomware forum RAMP, Singapore-headquartered...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2024/03/14 1:47 p.m.39 views

LockBit Ransomware Hacker Ordered to Pay $860,000 After Guilty Plea in Canada

A 34-year-old Russian-Canadian national has been sentenced to nearly four years in jail in Canada for his participation in the LockBit global ransomware operation. Mikhail Vasiliev, an Ontario resident, was originally arrested in November 2022 and charged by the U.S. Department of Justice DoJ wit...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/11/16 12:3 p.m.107 views

CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks

The threat actors behind the Rhysida ransomware engage in opportunistic attacks targeting organizations spanning various industry sectors. The advisory comes courtesy of the U.S. Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, and the Multi-State...

10CVSS9.2AI score0.99512EPSS
Exploits75
Talos Blog
Talos Blog
added 2023/05/15 12:0 p.m.25 views

Newly identified RA Group compromises companies in U.S. and South Korea with leaked Babuk source code

Cisco Talos recently discovered a new ransomware actor called RA Group that has been operating since at least April 22, 2023. The actor is swiftly expanding its operations. To date, the group has compromised three organizations in the U.S. and one in South Korea across several business verticals,...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2022/09/01 10:3 a.m.23 views

Infra Used in Cisco Hack Also Targeted Workforce Management Solution

The attack infrastructure used to target Cisco in the May 2022 incident was also employed against an attempted compromise of an unnamed workforce management solutions holding company a month earlier in April 2022. Cybersecurity firm eSentire, which disclosed the findings, raised the possibility...

0.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/10/19 1:42 p.m.31 views

[updated]REvil ransomware disappears after Tor services hijacked

With some pests you hope they never recover from a blow. It’s almost too good to be true, but one can hope. This is one of them. The REvil ransomware group has shut down their operation for the second time this year after losing control over their Tor-based domains. Shutdown number 1 REvils first...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/05/22 7:0 a.m.148 views

FBI Warns Conti Ransomware Hit 16 U.S. Health and Emergency Services

The adversary behind Conti ransomware targeted no fewer than 16 healthcare and first responder networks in the U.S. within the past year, totally victimizing over 400 organizations worldwide, 290 of which are situated in the country. That's according to a new flash alert issued by the U.S. Federa...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/04 9:49 a.m.4 views

Extortion Gang Breaches Cybersecurity Firm Qualys Using Accellion Exploit

Enterprise cloud security firm Qualys has become the latest victim to join a long list of entities to have suffered a data breach after zero-day vulnerabilities in its Accellion File Transfer Appliance FTA server were exploited to steal sensitive business documents. As proof of access to the data...

6AI score
Exploits0
Rows per page
Query Builder