-
Ransomware operators introduced a custom-built data exfiltration tool, signaling a notable evolution in attack techniques. Unlike most ransomware groups that rely on publicly available utilities such as Rclone or MegaSync, Trigona affiliates are now us…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Gentlemen is a fast‑growing ransomware‑as‑a‑service (RaaS) operation now targeting Windows, Linux, NAS, BSD, and VMware ESXi with a new locker written in C for hypervisor environments. Its multi‑platform design and strong defense‑evasion features make …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly analyzed ransomware campaign dubbed “JanaWare” is targeting users in Turkey by leveraging a customized version of the Adwind Remote Access Trojan (RAT). The campaign combines stealthy delivery techniques, geographic restrictions, and polymorphi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Attackers are increasingly abusing QEMU virtual machines to hide credential theft and ransomware staging inside “invisible” virtual environments, making detection and forensics significantly harder for defenders. QEMU is a legitimate open-source emulat…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Payouts King is emerging as a technically sophisticated ransomware operation believed to be run by former BlackBasta affiliates, reusing their social‑engineering playbook while introducing hardened obfuscation and encryption routines. The group focuses…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new ransomware campaign dubbed “JanaWare”, leveraging a customized variant of the Adwind remote access Trojan (RAT) to target users in Turkey. The malware exhibits polymorphic behavior, advanced obfuscation, and strict geofencing controls to restrict…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Alleged German cybercrime figure behind Fluxstress and Neldowner arrested in Thailand after years running global DDoS-for-hire services across countries.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Ransomware gangs are rapidly expanding their use of EDR killers, moving beyond vulnerable drivers to a broader mix of scripts, anti‑rootkits, and driverless techniques. The company’s latest telemetry-backed study tracks almost 90 distinct EDR killers a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft researchers have uncovered a fast-moving group, Storm-1175, launching high-speed Medusa ransomware attacks against healthcare and education sectors in the UK, US, and Australia by exploiting security flaws in as little as 24 hours.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft is warning that a fast‑moving threat actor it tracks as Storm‑1175 is aggressively exploiting vulnerabilities in internet‑exposed systems to deliver Medusa ransomware in days and sometimes in under 24 hours. Storm‑1175 is a financially motiva…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
