A new ransomware-as-a-service (RaaS) outfit calling itself 0APT has quickly drawn attention for all the wrong reasons, after loudly claiming to have compromised around 200 victims while failing to provide any verifiable proof of compromise. Emerging on…

OysterLoader, also tracked as Broomstick and CleanUp, is a multi‑stage loader malware written in C++ and actively leveraged in campaigns linked to the Rhysida ransomware group. First highlighted in mid‑2024 during malvertising and SEO‑poisoning campaig…

DragonForce is a ransomware group that has rapidly evolved into a cartel-style operation, extending its reach across the cybercrime ecosystem since late 2023. Operating under a Ransomware-as-a-Service (RaaS) model, the group now positions itself not ju…

Threat actors are abusing legitimate remote monitoring tools to hide inside corporate networks and launch ransomware attacks. Net Monitor for Employees Professional is a commercial workforce monitoring tool by NetworkLookout that offers remote screen v…

A sophisticated ransomware operation known as Cephalus has emerged as a significant cybersecurity threat since mid-2025, exploiting exposed Remote Desktop Protocol (RDP) services to breach organizations worldwide. Developed in the Go programming langua…

A recent campaign by the Black Basta ransomware group has revealed a significant shift in attack tactics. This is a departure from standard operations, where attackers typically deploy a separate tool to turn off security software before running the ac…

ShadowSyndicate, a sophisticated cybercrime cluster first identified in 2023, has evolved its infrastructure management tactics by implementing a previously unreported server transition technique. This method involves rotating SSH fingerprints across m…