19 matches found
The Gentlemen are knocking: сustom backdoors and evolving tactics
Introduction This year saw the emergence of The Gentlemen, a prominent example of a group operating under the ransomware-as-a-service RaaS model. Although our initial assessment suggested the group first appeared in mid-2025, it actually started ramping up its activities at the beginning of 2026...
State of ransomware in 2026
With International Anti-Ransomware Day taking place on May 12, Kaspersky presents its annual report on the evolving global and regional ransomware cyberthreat landscape. Ransomware remains one of the most persistent and adaptive cyberthreats. In 2026: New families continue to emerge, adopting...
The Attack Cycle is Accelerating: Announcing the Rapid7 2026 Global Threat Landscape Report
The predictive window has collapsed. In 2025, high-impact vulnerabilities weren’t quietly accumulating risk. They were operationalized, and often within days. Today, Rapid7 Labs released the 2026 Global Threat Landscape Report, an in-depth analysis of how attacker behavior is evolving across...
The State of Security Today: Setting the Stage for 2026
As we close out 2025, one thing is clear: the security landscape is evolving faster than most organizations can keep up. From surging ransomware campaigns and AI-enhanced phishing to data extortion, geopolitical fallout, and gaps in cyber readiness, the challenges facing security teams today are ...
Newly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation Tools
Cybersecurity researchers have shed light on a new ransomware-as-a-service RaaS operation called GLOBAL GROUP that has targeted a wide range of sectors in Australia, Brazil, Europe, and the United States since its emergence in early June 2025. GLOBAL GROUP was "promoted on the Ramp4u forum by the...
Initial Access Brokers Shift Tactics, Selling More for Less
What are IABs? Initial Access Brokers IABs specialize in gaining unauthorized entry into computer systems and networks, then selling that access to other cybercriminals. This division of labor allows IABs to concentrate on their core expertise: exploiting vulnerabilities through methods like soci...
Microsoft disables ms-appinstaller after malicious use
In what might be conceived as one of Microsoft’s new year resolutions, it has disclosed that its turned off the ms-appinstaller protocol handler by default. The change is designed to make installing apps easier, but it also makes installing malware easier. Typically, an app needs to be on a devic...
New MetaStealer malvertising campaigns
MetaStealer is a popular piece of malware that came out in 2022, levering previous code base from RedLine. Stealers have become a very hot commodity in the criminal space, so much so that there is competition between various groups. Threat actors have primarily used malspam as an infection vector...
Cybercriminals Renting WikiLoader to Target Italian Organizations with Banking Trojan
Organizations in Italy are the target of a new phishing campaign that leverages a new strain of malware called WikiLoader with an ultimate aim to install a banking trojan, stealer, and spyware referred to as Ursnif aka Gozi. "It is a sophisticated downloader with the objective of installing a...
LockBit ransomware advisory from CISA provides interesting insights
The US Cybersecurity and Infrastructure Security Agency CISA, Federal Bureau of Investigation FBI, Multi-State Information Sharing and Analysis Center MS-ISAC, and the cybersecurity authorities of Australia, Canada, United Kingdom, Germany, France, and New Zealand CERT NZ, NCSC-NZ have all...
Improved BlackCat Ransomware Strikes with Lightning Speed and Stealthy Tactics
The threat actors behind BlackCat ransomware have come up with an improved variant that prioritizes speed and stealth in an attempt to bypass security guardrails and achieve their goals. The new version, dubbed Sphynx and announced in February 2023, packs a "number of updated capabilities that...
Improved BlackCat Ransomware Strikes with Lightning Speed and Stealthy Tactics
The threat actors behind BlackCat ransomware have come up with an improved variant that prioritizes speed and stealth in an attempt to bypass security guardrails and achieve their goals. The new version, dubbed Sphynx and announced in February 2023, packs a "number of updated capabilities that...
Risk Fact #3: Initial Access Brokers Attack What Organizations Ignore
Qualys Blog Series – Threat Research Unit Report “Divide and Conquer” is an emerging and winning strategy for cyber criminals who split responsibilities to improve execution of the attack process. Some threat actors specialize in the back end, which often is ransomware deployed at scale. The fron...
New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers
VMware ESXi hypervisors are the target of a new wave of attacks designed to deploy ransomware on compromised systems. "These attack campaigns appear to exploit CVE-2021-21974, for which a patch has been available since February 23, 2021," the Computer Emergency Response Team CERT of France said i...
What is ransomware-as-a-service and how is it evolving?
Ransomware attacks are becoming more frequent and costlier--breaches caused by ransomware grew 41 percent in the last year, the average cost of a destructive attack rising to $5.12 milllion. Whats more, a good chunk of the cyber criminals doing these attacks operate on a ransomware-as-a-service...
State-Backed Hackers Using Ransomware as a Decoy for Cyber Espionage Attacks
A China-based advanced persistent threat APT group is possibly deploying short-lived ransomware families as a decoy to cover up the true operational and tactical objectives behind its campaigns. The activity cluster, attributed to a hacking group dubbed Bronze Starlight by Secureworks, involves t...
Ransomware Group FIN12 Aggressively Going After Healthcare Targets
An "aggressive" financially motivated threat actor has been identified as linked to a string of RYUK ransomware attacks since October 2018, while maintaining close partnerships with TrickBot-affiliated threat actors and using a publicly available arsenal of tools such as Cobalt Strike Beacon...
Airline Credential-Theft Takes Off in Widening Campaign
A two-year-old espionage campaign against the airline industry is ongoing, with AsyncRAT and other commodity remote-access trojans RATs helping those efforts take flight. The campaign can effectively be a bird strike to the business engine, so to speak, resulting in data theft, financial fraud or...
Researchers: Booming Cyber-Underground Market for Initial-Access Brokers
It’s well known that email is often the gateway for cybercriminals looking to infiltrate a corporate network. But rather than do the heavy lifting themselves, ransomware gangs are buying their way onto networks, partnering with other criminal groups that have already paved the way for entry with...