APT28 Targeted European Entities Using Webhook-Based Macro Malware

The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central Europe. The activity, per S2 Grupo's LAB52 threat intelligence team, was active between September 2025 and January 2026. It has been codenamed...

Friday Squid Blogging: 1994 Lair of Squid Game

I didnt know: In 1994, Hewlett-Packard released a miracle machine: the HP 200LX pocket-size PC. In the depths of the device, among the MS-DOS productivity apps built into its fixed memory, there lurked a first-person maze game called Lair of Squid. … In Lair of Squid, youre trapped in an underwat...

Cyber Group 'Gold Melody' Selling Compromised Access to Ransomware Attackers

A financially motivated threat actor has been outed as an initial access broker IAB that sells access to compromised organizations for other adversaries to conduct follow-on attacks such as ransomware. SecureWorks Counter Threat Unit CTU has dubbed the e-crime group Gold Melody, which is also kno...

Notorious Cyber Gang FIN7 Returns With Cl0p Ransomware in New Wave of Attacks

The notorious cybercrime group known as FIN7 has been observed deploying Cl0p aka Clop ransomware, marking the threat actor's first ransomware campaign since late 2021. Microsoft, which detected the activity in April 2023, is tracking the financially motivated actor under its new taxonomy Sangria...

Researchers Uncover Packer Used by Several Malware to Evade Detection for 6 Years

A shellcode-based packer dubbed TrickGate has been successfully operating without attracting notice for over six years, while enabling threat actors to deploy a wide range of malware such as TrickBot, Emotet, AZORult, Agent Tesla, FormBook, Cerber, Maze, and REvil over the years. "TrickGate manag...

To Maze and Beyond: How the Ransomware Double Extortion Space Has Evolved

We're here with the final installment in our Pain Points: Ransomware Data Disclosure Trends report blog series, and today we're looking at a unique aspect of the report that clarifies not just what ransomware actors choose to disclose, but who discloses what, and how the ransomware landscape has...

Wazawaka Goes Waka Waka

In January, KrebsOnSecurity examined clues left behind by "Wazawaka," the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. Wazawaka has since "lost his mind" according to his erstwhile colleagues, creating a Twitter account to drop exploit code for a...

Decryptor Keys Published for Maze, Egregor, Sekhmet Ransomwares

The shackles have been broken for victims of Maze/Egregor/Sekhmet ransomware: On Wednesday, decryption keys were released for all three ransomware strains in a forum post. The liberator, using the handle “Topleak,” described themselves as the developer of the three ransomwares. It’s been lovely,...

Ransomware author releases decryption keys, says goodbye forever

Update 12th February: An earlier version of this post incorrectly stated that the decryption tool used to unlock files existed prior to the keys being released - this has now been corrected. If you’re unfortunate enough to be caught out by ransomware, the consequences can be devastating. You may ...

code-maze.com Improper Access Control vulnerability OBB-2129129

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Ransomware Attackers Partnering With Cybercrime Groups to Hack High-Profile Targets

As ransomware attacks against critical infrastructure skyrocket, new research shows that threat actors behind such disruptions are increasingly shifting from using email messages as an intrusion route to purchasing access from cybercriminal enterprises that have already infiltrated major targets...

So Unchill: Melting UNC2198 ICEDID to Ransomware Operations

Mandiant Advanced Practices AP closely tracks the shifting tactics, techniques, and procedures TTPs of financially motivated groups who severely disrupt organizations with ransomware. In May 2020, FireEye released a blog post detailing intrusion tradecraft associated with the deployment of MAZE. ...

Egregor ransomware hit by arrests

In a collaboration between French and Ukranian law enforcement, arrests have been made that might put a dent in one of the worlds most sophisticated ransomware operations. As reported first by France Inter, law enforcement made the arrests after French authorities traced ransom payments to...

Ransomware Profitability

Analyzing cryptocurrency data, a research group has estimated a lower-bound on 2020 ransomware revenue: $350 million, four times more than in 2019. Based on the companys data, among last years top earners, there were groups like Ryuk, Maze now-defunct, Doppelpaymer, Netwalker disrupted by...

Threat profile: Egregor ransomware is making a name for itself

What is Egregor? Egregor ransomware is a relatively new ransomware first spotted in September 2020 that seems intent on making its way to the top right now. Egregor is considered a variant of Ransom.Sekhmet based on similarities in obfuscation, API-calls, and the ransom note. As weve reported in...

Feds: K-12 Cyberattacks Dramatically on the Rise

The feds have warned that cyberattacks on the K-12 education sector are ramping up alarmingly. In an alert from the FBI and the Cybersecurity and Infrastructure Security Agency CISA, officials said that data from the Multi-State Information Sharing and Analysis Center MS-ISAC shows that in August...

Kmart, Latest Victim of Egregor Ransomware – Report

Retail stalwart Kmart has suffered a ransomware attack at the hands of the Egregor gang, according to a report. The incident has encrypted devices and servers connected to the company’s networks, knocking out back-end services, according to BleepingComputer. The outlet obtained the purported rans...

VideoBytes: Is it goodbye forever to Maze ransomware?

Hello Folks! In this Videobyte we’re talking about Maze ransomware and whether or not its shutting down, and what that means for the cybercrime world. The notorious Maze ransomware group, known for its corporate targeting and data leaking extortion schemes is, apparently, shutting down operations...

Maze ransomware gang announces retirement

The threat actors behind Maze ransomware have announced their retirement. On November 1, they posted the retirement announcement on the website where they would normally name and shame their victims that were unwilling to pay the ransom. image courtesy of Graham Cluley "The Project is closed. Maz...

Maze Ransomware Operators Shutting Down Their Operations

By Deeba Ahmed In a bizarre announcement, the Maze ransomware gang revealed that their only aim was to reveal the security lapses at their targets. This is a post from HackRead.com Read the original post: Maze Ransomware Operators Shutting Down Their Operations...