North Korean Lazarus Group Adopts Medusa Ransomware in Global Attacks

Lazarus Group is now using Medusa ransomware in attacks on healthcare and social services, signaling a move toward profit-focused cybercrime...

Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide

Torrance, United States / California, December 12th, 2025, CyberNewsWire In December 2025, CVE-2025-55182 React2Shell, a vulnerability in React…...

SocGholish Malware Using Compromised Sites to Deliver Ransomware

New research on SocGholish FakeUpdates reveals how this MaaS platform is used by threat actors like Evil Corp and RansomHub to compromise websites, steal data, and launch high-impact attacks on healthcare and businesses worldwide...

ToolShell: a story of five vulnerabilities in Microsoft SharePoint

On July 19–20, 2025, various security companies and national CERTs published alerts about active exploitation of on-premise SharePoint servers. According to the reports, observed attacks did not require authentication, allowed attackers to gain full control over the infected servers, and were...

Europol, Poland Bust Major DDoS-for-Hire Operation, Arrest 4

Polish authorities arrest 4 behind major DDoS-for-hire sites used in global attacks. Europol, US, Germany, and Dutch forces…...

FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks

Cybersecurity researchers are warning about a spike in malicious activity that involves roping vulnerable D-Link routers into two different botnets, a Mirai variant dubbed FICORA and a Kaiten aka Tsunami variant called CAPSAICIN. "These botnets are frequently spread through documented D-Link...

Global ransomware attacks at an all-time high, shows latest 2023 State of Ransomware report

Ransomware attacks have shown no signs of slowing down in 2023. A new report from the Malwarebytes Threat Intelligence team shows 1,900 total ransomware attacks within just four countries--the US, Germany, France, and the UK--in one year. The findings, compiled together in the 2023 State of...

Black Basta ransomware

What is Black Basta ransomware? Black Basta is a threat group that provides ransomware-as-a-service RaaS. The service is maintained by dedicated developers and is a highly efficient and professionally run operation; theres a TOR website that provides a victim login portal, a chat room, and a wall...

20-Year-Old Russian LockBit Ransomware Affiliate Arrested in Arizona

The U.S. Department of Justice DoJ on Thursday unveiled charges against a Russian national for his alleged involvement in deploying LockBit ransomware to targets in the U.S., Asia, Europe, and Africa. Ruslan Magomedovich Astamirov, 20, of Chechen Republic has been accused of perpetrating at least...

Threat Source newsletter (Feb. 25, 2021)

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We all think of APTs as these wide-reaching, silent threat groups who are backed by a nation-state. But our recent research into Gamaredon shows that not all APTs are created equal. We’ve spotted this actor carrying out several...

Huawei HG532 Router Remote Code Execution(CVE-2017-17215)

A Zero-Day vulnerability CVE-2017-17215 in the Huawei home router HG532 has been discovered by Check Point Researchers, and hundreds of thousands of attempts to exploit it have already been found in the wild. The delivered payload has been identified as OKIRU/SATORI, an updated variant of Mirai...

Wannacry depth of analysis: the first stage tasksche-vulnerability warning-the black bar safety net

WannaCry ransomware is a 2017 of the most popular ransomware, which uses a Microsoft vulnerability in the global range attacks make the world more than 100 countries, hundreds of thousands of users by the impact. Has a global range of network security education for all. As a security industry...

ATM Heists Net $45 Million and Indictments

Eight members of a New York cybercrime cell have been indicted in a carefully coordinated heist that drained $45 million from thousands of ATMs in less than 24 hours. In an federal indictment unsealed Thursday in Brooklyn, authorities charge the attacks were reminiscent of a suspense movie in whi...

RSA: Phishing Attacks Net $687m to Date in 2012

There have been nearly 33,000 phishing attacks globally each month this year, totaling a loss of $687 million, according to new statistics released by security firm RSA earlier this week. Those phishing attack numbers, 32,581 attacks per month on average, mark a 19 percent increase globally...

Mobile malware on the rise, McAfee Q4 Threats Report

McAfee Q4 Threats Report, Mobile malware on the rise The number of new malware releases slowed during the final three months of 2011, but was higher than expected for the year. Computer and mobile security firm McAfee has warned "no organisation,platform or device" is immune from malware attacks ...

Comodohacker is 21 year old patriotic Iranian Hacker

Comodohacker is 21 year old patriotic Iranian Hacker The New York Times got in touch with Comodohacker, who says he's a 21-year-old Iranian student, and asked him about the motives behind his sweeping breach of Gmail this summer. By sniping security certificates from a Dutch company — essentially...