A newly discovered ransomware family, Osiris, targeted a major foodservice franchisee in Southeast Asia in November 2025. Despite sharing a name with a 2016 Locky ransomware variant, security researchers confirm this represents an entirely new threat w…

LockBit 5.0 affiliate panel provide unprecedented visibility into the infrastructure of one of the world’s most notorious ransomware-as-a-service (RaaS) operations. Following the high-profile Operation Cronos disruption, security researchers have…

A sophisticated campaign has weaponized over 2,500 variants of a legitimate security driver to disable endpoint protection before deploying ransomware and remote access trojans. Attackers are abusing truesight.sys, a kernel-mode driver from Adlice Soft…

The leaks tied to the BlackBasta ransomware group and Russian hosting company Media Land pulled back the curtain on something defenders rarely get to see: the internal machinery and people behind a major ransomware operation. In February 2025, an unkno…

Security researchers have published an in‑depth technical analysis of the DragonForce ransomware operation, along with details of working decryptors for both Windows and ESXi systems targeting specific victims. By the time its dedicated Data Leak Site …

Large language models are not fundamentally transforming ransomware operations. However, they are dramatically accelerating the threat landscape through measurable gains in speed, volume, and multilingual capabilities. According to SentinelLABS researc…