Lucene search
K

24 matches found

Securelist
Securelist
added 2026/06/29 10:0 a.m.10 views

The Gentlemen are knocking: сustom backdoors and evolving tactics

Introduction This year saw the emergence of The Gentlemen, a prominent example of a group operating under the ransomware-as-a-service RaaS model. Although our initial assessment suggested the group first appeared in mid-2025, it actually started ramping up its activities at the beginning of 2026...

6AI score
Exploits0
Trellix
Trellix
added 2025/12/09 12:0 a.m.8 views

Dark Web Roast – November 2025 Edition

Dark Web Roast – November 2025 Edition By Trellix Advanced Research Center · December 9, 2025 Executive summary November 2025 delivered a masterclass in underground incompetence that would make any cybersecurity professional simultaneously laugh and cry. From the Silent data-extortion group getti...

5.4AI score
Exploits0
Talos Blog
Talos Blog
added 2025/11/13 11:0 a.m.10 views

Unleashing the Kraken ransomware group

In August 2025, Cisco Talos observed big-game hunting and double extortion attacks carried out by Kraken, a Russian-speaking group that has emerged from the remnants of the HelloKitty ransomware cartel. Talos observed in one intrusion that the Kraken actor exploited Server Message Block SMB...

7.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2025/10/07 10:45 p.m.14 views

ShinyHunters Wage Broad Corporate Extortion Spree

A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed...

9.8CVSS7.7AI score0.99722EPSS
Exploits14
The Hacker News
The Hacker News
added 2025/03/29 3:52 a.m.31 views

BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability

In what's an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial information about their modus operandi in the process. Resecurity said it identified a security vulnerability i...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/01/27 2:0 p.m.7 views

The 2024 Ransomware Landscape: Looking back on another painful year

The ransomware landscape in 2024 continued to evolve at a rapid pace, outgrowing many of the trends we saw in 2023. Threat actors remained relentless and innovative, targeting organizations of all sizes and sectors. In this post, we’ll examine the latest data points, discuss notable groups, and...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2024/11/07 11:0 a.m.20 views

Unwrapping the emerging Interlock ransomware attack

Cisco Talos Incident Response Talos IR recently observed an attacker conducting big-game hunting and double extortion attacks using the relatively new Interlock ransomware. Our analysis uncovered that the attacker used multiple components in the delivery chain including a Remote Access Tool RAT...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2024/08/28 10:21 a.m.40 views

BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave

The threat actors behind the BlackByte ransomware group have been observed likely exploiting a recently patched security flaw impacting VMware ESXi hypervisors, while also leveraging various vulnerable drivers to disarm security protections. "The BlackByte ransomware group continues to leverage...

7.2CVSS7.6AI score0.2677EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/07/08 1:15 p.m.18 views

New Ransomware-as-a-Service 'Eldorado' Targets Windows and Linux Systems

An emerging ransomware-as-a-service RaaS operation called Eldorado comes with locker variants to encrypt files on Windows and Linux systems. Eldorado first appeared on March 16, 2024, when an advertisement for the affiliate program was posted on the ransomware forum RAMP, Singapore-headquartered...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2024/04/09 11:24 a.m.72 views

CL0P's Ransomware Rampage - Security Measures for 2024

2023 CL0P Growth Emerging in early 2019, CL0P was first introduced as a more advanced version of its predecessor the 'CryptoMix' ransomware, brought about by its owner CL0P ransomware, a cybercrime organisation. Over the years the group remained active with significant campaigns throughout 2020 t...

9.8CVSS7.4AI score0.99999EPSS
Exploits36
The Hacker News
The Hacker News
added 2024/03/14 1:47 p.m.41 views

LockBit Ransomware Hacker Ordered to Pay $860,000 After Guilty Plea in Canada

A 34-year-old Russian-Canadian national has been sentenced to nearly four years in jail in Canada for his participation in the LockBit global ransomware operation. Mikhail Vasiliev, an Ontario resident, was originally arrested in November 2022 and charged by the U.S. Department of Justice DoJ wit...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2024/03/06 7:11 a.m.43 views

Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries

The cybercrime group called GhostSec has been linked to a Golang variant of a ransomware family called GhostLocker. "TheGhostSec and Stormous ransomware groups are jointly conducting double extortion ransomware attacks on various business verticals in multiple countries," Cisco Talos researcher...

6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/12/14 7:49 p.m.15 views

ALPHV ransomware gang returns, sorta

The ALPHV ransomware gang, arguably the second most dangerous "big game" ransomware operator, appears to be back in business after its infrastructure went down for five days. But all does not appear to be going well for group. ALPHVs dark web leak site may be back but it is only showing a single...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2023/11/16 12:3 p.m.107 views

CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks

The threat actors behind the Rhysida ransomware engage in opportunistic attacks targeting organizations spanning various industry sectors. The advisory comes courtesy of the U.S. Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, and the Multi-State...

10CVSS9.2AI score0.99512EPSS
Exploits75
Malwarebytes
Malwarebytes
added 2023/06/19 3:0 p.m.13 views

US dangles $10 million reward for information about Cl0p ransomware gang

The US Department of States national security rewards program, Rewards for Justice RFJ, is offering a reward of up to $10 million for information linking the Cl0p ransomware gang, or any other malicious cyber actors targeting US critical infrastructure, to a foreign government. Advisory from...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2023/05/15 12:0 p.m.25 views

Newly identified RA Group compromises companies in U.S. and South Korea with leaked Babuk source code

Cisco Talos recently discovered a new ransomware actor called RA Group that has been operating since at least April 22, 2023. The actor is swiftly expanding its operations. To date, the group has compromised three organizations in the U.S. and one in South Korea across several business verticals,...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/09 2:1 p.m.143 views

IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks

A previously known Windows-based ransomware strain known as IceFire has expanded its focus to target Linux enterprise networks belonging to several media and entertainment sector organizations across the world. The intrusions entail the exploitation of a recently disclosed deserialization...

9.8CVSS1AI score0.99968EPSS
Exploits5
The Hacker News
The Hacker News
added 2023/02/07 11:2 a.m.39 views

Linux Variant of Clop Ransomware Spotted, But Uses Faulty Encryption Algorithm

The first-ever Linux variant of the Clop ransomware has been detected in the wild, but with a faulty encryption algorithm that has made it possible to reverse engineer the process. "The ELF executable contains a flawed encryption algorithm making it possible to decrypt locked files without paying...

1.2AI score
Exploits0
The Hacker News
The Hacker News
added 2022/09/01 10:3 a.m.23 views

Infra Used in Cisco Hack Also Targeted Workforce Management Solution

The attack infrastructure used to target Cisco in the May 2022 incident was also employed against an attempted compromise of an unnamed workforce management solutions holding company a month earlier in April 2022. Cybersecurity firm eSentire, which disclosed the findings, raised the possibility...

0.6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/06/17 6:1 p.m.19 views

ALPHV squeezes victim with dedicated leak site for employees and customers

Eyebrows were raised this week when the ALPHV ransomware group created a leak site dedicated to just one of its victims. The site was aimed at the employees and guests of a hotelier that had been attacked, and allowed them to see if their personal details had been leaked. The new tactic seems to ...

1.6AI score
Exploits0
Rows per page
Query Builder