Tag: ransomware
-
Ransomware group exploited Cisco firewall vulnerability as a zero day, weeks before a patch appeared
Tags: attack, cisco, cve, defense, exploit, firewall, government, group, healthcare, infrastructure, malicious, malware, ransom, ransomware, service, software, tool, update, vulnerability, zero-dayCSO that the “week’s head start” he referred to was the gap between the date of the first exploit that Amazon’s later analysis had unearthed and Cisco’s discovery of the bug.Amazon gained insight into the attacker’s infrastructure by using the honeypot to mimic a vulnerable firewall system. This resulted in an attack on the honeypot,…
-
Unknown attackers exploit yet another critical SharePoint bug
Last time: Beijing-backed snoops and ransomware crims. Who’s next? First seen on theregister.com Jump to article: www.theregister.com/2026/03/19/unknown_attackers_exploit_yet_another/
-
54 EDR Killers Use BYOVD to Exploit 34 Signed Vulnerable Drivers and Disable Security
A new analysis of endpoint detection and response (EDR) killers has revealed that 54 of them leverage a technique known as bring your own vulnerable driver (BYOVD) by abusing a total of 34 vulnerable drivers.EDR killer programs have been a common presence in ransomware intrusions as they offer a way for affiliates to neutralize security…
-
Ransomware crims abused Cisco 0-day weeks before disclosure, says Amazon security boss
Interlock’s post-exploit toolkit exposed First seen on theregister.com Jump to article: www.theregister.com/2026/03/18/amazon_cisco_firewall_0_day_ransomware/
-
Ransomware Affiliate Exposes Details of ‘The Gentlemen’ Operation
Hastalamuerte leaks The Gentlemen RaaS ops: FortiGate exploits, BYOVD evasion, Qilin split tactics First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ransomware-affiliate-gentlemen/
-
Interlock ransomware gang exploited Cisco firewall zero-day weeks before disclosure: Amazon
The Interlock ransomware gang recently exploited a zero-day vulnerability in a popular line of Cisco firewalls before the bug was disclosed publicly, according to an Amazon report. First seen on therecord.media Jump to article: therecord.media/cisco-ransomware-interlock-firewalls
-
Interlock Ransomware Leveraged Cisco FMC Zero-Day 36 Days Before Patch
Amazon’s threat intelligence teams have uncovered a new cyber campaign linked to the Interlock ransomware group. The campaign centers around a flaw affecting Cisco Secure Firewall Management Center (FMC) software. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/interlock-fmc-cve-2026-20131/
-
Everyday tools, extraordinary crimes: the ransomware exfiltration playbook
Attackers use trusted tools for data theft, making traditional detection unreliable. The Exfiltration Framework enables defenders to spot exfiltration by focusing on behavioral signals across endpoints, networks, and cloud environments rather than static tool indicators. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/everyday-tools-extraordinary-crimes-the-ransomware-exfiltration-playbook/
-
EDR killers are now standard equipment in ransomware attacks
Ransomware attackers routinely deploy tools designed to disable endpoint detection and response software before launching encryptors. These tools, known as EDR killers, have … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/19/edr-killer-ransomware-attacks/
-
AWS Warns Hackers Have Abused Cisco Firewall Zero-Day Since January
Notorious ransomware group Interlock has been exploiting a Cisco zero-day bug since January, AWS says First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/interlock-ransomware-exploit-cisco/
-
Interlock group exploiting the CISCO FMC flaw CVE-2026-20131 36 days before disclosure
Tags: attack, cisco, cve, exploit, firewall, flaw, group, ransomware, rce, remote-code-execution, vulnerability, zero-dayThe Interlock ransomware group has exploited a Cisco FMC zero-day RCE vulnerability in attacks since late January. The Interlock ransomware group has been exploiting a critical zero-day RCE vulnerability, tracked as CVE-2026-20131 (CVSS score of 10.0), in Cisco Secure Firewall Management Center (FMC) since late January. The vulnerability is a remote code execution flaw that…
-
CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks
Tags: attack, cisa, cisco, cve, cybersecurity, exploit, flaw, government, infrastructure, microsoft, office, ransomware, vulnerability, zero-dayThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged government agencies to apply patches for two security flaws impacting Synacor Zimbra Collaboration Suite (ZCS) and Microsoft Office SharePoint, stating they have been actively exploited in the wild.The vulnerabilities in question are as follows -CVE-2025-66376 (CVSS score: 7.2) – A stored cross-site scripting First seen…
-
Cisco Firewall Zero-Day Actively Exploited to Deliver Interlock Ransomware
Tags: cisco, cyber, exploit, firewall, flaw, network, ransomware, remote-code-execution, threat, vulnerability, zero-daySecurity research has uncovered an active Interlock ransomware campaign exploiting a critical zero-day vulnerability in Cisco Secure Firewall Management Centre (FMC) software. Utilizing this unauthenticated remote code execution flaw via the Amazon MadPot network, threat actors compromised enterprise environments for over a month before public disclosure. Cisco Firewall Zero-Day The intrusion campaign centers entirely on…
-
Cisco Firewall Zero-Day Actively Exploited to Deliver Interlock Ransomware
Tags: cisco, cyber, exploit, firewall, flaw, network, ransomware, remote-code-execution, threat, vulnerability, zero-daySecurity research has uncovered an active Interlock ransomware campaign exploiting a critical zero-day vulnerability in Cisco Secure Firewall Management Centre (FMC) software. Utilizing this unauthenticated remote code execution flaw via the Amazon MadPot network, threat actors compromised enterprise environments for over a month before public disclosure. Cisco Firewall Zero-Day The intrusion campaign centers entirely on…
