Tag: ransomware
999 articles

Mistic Backdoor Enables Long-Term Access in Ransomware Attacks
Cyber attackers have deployed a sneaky backdoor called Mistic, allowing them to maintain long-term access to infected systems during ransomware attacks, all while staying remarkably under the radar. This stealthy threat uses clever tactics like running payloads in memory and mimicking legitimate Microsoft security tools to evade detection.

Scattered Spider Members Plead Guilty Over Major Cyberattacks
Two young members of the notorious Scattered Spider group have pleaded guilty to cyberattack charges in London, admitting to crippling Transport for London's computer systems and putting human welfare at risk. The guilty pleas come as prosecutors reveal the group's victims paid a staggering $115 million in ransom payments.

Scattered Spider hackers plead guilty to TfL cyberattack
Two young hackers, part of the notorious Scattered Spider group, have pleaded guilty to orchestrating a devastating cyberattack on Transport for London, causing millions in losses and disrupting the lives of countless commuters. The breach, which lasted several days in September 2024, forced TfL to acknowledge that sensitive customer data had been stolen.

Ransomware Gang Disables Security Software with GentleKiller Framework
Meet GentleKiller, a sneaky framework that helps ransomware gangs disable security software by targeting over 400 processes across 48 security products at the kernel level, allowing them to run unchecked. This sinister tool uses a "bring your own vulnerable driver" technique to terminate protections and clear the way for ransomware attacks.

INTERPOL Warns of Rising Cybercrime in Asia-Pacific
Cybercriminals are wreaking havoc in Asia-Pacific, using cutting-edge tactics like AI and ransomware to scam and steal on a massive scale. Phishing is the region's most costly and widespread crime, with a third of countries reporting over 10,000 cases in just 15 months.

Prinz Eugen Ransomware Targets Critical Files in Hands-On Attacks
Meet Prinz Eugen, a sneaky ransomware that uses hands-on tactics to target critical files, evading detection by deliberately leaving no ransom note behind. Its operators use stolen RDP credentials and remote monitoring tools to manually infiltrate and take control of systems.

Gentlemen Ransomware Targets 400 Security Processes with GentleKiller EDR Framework
Meet GentleKiller, a sophisticated EDR-killer framework used by The Gentlemen ransomware-as-a-service operation to evade detection by targeting 400 security processes from 48 distinct programs. This framework comes in eight variants, each designed to mimic a legitimate product and exploit a vulnerable driver.

Authorities dismantle Evil Corp's SocGholish botnet infrastructure
In a major win for cybersecurity, international authorities have joined forces to dismantle the notorious SocGholish botnet infrastructure, a multi-stage malware kit that had been exploited for ransomware campaigns and espionage since 2017. This coordinated effort has successfully disabled the malware's control points and seized related infrastructure.

Gentlemen Ransomware Targets EDR Defenses With Suite of Killers
Meet GentleKiller, a powerful tool used by Gentlemen ransomware to disable EDR defenses by targeting over 400 processes from 48 security vendors, allowing for smooth data theft and encryption. This sneaky utility relies on the bring your own vulnerable driver (BYOVD) technique to outsmart security engines.

Microsoft 365 Exposes Data Protection Gaps for Businesses
Microsoft 365 is a powerhouse for productivity, but it leaves data protection gaps that put businesses at risk. The harsh reality is that while Microsoft safeguards its infrastructure, the responsibility of protecting your business data - including backups and recovery - falls squarely on your shoulders.

Cybercrime Surges Across Asia and South Pacific, Hits 30% of All Crime
Cybercrime is surging across Asia and the South Pacific, now accounting for over 30% of all recorded crime, with organised networks leveraging AI, ransomware, and social engineering on a massive scale. The rapid rise is driven by rapid digital adoption and new technologies.

Kodak Breach Exposes 2.2M Records to ShinyHunters Threat Group
Kodak has confirmed a major data breach, with the ShinyHunters threat group claiming to have stolen 2.2 million records, including sensitive customer information. The company is working closely with law enforcement and cybersecurity experts to address the breach.

