Collecting Cyber-News from over 60 sources

Tag: ransomware

5 practical steps to strengthen attack resilience with attack surface management

Apr 7, 2026 9:54 PM

Tags: access, api, attack, authentication, automation, backup, breach, business, cloud, container, control, credentials, cvss, cyber, cybersecurity, data, data-breach, detection, dns, email, endpoint, exploit, framework, government, identity, iot, malicious, monitoring, msp, network, nist, phishing, ransomware, resilience, risk, service, social-engineering, software, threat, tool, update, vpn, vulnerability, vulnerability-management, windows

What can attackers actually reach right now? By continuously identifying and prioritizing exposure across your environment, ASM transforms raw visibility into measurable cyber resilience.Below are five practical steps security teams can take to strengthen attack resilience using attack surface management principles. Effective attack surface management starts with complete visibility. Security gaps often appear because teams…
5 practical steps to strengthen attack resilience with attack surface management

Apr 7, 2026 9:54 PM

Tags: access, api, attack, authentication, automation, backup, breach, business, cloud, container, control, credentials, cvss, cyber, cybersecurity, data, data-breach, detection, dns, email, endpoint, exploit, framework, government, identity, iot, malicious, monitoring, msp, network, nist, phishing, ransomware, resilience, risk, service, social-engineering, software, threat, tool, update, vpn, vulnerability, vulnerability-management, windows

What can attackers actually reach right now? By continuously identifying and prioritizing exposure across your environment, ASM transforms raw visibility into measurable cyber resilience.Below are five practical steps security teams can take to strengthen attack resilience using attack surface management principles. Effective attack surface management starts with complete visibility. Security gaps often appear because teams…
5 practical steps to strengthen attack resilience with attack surface management

Apr 7, 2026 9:54 PM

Tags: access, api, attack, authentication, automation, backup, breach, business, cloud, container, control, credentials, cvss, cyber, cybersecurity, data, data-breach, detection, dns, email, endpoint, exploit, framework, government, identity, iot, malicious, monitoring, msp, network, nist, phishing, ransomware, resilience, risk, service, social-engineering, software, threat, tool, update, vpn, vulnerability, vulnerability-management, windows

What can attackers actually reach right now? By continuously identifying and prioritizing exposure across your environment, ASM transforms raw visibility into measurable cyber resilience.Below are five practical steps security teams can take to strengthen attack resilience using attack surface management principles. Effective attack surface management starts with complete visibility. Security gaps often appear because teams…
5 ways to strengthen identity security and improve attack resilience

Apr 7, 2026 9:54 PM

Tags: access, ai, api, attack, authentication, automation, cloud, control, corporate, credentials, data, detection, endpoint, identity, infrastructure, least-privilege, login, mfa, microsoft, monitoring, msp, network, password, phishing, ransomware, resilience, risk, service, soc, tactics, threat, unauthorized, update, vulnerability, zero-trust

Admin accountsMSP technician accountsCloud infrastructure accountsExternal-facing applicationsRemote access toolsAny MFA deployment is better than none, but phishing-resistant methods offer the strongest protection. Once privileged accounts are enforced, expand MFA to all users over the next 30 days. Doing so reduces the likelihood that compromised credentials lead directly to unauthorized access. 2. Implement privileged access management…
5 ways to strengthen identity security and improve attack resilience

Apr 7, 2026 9:54 PM

Tags: access, ai, api, attack, authentication, automation, cloud, control, corporate, credentials, data, detection, endpoint, identity, infrastructure, least-privilege, login, mfa, microsoft, monitoring, msp, network, password, phishing, ransomware, resilience, risk, service, soc, tactics, threat, unauthorized, update, vulnerability, zero-trust

Admin accountsMSP technician accountsCloud infrastructure accountsExternal-facing applicationsRemote access toolsAny MFA deployment is better than none, but phishing-resistant methods offer the strongest protection. Once privileged accounts are enforced, expand MFA to all users over the next 30 days. Doing so reduces the likelihood that compromised credentials lead directly to unauthorized access. 2. Implement privileged access management…
Ransomware im Wandel: Mehr Attacken – weniger zahlende Opfer

