Lucene search
K

6518 matches found

Nuclei
Nuclei
added 2 days ago27 views

Kaseya VSA 2017 ConnectWise ManagedITSync - Remote Code Execution

ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run...

9.8CVSS7.5AI score0.86706EPSS
Exploits1References2
The Hacker News
The Hacker News
added 4 days ago16 views

Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials

Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 CVE-2025-5777 vulnerability to obtain initial access. "Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and...

9.3CVSS7.5AI score0.99897EPSS
Exploits18
The Hacker News
The Hacker News
added 4 days ago7 views

ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories

This week’s security news is mostly about weak spots. Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a small gap and finds a way through. This is not one big break. It is small permissions, weak check...

7.8CVSS7.8AI score0.06749EPSS
Exploits3
The Hacker News
The Hacker News
added 4 days ago7 views

FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations

The recently discovered financially-motivated FortiBleed campaign has been attributed to INC and Lynx ransomware operations, indicating that the verified, stolen credentials were intended for follow-on intrusions. "An operator tied to FortiBleed's infrastructure was found actively working...

9.8CVSS7.6AI score0.88505EPSS
Exploits8
The Hacker News
The Hacker News
added 5 days ago14 views

AI-Generated Browser Ransomware Abuses Chromium API on Windows, Linux, macOS, Android

Cybersecurity researchers have flagged a new malware artifact generated using DeepSeek that constructed a novel attack path combining "unrealistic browser-malware concepts with a real browser capability" to turn it into a working ransomware technique that runs entirely inside the browser on both...

8.8CVSS7.2AI score0.99694EPSS
Exploits9
Securelist
Securelist
added 2026/06/29 10:0 a.m.10 views

The Gentlemen are knocking: сustom backdoors and evolving tactics

Introduction This year saw the emergence of The Gentlemen, a prominent example of a group operating under the ransomware-as-a-service RaaS model. Although our initial assessment suggested the group first appeared in mid-2025, it actually started ramping up its activities at the beginning of 2026...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/19 6:33 p.m.12 views

The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes

The Gentlemen ransomware-as-a-service RaaS operation is actively developing and maintaining a suite of endpoint detection and response EDR killers that it hands out to affiliates for impairing system defenses before deploying the encryptor. This mature portfolio of EDR-terminating tools is center...

6.5AI score
Exploits0
NCSC
NCSC
added 2026/06/16 1:13 p.m.17 views

Vulnerabilities found in Check Point Remote and Mobile Access VPN-products

Check Point has identified vulnerabilities in Remote and Mobile Access VPN products, specifically those implemented using the IKEv1 key exchange protocol. Two vulnerabilities have been identified in Check Point Security Gateways and Remote Access VPN environments that utilize the outdated IKEv1...

9.3CVSS6AI score0.70099EPSS
Exploits5References3
GithubExploit
GithubExploit
added 2026/06/14 6:53 a.m.89 views

wannacry-soc-lab

WannaCry SOC Investigation Lab Overview This project simu...

5.4AI score
Exploits0
HackRead
HackRead
added 2026/06/13 2:31 p.m.15 views

Extradited Ukrainian Man Admits Role in Conti Ransomware Attacks

Ukrainian national Oleksii Lytvynenko has pleaded guilty in the US to wire fraud conspiracy linked to Conti ransomware, which hit more than 1,000 victims and generated at least $150 million in ransom payments...

5.4AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2026/06/13 10:30 a.m.21 views

The FCC Wants to Kill Burner Phones

Plus: AI bug hunting fuels Microsoft’s biggest-ever Patch Tuesday, ShinyHunters ransomware gang exploits an Oracle zero-day, and more...

5.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/12 6:38 a.m.15 views

Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs

Authorities in Europe have disrupted AudiA6 , a cryptocurrency laundering service used by ransomware gangs and cybercriminal networks. Europol, in a statement issued Thursday, said the dismantling of AudiA6 cut off a "key financial pipeline used to wash hundreds of millions in illicit profits." T...

5.6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/11 4:50 p.m.18 views

The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm

A new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while leveraging resources from various ransomware-as-a-service RaaS schemes like LockBit aka Tenacious Mantis...

5.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2026/06/10 2:3 p.m.14 views

Who Runs the Ransomware Group ‘The Gentlemen?’

A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues...

5.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.13 views

PT-2026-48334

Check Point warns that outdated IKEv1 VPN protocol vulnerabilities are actively exploited in ransomware-linked attacks, urging organizations to implement emergency hotfixes. Key Points: - Vulnerabilities in the outdated IKEv1 VPN protocol are being actively exploited. - Attackers can bypass...

5.5AI score
Exploits0References1
Wired Threat Level
Wired Threat Level
added 2026/05/30 10:30 a.m.32 views

Cybercrime Crew Claims It Hacked Mike Lindell’s MyPillow

Plus: A ransomware group is now stealing data in person, BusPatrol wants to hand its license plate surveillance data to the cops, and more...

5.8AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/05/28 3:0 p.m.59 views

The Gentlemen ransomware: Dissecting a self-propagating Go encryptor

In this article 1. Pre-encryption 2. File encryption 3. Post-encryption 4. Defending against The Gentlemen ransomware 5. Microsoft Defender detections and hunting guidance 6. Indicators of compromise Ransomware that combines robust encryption with rapid lateral movement significantly increases th...

6.2AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/05/28 3:0 p.m.23 views

The Gentlemen ransomware: Dissecting a self-propagating Go encryptor

In this article 1. Pre-encryption 2. File encryption 3. Post-encryption 4. Defending against The Gentlemen ransomware 5. Microsoft Defender detections and hunting guidance 6. Indicators of compromise Ransomware that combines robust encryption with rapid lateral movement significantly increases th...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/23 12:0 a.m.11 views

Analyzing Concentration, Temporal Routines and Targeting in Public Ransomware Leak Site Data

Ransomware has grown to become one of the most damaging types of cybercrime, affecting private and public organizations in any sector. While early types of ransomware targeted many victims via automated attacks, ransomware groups have started to specifically target organizations and companies in...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/22 5:35 p.m.19 views

First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups

Authorities in Europe and North America have announced the dismantling of a criminal virtual private network VPN service used by criminal actors to obscure the origins of ransomware attacks, data theft, scanning, and denial-of-service attacks. Codenamed Operation Saffron, the disruption of First...

5.9AI score
Exploits0
Rows per page
Query Builder