Tag: ransomware
-
Interlock Ransomware Leveraged Cisco FMC Zero-Day 36 Days Before Patch
Amazon’s threat intelligence teams have uncovered a new cyber campaign linked to the Interlock ransomware group. The campaign centers around a flaw affecting Cisco Secure Firewall Management Center (FMC) software. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/interlock-fmc-cve-2026-20131/
-
EDR killers are now standard equipment in ransomware attacks
Ransomware attackers routinely deploy tools designed to disable endpoint detection and response software before launching encryptors. These tools, known as EDR killers, have … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/19/edr-killer-ransomware-attacks/
-
AWS Warns Hackers Have Abused Cisco Firewall Zero-Day Since January
Notorious ransomware group Interlock has been exploiting a Cisco zero-day bug since January, AWS says First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/interlock-ransomware-exploit-cisco/
-
Everyday tools, extraordinary crimes: the ransomware exfiltration playbook
Attackers use trusted tools for data theft, making traditional detection unreliable. The Exfiltration Framework enables defenders to spot exfiltration by focusing on behavioral signals across endpoints, networks, and cloud environments rather than static tool indicators. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/everyday-tools-extraordinary-crimes-the-ransomware-exfiltration-playbook/
-
Interlock group exploiting the CISCO FMC flaw CVE-2026-20131 36 days before disclosure
Tags: attack, cisco, cve, exploit, firewall, flaw, group, ransomware, rce, remote-code-execution, vulnerability, zero-dayThe Interlock ransomware group has exploited a Cisco FMC zero-day RCE vulnerability in attacks since late January. The Interlock ransomware group has been exploiting a critical zero-day RCE vulnerability, tracked as CVE-2026-20131 (CVSS score of 10.0), in Cisco Secure Firewall Management Center (FMC) since late January. The vulnerability is a remote code execution flaw that…
-
CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks
Tags: attack, cisa, cisco, cve, cybersecurity, exploit, flaw, government, infrastructure, microsoft, office, ransomware, vulnerability, zero-dayThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged government agencies to apply patches for two security flaws impacting Synacor Zimbra Collaboration Suite (ZCS) and Microsoft Office SharePoint, stating they have been actively exploited in the wild.The vulnerabilities in question are as follows -CVE-2025-66376 (CVSS score: 7.2) – A stored cross-site scripting First seen…
-
Cisco Firewall Zero-Day Actively Exploited to Deliver Interlock Ransomware
Tags: cisco, cyber, exploit, firewall, flaw, network, ransomware, remote-code-execution, threat, vulnerability, zero-daySecurity research has uncovered an active Interlock ransomware campaign exploiting a critical zero-day vulnerability in Cisco Secure Firewall Management Centre (FMC) software. Utilizing this unauthenticated remote code execution flaw via the Amazon MadPot network, threat actors compromised enterprise environments for over a month before public disclosure. Cisco Firewall Zero-Day The intrusion campaign centers entirely on…
-
Cisco Firewall Zero-Day Actively Exploited to Deliver Interlock Ransomware
Tags: cisco, cyber, exploit, firewall, flaw, network, ransomware, remote-code-execution, threat, vulnerability, zero-daySecurity research has uncovered an active Interlock ransomware campaign exploiting a critical zero-day vulnerability in Cisco Secure Firewall Management Centre (FMC) software. Utilizing this unauthenticated remote code execution flaw via the Amazon MadPot network, threat actors compromised enterprise environments for over a month before public disclosure. Cisco Firewall Zero-Day The intrusion campaign centers entirely on…
-
Interlock Ransomware Exploited Cisco Firewall Flaw for Weeks
Tags: cisco, exploit, firewall, flaw, group, hacker, infrastructure, ransomware, software, usa, vulnerabilityAWS Researchers Find an Interlock Server Laden With Tools. Ransomware hackers exploited a flaw with a maximum vulnerability score in Cisco firewall management software weeks before the networking giant disclosed the vulnerability in early March. The group has focused extensively on critical infrastructure sectors in North America and Europe. First seen on govinfosecurity.com Jump to…
-
Ransomware gang exploits Cisco flaw in zero-day attacks since January
Tags: attack, cisco, exploit, firewall, flaw, ransomware, remote-code-execution, software, vulnerability, zero-dayThe Interlock ransomware gang has been exploiting a maximum severity remote code execution (RCE) vulnerability in Cisco’s Secure Firewall Management Center (FMC) software in zero-day attacks since late January. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/interlock-ransomware-exploited-secure-fmc-flaw-in-zero-day-attacks-since-january/
-
Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access
Tags: access, cisco, cve, exploit, firewall, flaw, intelligence, ransomware, threat, vulnerability, zero-dayAmazon Threat Intelligence is warning of an active Interlock ransomware campaign that’s exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software.The vulnerability in question is CVE-2026-20131 (CVSS score: 10.0), a case of insecure deserialization of user-supplied Java byte stream, which could allow an unauthenticated, remote attacker to First seen…
-
Marquis: Ransomware gang stole data of 672K people in cyberattack
Marquis, a Texas-based financial services provider, revealed this week that a ransomware gang stole the data of over 670,000 individuals in an August 2025 cyberattack that also disrupted operations at 74 banks across the United States. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/marquis-ransomware-gang-stole-data-of-672-000-people-in-2025-cyberattack/
-
Marquis says over 672,000 people had personal and financial data stolen in ransomware attack
Fintech company Marquis is notifying hundreds of thousands of people that hackers stole their personal and financial information, including their Social Security numbers. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/18/marquis-says-over-672000-people-had-personal-and-financial-data-stolen-in-ransomware-attack/
-
LeakNet boosts ransomware with ClickFix lures, stealthy Deno loader
