Tag: ransomware
999 articles

ShinyHunters Exploits Oracle PeopleSoft Zero-Day to Breach 100 Orgs
ShinyHunters, a notorious data theft group, claims to have exploited a critical Oracle PeopleSoft zero-day vulnerability, CVE-2026-35273, to breach over 100 organizations, including the University of Nottingham. The group allegedly stole sensitive data, posting some of it on their leak site.

Europol Disrupts AudiA6 Crypto-Laundering Service Linked to $380 Million Ransomware Scheme
Europol has dismantled a massive cryptocurrency laundering operation, known as AudiA6, that handled over $380 million in illicit funds for ransomware actors and cybercriminals. The service promised anonymity, but actually took a 3-10% cut to clean and return tainted assets in just an hour.

Ransomware Gang 'The Gentlemen' Traced to Suspected Russian Operator
Meet The Gentlemen, a notorious ransomware gang that's rapidly growing in power thanks to its unusually generous 90/10 affiliate revenue split, outshining the industry standard 80/20 and attracting top talent from rival groups. This bold move has catapulted them to become the second most active ransomware group, with over 332 reported victims since mid-2025.

Operational Technology Cybersecurity Gaps Persist Despite Growing Maturity
Many industrial organizations are bolstering their operational technology security, but a significant gap remains: 23% of respondents only have visibility into half of their OT environment. This blind spot leaves them vulnerable to ransomware, nation-state actors, and other cyber threats.

Veeam Vulnerability Enables RCE Attacks on Backup Servers
A newly discovered vulnerability in Veeam Backup & Replication could allow an authenticated domain user to launch a remote code execution attack on your backup server - a critical target for hackers. Patch now to protect your data: update to version 12.3.2.4854 or later to fix the flaw.

CISA Mandates Patching of Exploited Check Point VPN Bug
A critical vulnerability in Check Point VPNs, known as CVE-2026-50751, has been exploited in dozens of organizations worldwide, with one incident linked to Qilin ransomware. This bug allows hackers to bypass authentication and establish remote access, putting targeted organizations at risk.

Check Point Discloses Zero-Day Flaw Exploited by Ransomware Groups
Check Point has uncovered a zero-day flaw, CVE-2026-50751, that allowed ransomware groups to exploit a critical authentication bypass in Remote Access and Mobile Access deployments, prompting an emergency fix. The vulnerability enabled attackers to establish a remote access VPN connection without proper authentication.

Ransomware Disrupts Illinois High School, Wales Education Sector
A ransomware attack has forced Evanston Township High School in Illinois to shut down until at least Wednesday, canceling summer school, sports camps, and on-campus activities. The school has activated its incident response procedures and is working with cyber experts to investigate and recover from the breach.

Wazuh Cloud Tackles Security Ops Complexity With AI-Driven Analysis
Tired of drowning in security ops complexity? Wazuh Cloud simplifies threat detection and response with AI-driven analysis, freeing you from infrastructure headaches and empowering you to stay ahead of evolving threats like ransomware and supply chain attacks.

DentaQuest Breach Exposes 2.6M Accounts
A massive data breach at dental benefits provider DentaQuest has exposed a staggering 2.6 million accounts, after hackers stole over 234 GB of sensitive information and released it following failed negotiations with the company.

AI Agents Expose Hidden Risks as Insider Threats Evolve
The alarm bells are ringing: cyberattacks now unfold at breakneck speeds, with malicious actors able to wreak havoc in as little as 10-30 minutes, leaving defenders scrambling to keep up. This accelerated threat landscape is fueled by the growing sophistication of AI agents and their integration into business networks.

Ransomware Gang Pink Exploits Helpdesk Calls to Steal Credentials
Meet Pink, a notorious ransomware gang that's exploiting helpdesk calls to steal sensitive credentials using clever tactics like vishing and IT impersonation. They're using these stolen secrets to exfiltrate valuable data from enterprise cloud storage and productivity systems, leaving victims with a tough choice: pay up or face the consequences.