Apr 7, 2026 5:51 PM

Tags: ransomware

Statt sich zurückzuziehen, entwickeln Ransomware-Gruppen ihre Methoden stetig weiter. Ihr Ziel: maximaler Druck auch ohne direkte Zahlung. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/ransomware-im-wandel-mehr-attacken-weniger-zahlende-opfer/a44513/
Fast-moving Storm-1175 uses new exploits to breach networks and drop Medusa

Apr 7, 2026 4:53 PM

Tags: access, attack, breach, china, data, data-breach, exploit, flaw, group, network, ransomware, theft, update, vulnerability

China-based actor Storm-1175 runs fast ransomware attacks, exploiting new flaws to breach systems and quickly deploy Medusa ransomware. China-based actor Storm-1175 carries out fast, financially driven ransomware attacks by exploiting newly disclosed vulnerabilities before organizations patch them. The group targets exposed systems and quickly moves from initial access to data theft and Medusa ransomware deployment,…
Talos Takes: 2025’s ransomware trends and zombie vulnerabilities

Apr 7, 2026 2:50 PM

Tags: ransomware, vulnerability

In this episode of Talos Takes, Amy and Pierre Cadieux unpack the ransomware and vulnerability trends that defined 2025. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/talos-takes-2025s-ransomware-trends-and-zombie-vulnerabilities/
Storm-1175 Exploits Flaws in High-Velocity Medusa Attacks

Apr 7, 2026 12:51 PM

Tags: attack, exploit, flaw, group, microsoft, ransomware

Microsoft has released a new report about the Storm-1175 group and its connection to Medusa ransomware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/storm1175-medusa-attacks/
China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware

Apr 7, 2026 10:51 AM

Tags: attack, china, data-breach, exploit, Internet, ransomware, threat, vulnerability, zero-day

A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate “high-velocity” attacks and break into susceptible internet-facing systems.”The threat actor’s high operational tempo and proficiency in identifying exposed perimeter assets have proven successful, with recent First seen on thehackernews.com Jump…
Microsoft Warns Storm-1175 Exploiting Web-Facing Vulnerabilities to Deploy Medusa Ransomware

Apr 7, 2026 8:51 AM

Tags: cyber, exploit, group, microsoft, ransomware, threat, vulnerability

Microsoft is warning that a fast”‘moving threat actor it tracks as Storm”‘1175 is aggressively exploiting vulnerabilities in internet”‘exposed systems to deliver Medusa ransomware in days and sometimes in under 24 hours. Storm”‘1175 is a financially motivated group known for high”‘velocity ransomware operations that weaponize recently disclosed, or “N”‘day”, vulnerabilities in web”‘facing services. The actor focuses…
German authorities identify REvil and GandCrab ransomware bosses

Apr 7, 2026 6:51 AM

Tags: germany, ransomware, russia

The Federal Police in Germany (BKA) has identified two Russian nationals as the leaders of GandCrab and REvil ransomware operations between 2019 and 2021. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/german-authorities-identify-revil-and-gangcrab-ransomware-bosses/
German authorities identify REvil and GangCrab ransomware bosses

Apr 7, 2026 5:52 AM

Tags: germany, ransomware, russia

The Federal Police in Germany (BKA) has identified two Russian nationals as the leaders of GandCrab and REvil ransomware operations between 2019 and 2021. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/german-authorities-identify-revil-and-gangcrab-ransomware-bosses/
Medusa ransomware group using zero-days to launch attacks within 24 hours of breach, Microsoft says

Apr 6, 2026 10:51 PM

Tags: access, attack, breach, data, group, microsoft, ransomware, zero-day

Microsoft said it has been alarmed to see how effective Medusa actors are, citing multiple cases where the group can move from initial access to data exfiltration and ransomware deployment within 24 hours. First seen on therecord.media Jump to article: therecord.media/medusa-ransomware-group-zero-days-microsoft
German police unmask two suspects linked to REvil ransomware gang

