Collecting Cyber-News from over 60 sources

Tag: ransomware

Did cybersecurity recently have its Gatling gun moment?

Mar 11, 2026 12:49 PM

Tags: ai, attack, automation, cyber, cyberattack, cybercrime, cybersecurity, defense, detection, email, endpoint, government, hacker, intelligence, LLM, malicious, malware, phishing, ransomware, siem, social-engineering, spear-phishing, strategy, tactics, threat, tool, update, vulnerability, warfare

inflection point. Both emblematic of an irreversible tipping point, where the nature of conflict was altered by its sudden asymmetry.The Gatling gun is the perfect analogy for the current cyber landscape. Just as it transformed warfare from a manual craft into an industrial process, modern threats have shifted from individual attacks to automated, high-velocity engagements.Here…
Mehr Cyberangriffe auf deutsche Firmen – Februar bringt Plus von elf Prozent

Mar 11, 2026 12:49 PM

Tags: cyberattack, ransomware

Bemerkenswert ist, dass im Februar 49 verschiedene Ransomware-Gruppen weltweit öffentlich Organisationen angegriffen haben, was die Breite und Widerstandsfähigkeit der Ransomware-Landschaft unterstreicht. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/mehr-cyberangriffe-auf-deutsche-firmen-februar-bringt-plus-von-elf-prozent/a44078/
12 ways attackers abuse cloud services to hack your enterprise

Mar 11, 2026 8:47 AM

Tags: access, ai, api, attack, backdoor, backup, business, ceo, china, cloud, communications, control, corporate, credentials, crowdstrike, cyber, cybercrime, cyberespionage, cybersecurity, data, defense, detection, endpoint, exploit, extortion, firewall, framework, group, hacking, incident, incident response, infrastructure, kubernetes, login, malicious, malware, microsoft, network, openai, phishing, ransomware, russia, service, social-engineering, threat, tool

Hiding command-and-control in trusted APIs: Attackers are also forging malware that routes C2 traffic through trusted services such as OpenAI APIs.For example, the SesameOp backdoor routes traffic through OpenAI’s Assistants API, masking C2 communications as legitimate AI development work.”In cases such as the SesameOp backdoor, traffic looks like normal AI development activity,” says Parthiban Jegatheesan,…
Google Cloud Security Threat Horizons Report #13 (H1 2026) Is Out!

Mar 10, 2026 9:48 PM

Tags: access, ai, apt, attack, cloud, credentials, cybersecurity, data, email, exploit, extortion, google, incident response, injection, intelligence, LLM, metric, phishing, ransomware, rce, remote-code-execution, saas, service, social-engineering, software, theft, threat, vulnerability, zero-day

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Cloud Threat Horizons Report, #13 (full version, no info to enter!) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4, #5, #6, #7, #8, #9, #10, #11 and #12).…
Cybercrime isn’t just a cover for Iran’s government goons – it’s a key part of their operations

Mar 10, 2026 7:49 PM

Tags: cybercrime, government, iran, malware, ransomware, service

Ransomware, malware-as-a-service, infostealers benefit MOIS, too First seen on theregister.com Jump to article: www.theregister.com/2026/03/10/cybercrime_iran_mois/
Closed Loop Security: Zero Trust, C2C Ransomware Defense

Mar 10, 2026 5:47 PM

Tags: access, cybersecurity, defense, ransomware, service, tool, zero-trust

<div cla In Part 1 of this series, we established the core problem facing cybersecurity today: it still operates as an open-loop system. Tools detect alerts, behaviors, and anomalies, but they do not enforce whether systems remain in a known-good, trusted state. As a result, security teams are perpetually reacting to symptoms rather than preventing…
Dragos identifiziert drei neue OT-Angreifergruppen” – OTAngriffe stiegen 2025 um 64 Prozent

Mar 10, 2026 1:47 PM

Tags: cyberattack, ransomware

First seen on security-insider.de Jump to article: www.security-insider.de/ot-ransomware-angriffe-dragos-a-b69913966b49a92b9f5963b8e7a762aa/
The OT security time bomb: Why legacy industrial systems are the biggest cyber risk nobody wants to fix

Mar 10, 2026 12:47 PM

Tags: access, attack, authentication, awareness, business, ciso, compliance, control, cyber, cybersecurity, data, detection, exploit, firewall, incident, incident response, infrastructure, insurance, ISO-27001, metric, mfa, monitoring, network, office, phishing, ransomware, regulation, resilience, risk, risk-management, service, siem, soc, stuxnet, supply-chain, tool, vpn, vulnerability, zero-day

Why everyone knows it’s burning, but nobody pulls the fire alarm: When I talk to OT managers, production leads or plant engineers, I rarely hear, “We didn’t know we had a problem.” Far more often, it’s, “We know it’s critical, but we can’t just shut it down.” This gap between awareness and action is the…
I replaced manual pen tests with automation. Here’s what I learned.