Multiple Breaches Expose Sensitive Data Across Industries
Sensitive data has been compromised across various industries in a series of alarming breaches, including a clever social engineering scam that exposed info of 6 million Carnival Corporation customers and two incidents involving learning management company Instructure's Canvas platform. These breaches highlight the growing threat of cyber attacks and the importance of robust data protection measures.

DentaQuest Breach Exposes 2.6 Million Accounts
A major data breach at DentaQuest has exposed a staggering 2.6 million accounts, after an extortion group called ShinyHunters claimed to have stolen over 234 GB of sensitive data. The breach was confirmed by DentaQuest on June 2, who assured customers they are actively managing the cybersecurity incident.

AI-Powered Cybercrime Tools Flood Dark Web Marketplaces
The dark web has seen a staggering 3,810% surge in AI-powered cybercrime tools, with posts skyrocketing from 38 in December to 1,486 in February, signaling a new wave of threats. This alarming trend has experts like Cynthia Kaiser, SVP of the Ransomware Research Center at Halcyon, warning that cyber threats have become the "national security challenge of our lifetime."

Ransomware Operator Flouts Unwritten Rule, Hits Russia
A shocking move by a ransomware operator has sent shockwaves through the cybercrime underworld: they've brazenly targeted Russia, flouting an unwritten rule that's long been observed by hackers. This bold - and some might say, boneheaded - decision has left many in the cybersecurity community scratching their heads.

AI-Built Ransomware Toolkit Evades EDR Solutions with Automated Attacks
Sophos researchers uncovered a sophisticated AI-built ransomware toolkit that cleverly evades detection by automated security solutions, triggering alerts only after it had already compromised a customer system. The toolkit's sinister purpose was revealed through investigation, which found references to a ransom note and a list of targeted organizations on a dark web leak site.

UK Firms Bolster Defenses Against AI-Powered Cyber Attacks
UK organizations are bracing themselves for a perfect storm of cyber threats, with AI-powered attacks topping the list of concerns as the most pressing risk over the next year. In fact, 43% of UK respondents rank AI-powered attacks as their biggest worry, surpassing traditional threats like ransomware and phishing.

Cybersecurity Teams Face Simulated Supermarket Cyber-Attack Test
Get ready to enter the war room and face off against a simulated cyber-attack in a thrilling tabletop experience, where you'll play out a high-stakes battle to protect a fictional supermarket from a multi-stage cyber threat. Join Semperis at Infosecurity Europe 2026 for a 90-minute immersive roleplaying simulation that puts your cybersecurity skills to the test.

Cybersecurity Shifts from Risk to Acceleration, Connection
The World Economic Forum's 2025 survey reveals a stark reality: 72% of organizations are facing increased cyber risks, with ransomware remaining a top threat - forcing us to rethink how we keep information safe in an AI-driven world. It's time to shift from traditional risk management to practical, accelerated solutions.

Travel Sector Braces for Cyberattacks as Summer Looms
As summer approaches, the travel sector is bracing for a surge in cyberattacks, with a staggering 92% of travel agencies experiencing some form of cyber threat in the last year. Ransomware, data breaches, and cyberattacks top the list of concerns, cited by 68% of agencies as the greatest threat to their success.

Carnival Cruise Data Breach Exposes 6 Million Customers
A recent data breach at Carnival Cruise, affecting 6 million customers, highlights the vulnerability of traditional security controls to social engineering tactics, where a single compromised employee device can lead to devastating consequences. This incident serves as a stark reminder of the human factor in cybersecurity, where threat actors exploit trust and impersonation to gain access to sensitive information.

FBI Warns Law Firms of Silent Ransom Group's In-Person Data Heists
The FBI is sounding the alarm for US-based law firms after the Silent Ransom Group, a notorious data-extortion gang, claimed over 100 attacks - with a recent surge in activity that's left experts on high alert. This group's twist? They're using in-person tactics, combined with social engineering, to get their hands on sensitive data.

MFA Prompt Bombing Exposes Weakness in Two-Factor Security
A shocking 2.8GB of data was stolen from Cisco after a clever attacker tricked an employee into approving a push-based MFA prompt, highlighting a disturbing vulnerability in two-factor security. This brazen hack, linked to the Yanluowang ransomware group, shows how attackers can exploit the very security measures meant to protect us.