Lucene search
K

19 matches found

Securelist
Securelist
added 4 days ago10 views

The Gentlemen are knocking: сustom backdoors and evolving tactics

Introduction This year saw the emergence of The Gentlemen, a prominent example of a group operating under the ransomware-as-a-service RaaS model. Although our initial assessment suggested the group first appeared in mid-2025, it actually started ramping up its activities at the beginning of 2026...

6AI score
Exploits0
Securelist
Securelist
added 2026/05/12 7:0 a.m.8 views

State of ransomware in 2026

With International Anti-Ransomware Day taking place on May 12, Kaspersky presents its annual report on the evolving global and regional ransomware cyberthreat landscape. Ransomware remains one of the most persistent and adaptive cyberthreats. In 2026: New families continue to emerge, adopting...

6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2026/03/18 1:0 p.m.10 views

The Attack Cycle is Accelerating: Announcing the Rapid7 2026 Global Threat Landscape Report

The predictive window has collapsed. In 2025, high-impact vulnerabilities weren’t quietly accumulating risk. They were operationalized, and often within days. Today, Rapid7 Labs released the 2026 Global Threat Landscape Report, an in-depth analysis of how attacker behavior is evolving across...

6.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/11/18 4:7 p.m.10 views

The State of Security Today: Setting the Stage for 2026

As we close out 2025, one thing is clear: the security landscape is evolving faster than most organizations can keep up. From surging ransomware campaigns and AI-enhanced phishing to data extortion, geopolitical fallout, and gaps in cyber readiness, the challenges facing security teams today are ...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/15 3:21 p.m.5 views

Newly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation Tools

Cybersecurity researchers have shed light on a new ransomware-as-a-service RaaS operation called GLOBAL GROUP that has targeted a wide range of sectors in Australia, Brazil, Europe, and the United States since its emergence in early June 2025. GLOBAL GROUP was "promoted on the Ramp4u forum by the...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/11 10:30 a.m.15 views

Initial Access Brokers Shift Tactics, Selling More for Less

What are IABs? Initial Access Brokers IABs specialize in gaining unauthorized entry into computer systems and networks, then selling that access to other cybercriminals. This division of labor allows IABs to concentrate on their core expertise: exploiting vulnerabilities through methods like soci...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/01/03 7:7 p.m.10 views

Microsoft disables ms-appinstaller after malicious use

In what might be conceived as one of Microsoft’s new year resolutions, it has disclosed that its turned off the ms-appinstaller protocol handler by default. The change is designed to make installing apps easier, but it also makes installing malware easier. Typically, an app needs to be on a devic...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/12/19 11:22 p.m.27 views

New MetaStealer malvertising campaigns

MetaStealer is a popular piece of malware that came out in 2022, levering previous code base from RedLine. Stealers have become a very hot commodity in the criminal space, so much so that there is competition between various groups. Threat actors have primarily used malspam as an infection vector...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2023/08/01 4:20 a.m.46 views

Cybercriminals Renting WikiLoader to Target Italian Organizations with Banking Trojan

Organizations in Italy are the target of a new phishing campaign that leverages a new strain of malware called WikiLoader with an ultimate aim to install a banking trojan, stealer, and spyware referred to as Ursnif aka Gozi. "It is a sophisticated downloader with the objective of installing a...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/06/15 3:0 a.m.12 views

LockBit ransomware advisory from CISA provides interesting insights

The US Cybersecurity and Infrastructure Security Agency CISA, Federal Bureau of Investigation FBI, Multi-State Information Sharing and Analysis Center MS-ISAC, and the cybersecurity authorities of Australia, Canada, United Kingdom, Germany, France, and New Zealand CERT NZ, NCSC-NZ have all...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/01 9:19 a.m.3 views

Improved BlackCat Ransomware Strikes with Lightning Speed and Stealthy Tactics

The threat actors behind BlackCat ransomware have come up with an improved variant that prioritizes speed and stealth in an attempt to bypass security guardrails and achieve their goals. The new version, dubbed Sphynx and announced in February 2023, packs a "number of updated capabilities that...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/01 9:19 a.m.40 views

Improved BlackCat Ransomware Strikes with Lightning Speed and Stealthy Tactics

The threat actors behind BlackCat ransomware have come up with an improved variant that prioritizes speed and stealth in an attempt to bypass security guardrails and achieve their goals. The new version, dubbed Sphynx and announced in February 2023, packs a "number of updated capabilities that...

6.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/03/30 5:3 p.m.17 views

Risk Fact #3: Initial Access Brokers Attack What Organizations Ignore

Qualys Blog Series – Threat Research Unit Report “Divide and Conquer” is an emerging and winning strategy for cyber criminals who split responsibilities to improve execution of the attack process. Some threat actors specialize in the back end, which often is ransomware deployed at scale. The fron...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/04 5:30 a.m.3 views

New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers

VMware ESXi hypervisors are the target of a new wave of attacks designed to deploy ransomware on compromised systems. "These attack campaigns appear to exploit CVE-2021-21974, for which a patch has been available since February 23, 2021," the Computer Emergency Response Team CERT of France said i...

8.8CVSS9.4AI score0.45063EPSS
Exploits7
Malwarebytes
Malwarebytes
added 2022/10/27 6:45 p.m.20 views

What is ransomware-as-a-service and how is it evolving?

Ransomware attacks are becoming more frequent and costlier--breaches caused by ransomware grew 41 percent in the last year, the average cost of a destructive attack rising to $5.12 milllion. Whats more, a good chunk of the cyber criminals doing these attacks operate on a ransomware-as-a-service...

Exploits0
The Hacker News
The Hacker News
added 2022/06/24 8:2 a.m.32 views

State-Backed Hackers Using Ransomware as a Decoy for Cyber Espionage Attacks

A China-based advanced persistent threat APT group is possibly deploying short-lived ransomware families as a decoy to cover up the true operational and tactical objectives behind its campaigns. The activity cluster, attributed to a hacking group dubbed Bronze Starlight by Secureworks, involves t...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/08 1:41 p.m.65 views

Ransomware Group FIN12 Aggressively Going After Healthcare Targets

An "aggressive" financially motivated threat actor has been identified as linked to a string of RYUK ransomware attacks since October 2018, while maintaining close partnerships with TrickBot-affiliated threat actors and using a publicly available arsenal of tools such as Cobalt Strike Beacon...

6.7AI score
Exploits0
ThreatPost
ThreatPost
added 2021/09/16 6:26 p.m.35 views

Airline Credential-Theft Takes Off in Widening Campaign

A two-year-old espionage campaign against the airline industry is ongoing, with AsyncRAT and other commodity remote-access trojans RATs helping those efforts take flight. The campaign can effectively be a bird strike to the business engine, so to speak, resulting in data theft, financial fraud or...

6.9AI score
Exploits0References13
ThreatPost
ThreatPost
added 2021/06/16 11:51 a.m.31 views

Researchers: Booming Cyber-Underground Market for Initial-Access Brokers

It’s well known that email is often the gateway for cybercriminals looking to infiltrate a corporate network. But rather than do the heavy lifting themselves, ransomware gangs are buying their way onto networks, partnering with other criminal groups that have already paved the way for entry with...

7.2AI score
Exploits0References4
Rows per page
Query Builder