Kodak Breach Exposes Sensitive Data After ShinyHunters Hack
Kodak recently suffered a data breach at the hands of hackers known as ShinyHunters, who gained temporary access to sensitive company data. The company has launched a swift investigation with external cybersecurity experts and is working closely with law enforcement to mitigate the impact.

Cyberattack Disrupts Australian Sugar Production
Mackay Sugar is making a sweet recovery after a cyberattack halted operations, with significant progress made over the weekend in restoring systems and a staged restart of crushing operations on the horizon. The company is getting back on track, with manual crushing already underway at its Farleigh Mill and harvesting expected to resume soon.

Ransomware Gang Exploits Microsoft Teams for C2 Traffic
Meet the sneaky ransomware gang that hijacked Microsoft Teams to secretly control its victims' systems for two whole months, using sophisticated cyber tradecraft to stay under the radar. They pulled off this impressive heist with a custom backdoor and some clever C2 traffic disguises.

DragonForce Ransomware Exploits Microsoft Teams to Facilitate Months-Long Breach
Meet Backdoor.Turn, a sneaky new threat that uses Microsoft Teams to hide its tracks and wreak havoc on your network for months on end - and it's surprisingly sophisticated. This Go-based RAT masquerades as legit traffic by exploiting Teams' TURN relay servers.

Ransomware Gang Exploits Microsoft Teams to Conceal Malicious Traffic
Meet Backdoor.Turn, a sneaky new malware that's abusing Microsoft Teams to hide its malicious activities - and it's a game-changer for cyber threats. This clever RAT uses Teams' own infrastructure against us, making it harder to spot its secret communications.

iRhythm Breach Exposes Patient Data in Cardiac Monitoring Hack
A recent data breach at iRhythm exposed sensitive patient information, compromising personal and health data from over 12 million patients whose heartbeat data was analyzed through the company's cardiac monitoring service. The breach was discovered after a ransomware-style intrusion hit third-party business applications used by iRhythm.

ShinyHunters Breach Council of Europe in Oracle PeopleSoft Heist
The Council of Europe has fallen victim to a massive data breach, with hackers claiming to have stolen a whopping 297 GB of sensitive information, including HR records, payslips, and medical data, by exploiting a zero-day flaw in Oracle PeopleSoft. The ShinyHunters extortion group is behind the breach, boasting a haul of 429,000 files from the attack.

Council of Europe Probes ShinyHunters Data Breach Claims
The Council of Europe is actively investigating claims by the ShinyHunters extortion group that sensitive internal documents were stolen, and is working to assess the situation. The organization, which represents 46 European member states, has confirmed the probe but declined to provide further comment at this stage.

ShinyHunters Exploits Oracle Flaw to Breach Universities
A zero-day flaw in Oracle PeopleSoft PeopleTools, known as CVE-2026-35273, has been exploited by ShinyHunters, potentially infiltrating over 100 organizations, with universities being the hardest hit. This vulnerability allows attackers to execute remote code and take over affected servers, posing a significant threat to higher education institutions.

FBI and Europol dismantle major crypto laundering platform
In a major crackdown, the FBI and Europol have dismantled AudiA6, a massive cryptocurrency laundering operation that helped cybercriminals move a whopping $389m in illicit funds between 2022 and 2025. The service was linked to at least 15 ransomware operations and multiple cryptocurrency theft schemes, making it a key player in the digital underworld.

Europol Disrupts Major Crypto Laundering Service Linked to Ransomware Gangs
Europol's operation has cut off a major crypto laundering service linked to ransomware gangs, freezing hundreds of millions in illicit profits and disrupting a key financial pipeline used by criminals. The crackdown seized over €86,000 in cash, froze €692,000 in cryptocurrency, and took down 25 domains and 30 servers.

ShinyHunters Exploits Oracle PeopleSoft Vulnerability in Education Sector Attacks
ShinyHunters hackers have exploited a critical Oracle PeopleSoft vulnerability, CVE-2026-35273, to launch targeted attacks on US organizations, particularly in the higher education sector. The attacks, which involved data theft and extortion, hit a whopping 68% of US higher education institutions.