Apr 6, 2026 9:52 PM

Tags: ransomware, russia, ukraine

The suspects were named as Daniil Shchukin, a 31-year-old Russian national believed to have used the alias UNKN (UNKNOWN), and Anatoly Kravchuk, a 43-year-old Ukraine-born Russian citizen who investigators say worked as a developer for the group. First seen on therecord.media Jump to article: therecord.media/german-police-unmask-suspects-linked-revil-gandcrab
The Value of Immutability with Object First

Apr 6, 2026 8:52 PM

Tags: backup, hacker, ransomware

IT security teams today must have the feeling of a target on their back. It is not paranoia. Hackers target backup storage in nearly every single ransomware incident because they know that if they kill your safety net, you are likely to pay up. I have seen too many smart admins lose sleep wondering if..…
CVE-2026-35616: Fortinet FortiClientEMS improper access control vulnerability exploited in the wild

Apr 6, 2026 7:52 PM

Tags: access, advisory, api, attack, authentication, cisa, control, cve, cyber, cybersecurity, data, exploit, flaw, fortinet, github, infrastructure, injection, kev, malicious, ransomware, sql, threat, update, vpn, vulnerability, zero-day

Exploitation has been observed for CVE-2026-35616, a critical improper access control zero-day vulnerability affecting Fortinet FortiClientEMS devices. Key takeaways: CVE-2026-35616, an improper access control vulnerability, has been exploited in the wild as a zero-day. Public exploit code has been identified and Fortinet products have a long history of targeting by malicious actors. Hotfixes have been…
Microsoft links Medusa ransomware affiliate to zero-day attacks

Apr 6, 2026 7:52 PM

Tags: attack, china, cybercrime, exploit, group, microsoft, ransomware, zero-day

Microsoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-links-medusa-ransomware-affiliate-to-zero-day-attacks/
BKA unmasks two REvil Ransomware operators behind 130+ German attacks

Apr 6, 2026 5:52 PM

Tags: attack, germany, group, ransomware, russia

German police BKA identified two key REvil ransomware members, linking them to over 130 attacks in Germany. Germany’s Federal Criminal Police (BKA) has identified two key figures behind the REvil ransomware group, linking them to more than 130 attacks in the country. The first suspect is Daniil Maksimovich Shchukin (31), a Russian national known online…
Alleged REvil Leader ‘UNKN’ Identified by German Authorities in New Takedown Effort

Apr 6, 2026 12:51 PM

Tags: cyber, hacker, ransomware, russia

German authorities have officially put a face to one of the most notorious names in cybercrime. The German Federal Criminal Police (BKA) recently identified 31-year-old Russian national Daniil Maksimovich Shchukin as the man behind the hacker alias >>UNKN.<< According to the BKA, Shchukin led the infamous GandCrab and REvil ransomware operations. Working alongside 43-year-old Anatoly…
Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools

Apr 6, 2026 12:51 PM

Tags: attack, cisco, edr, malicious, ransomware, threat, tool, vulnerability

Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver (BYOVD) technique to silence security tools running on compromised hosts, according to findings from Cisco Talos and Trend Micro.Qilin attacks analyzed by Talos have been found to deploy a malicious DLL named “msimg32.dll,” First seen on…
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab

Apr 6, 2026 11:51 AM

Tags: computer, country, cybercrime, extortion, germany, group, hacker, ransomware, russia

An elusive hacker who went by the handle “UNKN” and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotage and extortion against victims across…
BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks

Apr 6, 2026 9:52 AM

Tags: attack, cybercrime, germany, group, identity, office, ransomware, service, threat, xss

Germany’s Federal Criminal Police Office (aka BKA or the Bundeskriminalamt) has unmasked the real identity of the main threat actors associated with the now-defunct REvil (aka Sodinokibi) ransomware-as-a-service (RaaS) operation.The threat actor, who went by the alias UNKN, functioned as a representative of the group, advertising the ransomware in June 2019 on the XSS cybercrime…
Security Affairs newsletter Round 571 by Pierluigi Paganini INTERNATIONAL EDITION