LeakNet is scaling its ransomware operation by pairing mass-market ClickFix lures with a stealthy Deno-based loader that executes almost entirely in memory, shrinking the window for defenders to intervene. Ransomware operator LeakNet is currently averaging around three victims per month. However, recent activity shows the group investing in its own delivery and execution infrastructure to grow that…
-
Cybersecurity and privacy priorities for 2026: The legal risk map
Tags: attack, authentication, awareness, best-practice, breach, communications, country, cyber, cybersecurity, data, defense, finance, fraud, governance, government, incident, incident response, infrastructure, law, mfa, monitoring, privacy, ransomware, regulation, risk, risk-management, service, strategy, supply-chain, threat, usaContinued federal interest in cybersecurity and privacy, especially in connection with national security concerns: The evident connection between cybersecurity and privacy and national security have led to a number of federal initiatives in recent years. Most recently in March 2026, the White House announced the current administration’s Cyber Strategy for America, renewing a commitment to…
-
Less Lucrative Ransomware Market Makes Attackers Alter Methods
Ransomware actors are ditching Cobalt Strike in favor of native Windows tools, as payment rates hit record lows and data theft surges. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/less-lucrative-ransomware-market-makes-attackers-alter-methods
-
Medusa ransomware gang claims attacks on prominent Mississippi hospital, New Jersey county
The Medusa ransomware operation has claimed a devastating cyberattack that knocked out systems at the biggest hospital in Mississippi for nine days. First seen on therecord.media Jump to article: therecord.media/medusa-ransomware-mississippi-cyber
-
Ransomware’s Opening Play: Target Identity First
Ransomware attackers now target identity systems like Active Directory first. Learn how identity resilience can help you prevent and recover from attacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/ransomware-resilience/
-
Warlock Ransomware Group Augments Post-Exploitation Activities
In a recent attack, the group showcased stealthier cross-network activity, thanks to its use of a new BYOVD technique and other tools. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/warlock-ransomware-post-exploitation-activities
-
LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks
The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a malware loader based on the open-source Deno runtime for JavaScript and TypeScript. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/leaknet-ransomware-uses-clickfix-and-deno-runtime-for-stealthy-attacks/
-
Google Warns Ransomware Groups Shift to Data Theft as Profits Decline
Google is warning that ransomware gangs are reinventing their business model as traditional encryption”‘for”‘ransom attacks become less profitable and data”‘theft extortion surges.”‹ Better cybersecurity controls, improved backup strategies, and stronger recovery capabilities mean more victims can restore their systems without paying, directly eroding criminal revenue. Public reporting also shows that both ransom payment rates and average demand…
-
Payload ransomware hits Windows and ESXi with Babuk-style encryption
Tags: cryptography, cyber, encryption, extortion, group, healthcare, ransomware, threat, vmware, windowsA new ransomware operation called Payload is rapidly emerging as a serious threat to both Windows and VMware ESXi environments, combining Babuk-style cryptography with aggressive anti-forensics and a working double-extortion model. The group claims to have been active since at least February 17, 2026. It is already hitting mid-to-large organizations across multiple sectors and countries. The hospital…
-
Inside Nevada’s Push for Secure Digital Government
Tags: ai, attack, cio, cybersecurity, data-breach, governance, government, identity, ransomware, resilienceState CIO Tim Galluzi on Identity Modernization, AI and Resident Services. The State of Nevada is accelerating its cybersecurity and digital modernization efforts after a major ransomware attack exposed the importance of resilience, workforce readiness and strong governance, said State CIO Tim Galluzi. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/inside-nevadas-push-for-secure-digital-government-a-31037
-
The ransomware economy is shifting toward straight-up data extortion
Google’s research report on ransomware activity last year underscores how cybercrime is evolving and clouding a collective understanding of its full impact and scale. First seen on cyberscoop.com Jump to article: cyberscoop.com/google-threat-intelligence-group-ransomware-report-2026/
-
IBM Discovers ‘Slopoly’ AI-Generated Malware Linked to Hive0163 Ransomware
Ransomware group Hive0163 is experimenting with a likely AI-generated malware framework, dubbed “Slopoly,” marking a visible shift toward AI-assisted tooling in attacks. While the malware itself is simple, its use shows how quickly threat actors can now generate and iterate on custom command-and-control clients using large language models (LLMs). Hive0163 is a financially motivated cluster…
-
45,000 malicious IP addresses taken down, 94 suspects arrested
An international law enforcement operation has taken down more than 45,000 malicious IP addresses and servers linked to phishing, malware, and ransomware activity. The action … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/16/interpol-operation-synergia-iii-cybercrime-infrastructure-takedown/
-
Payload Ransomware claims the hack of Royal Bahrain Hospital
The Payload Ransomware group claims to have breached the Royal Bahrain Hospital (RBH), a leading healthcare facility in Bahrain. The Payload Ransomware group claims to have hacked the Royal Bahrain Hospital (RBH) and stolen 110 GB of data. The ransomware gang added the healthcare facility to its Tor data leak site and published the images…
-
Global Authorities Take Down 45,000 Malicious IPs Used in Ransomware Campaigns
Tags: cyber, cybercrime, infrastructure, international, interpol, law, malicious, malware, phishing, ransomwareAn unprecedented international law enforcement effort has successfully dismantled a massive cybercrime network. Coordinated by INTERPOL, the initiative targeted critical infrastructure used in phishing, malware, and ransomware campaigns worldwide. Operation Synergia III Dubbed >>Operation Synergia III,<< the global crackdown took place between July 18, 2025, and January 31, 2026. The operation brought together law enforcement…