Case study: How predictive shielding in Defender stopped GPO-based ransomware before it started

In this article 1. The growing threat: GPO abuse in ransomware operations 2. The incident 3. The results 4. The hardening dilemma: Why threat actors love operational mechanisms 5. Predictive shielding: Contextual, just-in-time hardening 6. Closing the gap 7. References Summary Microsoft Defender...

PT-2026-25544

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A weakness exists in the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. Manipulation of the mode argument can lead to operating system command injection. This attack can be...

CVE-2025-62000 BullWall Ransomware Containment incomplete file inspection

BullWall Ransomware Containment may not always detect an encrypted file. This issue affects a specific file inspection method that evaluates file content based on header bytes. An authenticated attacker could encrypt files, preserving the first four bytes and preventing this particular method fro...

Ransomware gang claims Conduent breach: what you should watch for next [updated]

Update – October 30, 2025: New information confirms that Conduent’s 2024 breach has impacted over 10.5 million people, based on notifications filed with multiple state attorneys general. The largest disclosure came from the Oregon government, which reported a total of 10.5 million affected US...

Medusa Ransomware Leaks 834 GB of Comcast Data After $1.2M Demand

Medusa ransomware leaks 186 GB of Comcast data, claiming 834 GB stolen after a $1.2M ransom demand apparently went unpaid...

EUVD-2018-11278

Malware in sbrugna...

Senator Urges FTC Probe Into Microsoft After Ascension Ransomware Attack

US Senator Ron Wyden urges the FTC to investigate Microsoft after its software contributed to a major ransomware…...

A Cyber-Twin Based Honeypot for Gathering Threat Intelligence

Critical Infrastructure CI is prone to cyberattacks. Several techniques have been developed to protect CI against such attacks. In this work, we describe a honeypot based on a cyber twin for a water treatment plant. The honeypot is intended to serve as a realistic replica of a water treatment pla...

Ransomware attack at blood center: Org tells users their data’s been stolen

A blood center has begun sending data breach notifications to its users after suffering a ransomware attack and theft of personal data. The New York Blood Center’s NYBC suffered the ransomware attack in January, in which an unauthorized party gained access to its network and acquired copies of a...

Imperva Detects and Mitigates Rejetto HFS Spray-and-Pray Ransomware/Trojan Campaign

On July 19th, Imperva Threat Research team detected a sudden surge in HTTP probes targeting Rejetto HTTP File Server HFS 2.x instances. What looked like routine internet noise quickly revealed itself as a coordinated attempt to exploit a critical unauthenticated server-side template injection...

Akira Ransomware Exploits SonicWall VPNs in Likely Zero-Day Attack on Fully-Patched Devices

SonicWall SSL VPN devices have become the target of Akira ransomware attacks as part of a newfound surge in activity observed in late July 2025. "In the intrusions reviewed, multiple pre-ransomware intrusions were observed within a short period of time, each involving VPN access through SonicWall...

UnitedHealth-Linked Health Tech Firm Episource Breach Hits 5.4M Patients

Episource breach exposed data of 5.4M patients across the US. Linked to UnitedHealth’s Optum, the health tech firm was hit by a ransomware attack in early 2025...

Ahold Delhaize Confirms Data Breach of 2.2M amid INC Ransomware Claims

Grocery giant Ahold Delhaize USA faced a major data breach affecting over 2.2 million employees. Learn what sensitive info was stolen and the ransomware group behind the Nov 2024 attack...

A Hacker May Have Deepfaked Trump’s Chief of Staff in a Phishing Campaign

Plus: An Iranian man pleads guilty to a Baltimore ransomware attack, Russia’s nuclear blueprints get leaked, a Texas sheriff uses license plate readers to track a woman who got an abortion, and more...

Locked Out and Held for Ransom: A City's Battle Against Cybercrime

Read how having a plan and doing some preparation in advance can lessen the severity of a ransomware attack — or prevent one altogether...

5 BCDR Essentials for Effective Ransomware Defense

Ransomware has evolved into a deceptive, highly coordinated and dangerously sophisticated threat capable of crippling organizations of any size. Cybercriminals now exploit even legitimate IT tools to infiltrate networks and launch ransomware attacks. In a chilling example, Microsoft recently...

Moldovan Police Arrest Suspect in €4.5M Ransomware Attack on Dutch Research Agency

Moldovan law enforcement authorities have arrested a 45-year-old foreign man suspected of involvement in a series of ransomware attacks targeting Dutch companies in 2021. "He is wanted internationally for committing several cybercrimes ransomware attacks, blackmail, and money laundering against...

U.S. Charges Yemeni Hacker Behind Black Kingdom Ransomware Targeting 1,500 Systems

The U.S. Department of Justice DoJ on Thursday announced charges against a 36-year-old Yemeni national for allegedly deploying the Black Kingdom ransomware against global targets, including businesses, schools, and hospitals in the United States. Rami Khaled Ahmed of Sana'a, Yemen, has been charg...

Ransomware Surge Hits US Healthcare: AOA, DaVita and Bell Ambulance Breached

AOA, DaVita, and Bell Ambulance hit by ransomware in 2025. Over 245K affected as hackers steal patient data,…...

Hertz data breach caused by CL0P ransomware attack on vendor

The Hertz Corporation, on behalf of Hertz, Dollar, and Thrifty brands, is sending breach notifications to customers who may have had their name, contact information, driver's license, and—in rare cases—Social Security Number exposed in a data breach. The car rental giant’s data was stolen in a...