Apr 5, 2026 11:50 AM

Tags: cisa, email, group, international, ransomware, WeeklyReview

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Qilin ransomware group claims the hack of German political party Die Linke U.S. CISA adds a…
Ransomware Attack on Vivaticket Disrupts Louvre and Major European Museums

Apr 5, 2026 5:50 AM

Tags: attack, ransomware

What happened A ransomware attack on Vivaticket disrupted online reservations at major European museums and monuments after the ticketing provider was hit in early March. The incident reportedly took place on March 2 and affected about 3,500 European museums and monuments. Vivaticket, which serves thousands of organizations across 50 countries and manages about 850 million…The…
Qilin ransomware group claims the hack of German political party Die Linke

Apr 4, 2026 8:51 PM

Tags: data, germany, group, leak, ransomware

Qilin ransomware claims it stole data from Germany’s Die Linke and threatens to leak it; the party confirmed the incident, but not a breach. The Qilin ransomware group claims it stole data from Die Linke, a German political party, and is threatening to release it. Die Linke is a left-wing political party in Germany. Its…
Cisco fixes critical IMC auth bypass present in many products

Apr 3, 2026 11:52 PM

Tags: access, ai, api, apt, attack, authentication, cisco, computing, credentials, cybersecurity, dns, email, exploit, firewall, firmware, flaw, group, infrastructure, linux, malicious, monitoring, network, password, ransomware, risk, router, vulnerability, zero-day

[ Related: More Cisco news and insights ] The Cisco IMC is a baseboard management controller (BMC), a dedicated controller embedded into server motherboards with its own RAM and network interface that gives administrators monitoring and management capabilities as if they were physically connected to the server with a keyboard, monitor, and mouse (KVM). Because BMCs run…
5 essential steps to bulletproof your endpoint security (and avoid the biggest mistakes)

Apr 3, 2026 10:52 PM

Tags: ai, antivirus, attack, automation, backup, business, control, data, defense, detection, edr, endpoint, exploit, identity, linux, macOS, malware, metric, monitoring, ransomware, resilience, risk, soc, strategy, threat, tool, unauthorized, update, vulnerability, windows, zero-day

Inventory all devices continuously. Go beyond manual tracking. Automated discovery tools can identify each device, from remote laptops to IoT assets, as soon as they join your network. Mitigate shadow IT risk. Unmanaged devices are a favorite entry point for attackers. Every asset must be accounted for and brought under management. No exceptions. Learn more about automating discovery and reducing blind spots in your endpoint management strategy…
6 critical mistakes that undermine cyber resilience (and how to fix them)

Apr 3, 2026 10:52 PM

Tags: attack, automation, backup, best-practice, business, compliance, cyber, cybersecurity, data, detection, edr, endpoint, guide, identity, intelligence, malware, metric, network, ransomware, resilience, risk, soc, strategy, threat, tool, update, vulnerability

Guide to Managing Strong Personalities During a Cybercrisis. Mistake 2: Fragmented asset and risk views: Fragmented asset and risk views make it difficult for teams to understand what is actually in their environment and where the most pressing exposures reside. When devices, configurations, and identity data live in separate tools or are maintained inconsistently, gaps…
5 critical steps to achieve business resilience in cybersecurity

Apr 3, 2026 10:52 PM

Tags: access, ai, attack, authentication, automation, backup, breach, business, communications, control, credentials, cybersecurity, data, defense, detection, endpoint, identity, malicious, mfa, msp, password, ransomware, resilience, soc, threat, tool, update

Looking for end-to-end coverage of your environment? Check out N-able Unified Security Solutions. 2. Transition from manual to automated response : SOC teams can’t keep up with the flood of alerts”, N-able handled 2 alerts per minute on average in 2025. That’s why automation and Security Orchestration, Automation and Response (SOAR) saw a 500% YoY surge”, almost one in four responses are now…