-
Interlock Ransomware Exploited Cisco Firewall Flaw for Weeks
Tags: cisco, exploit, firewall, flaw, group, hacker, infrastructure, ransomware, software, usa, vulnerabilityAWS Researchers Find an Interlock Server Laden With Tools. Ransomware hackers exploited a flaw with a maximum vulnerability score in Cisco firewall management software weeks before the networking giant disclosed the vulnerability in early March. The group has focused extensively on critical infrastructure sectors in North America and Europe. First seen on govinfosecurity.com Jump to…
-
Ransomware gang exploits Cisco flaw in zero-day attacks since January
Tags: attack, cisco, exploit, firewall, flaw, ransomware, remote-code-execution, software, vulnerability, zero-dayThe Interlock ransomware gang has been exploiting a maximum severity remote code execution (RCE) vulnerability in Cisco’s Secure Firewall Management Center (FMC) software in zero-day attacks since late January. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/interlock-ransomware-exploited-secure-fmc-flaw-in-zero-day-attacks-since-january/
-
Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access
Tags: access, cisco, cve, exploit, firewall, flaw, intelligence, ransomware, threat, vulnerability, zero-dayAmazon Threat Intelligence is warning of an active Interlock ransomware campaign that’s exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software.The vulnerability in question is CVE-2026-20131 (CVSS score: 10.0), a case of insecure deserialization of user-supplied Java byte stream, which could allow an unauthenticated, remote attacker to First seen…
-
Marquis: Ransomware gang stole data of 672K people in cyberattack
Marquis, a Texas-based financial services provider, revealed this week that a ransomware gang stole the data of over 670,000 individuals in an August 2025 cyberattack that also disrupted operations at 74 banks across the United States. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/marquis-ransomware-gang-stole-data-of-672-000-people-in-2025-cyberattack/
-
Marquis says over 672,000 people had personal and financial data stolen in ransomware attack
Fintech company Marquis is notifying hundreds of thousands of people that hackers stole their personal and financial information, including their Social Security numbers. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/18/marquis-says-over-672000-people-had-personal-and-financial-data-stolen-in-ransomware-attack/
-
LeakNet boosts ransomware with ClickFix lures, stealthy Deno loader
LeakNet is scaling its ransomware operation by pairing mass-market ClickFix lures with a stealthy Deno-based loader that executes almost entirely in memory, shrinking the window for defenders to intervene. Ransomware operator LeakNet is currently averaging around three victims per month. However, recent activity shows the group investing in its own delivery and execution infrastructure to grow that…
-
Cybersecurity and privacy priorities for 2026: The legal risk map
Tags: attack, authentication, awareness, best-practice, breach, communications, country, cyber, cybersecurity, data, defense, finance, fraud, governance, government, incident, incident response, infrastructure, law, mfa, monitoring, privacy, ransomware, regulation, risk, risk-management, service, strategy, supply-chain, threat, usaContinued federal interest in cybersecurity and privacy, especially in connection with national security concerns: The evident connection between cybersecurity and privacy and national security have led to a number of federal initiatives in recent years. Most recently in March 2026, the White House announced the current administration’s Cyber Strategy for America, renewing a commitment to…
-
Less Lucrative Ransomware Market Makes Attackers Alter Methods
Ransomware actors are ditching Cobalt Strike in favor of native Windows tools, as payment rates hit record lows and data theft surges. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/less-lucrative-ransomware-market-makes-attackers-alter-methods
-
Medusa ransomware gang claims attacks on prominent Mississippi hospital, New Jersey county
The Medusa ransomware operation has claimed a devastating cyberattack that knocked out systems at the biggest hospital in Mississippi for nine days. First seen on therecord.media Jump to article: therecord.media/medusa-ransomware-mississippi-cyber
-
Ransomware’s Opening Play: Target Identity First
Ransomware attackers now target identity systems like Active Directory first. Learn how identity resilience can help you prevent and recover from attacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/ransomware-resilience/
-
Warlock Ransomware Group Augments Post-Exploitation Activities
In a recent attack, the group showcased stealthier cross-network activity, thanks to its use of a new BYOVD technique and other tools. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/warlock-ransomware-post-exploitation-activities
-
LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks
The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a malware loader based on the open-source Deno runtime for JavaScript and TypeScript. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/leaknet-ransomware-uses-clickfix-and-deno-runtime-for-stealthy-attacks/
-
Google Warns Ransomware Groups Shift to Data Theft as Profits Decline
Google is warning that ransomware gangs are reinventing their business model as traditional encryption”‘for”‘ransom attacks become less profitable and data”‘theft extortion surges.”‹ Better cybersecurity controls, improved backup strategies, and stronger recovery capabilities mean more victims can restore their systems without paying, directly eroding criminal revenue. Public reporting also shows that both ransom payment rates and average demand…