Mar 10, 2026 9:48 AM

Tags: access, attack, breach, control, cvss, detection, exploit, infrastructure, intelligence, password, penetration-testing, ransomware, RedTeam, resilience, risk, service, siem, soc, tactics, tool, training, update, vulnerability, zero-day

The remediation black hole: Perhaps most frustrating was what happened after we received findings. Our teams would work diligently to implement fixes, but we rarely had the budget or opportunity to bring testers back to validate remediation. We were left with uncertainty. This gap between identification and verification created a dangerous blind spot in our…
SurxRAT Android Malware Uses LLMs for Phishing and Data Theft

Mar 10, 2026 9:48 AM

Tags: access, android, control, credentials, cyber, cybercrime, data, LLM, malware, phishing, ransomware, theft

A new Android Remote Access Trojan (RAT) named SurxRAT, which is being sold as a commercial malware platform through a Telegram-based malware”‘as”‘a”‘service (MaaS) ecosystem. The malware, marketed under the SURXRAT V5 branding, enables cybercriminals to create customized Android malware builds capable of surveillance, credential theft, remote device control, and ransomware-style device locking. The malware appears…
ISMG Security Report: Data-Extortion Ransomware Loses Steam

Mar 9, 2026 9:47 PM

Tags: attack, business, data, extortion, ransomware, strategy

Revenue From Data-Extortion-Only Attacks Appear to Have Plummeted to Virtually Nil. While ransomware continues to disrupt businesses, thankfully some shakedown strategies are losing steam. The latest ISMG Security Report reviews how criminals have continued to refine the ransomware business model and why once-successful strategies for maximizing illicit profits now fall short. First seen on govinfosecurity.com…
9th March Threat Intelligence Report

Mar 9, 2026 6:47 PM

Tags: cyberattack, group, intelligence, ransomware, threat

AkzoNobel, a Netherlands-based global paint manufacturer, has confirmed a cyberattack affecting one of its United States sites. The company said the intrusion was contained, while the Anubis ransomware group claimed it stole […] First seen on research.checkpoint.com Jump to article: research.checkpoint.com/2026/9th-march-threat-intelligence-report/
Cognizant’s TriZetto Provider Solutions data breach impacted over 3.4 million patients

Mar 9, 2026 1:47 PM

Tags: attack, breach, data, data-breach, group, healthcare, ransomware

A breach at Cognizant’s TriZetto Provider Solutions exposed sensitive health data belonging to more than 3.4 million patients. A data breach at Cognizant’s TriZetto Provider Solutions exposed sensitive information belonging to more than 3.4 million patients. At this time, no ransomware group has claimed responsibility for the attack yet. TriZetto Provider Solutions is a healthcare…
We’ve seen ransomware cost American lives. Here’s what it will actually take to stop it.

Mar 9, 2026 11:48 AM

Tags: attack, government, hacker, ransomware

Hackers have cut their attack timelines from weeks to hours while the government spreads resources too thin. We need to stop pretending we can protect everything and start focusing on what would hurt us most. First seen on cyberscoop.com Jump to article: cyberscoop.com/national-cyber-strategy-ransomware-prioritization-op-ed/
Rogues gallery: 15 worst ransomware groups active today

Mar 9, 2026 10:47 AM

Tags: access, ai, alphv, apt, attack, backup, breach, cloud, cyber, cybercrime, dark-web, data, data-breach, defense, detection, email, encryption, endpoint, exploit, extortion, finance, government, group, healthcare, infrastructure, insurance, intelligence, korea, law, leak, linux, lockbit, malicious, malware, moveIT, network, north-korea, organized, phishing, ransom, ransomware, russia, service, social-engineering, software, strategy, threat, tool, usa, vmware, vpn, vulnerability, windows, zero-day

Black Basta: History: Black Basta appeared on the ransomware scene in early 2022 and is believed to be a spin-off from Conti, a group notorious for attacking major organizations.How it works: Black Basta usually deploys malware through exploitation of known vulnerabilities and social engineering campaigns. “Employees in the target environment are email bombed and then…
Tarnung als Taktik: Warum Ransomware-Angriffe raffinierter werden

Mar 9, 2026 5:46 AM

Tags: access, ai, ciso, control, cyber, cyberattack, detection, encryption, endpoint, extortion, framework, intelligence, lockbit, mitre, openai, ransomware, RedTeam, service, software, strategy, threat, tool, vulnerability

Statt eines kurzen, aber sehr schmerzhaften Stiches setzen Cyberkrimelle zunehmend darauf, sich in ihren Opfern festzubeißen und beständig auszusaugen.Ransomware-Angreifer ändern zunehmend ihre Taktik und setzen vermehrt auf unauffällige Infiltration. Dies liegt daran, dass die Drohung mit der Veröffentlichung sensibler Unternehmensdaten zum Hauptdruckmittel bei Erpressungen geworden ist.Der jährliche Red-Teaming-Bericht von Picus Security zeigt, dass Angreifer zunehmen…
Cyberresilienz beginnt mit Backup: Ein Rahmenwerk für messbare Wiederherstellung

Mar 8, 2026 7:47 AM

Tags: backup, ransomware, resilience, strategy

Cyberresilienz entscheidet sich nicht beim Backup, sondern bei der Wiederherstellung. Angesichts von Ransomware, kompromittierten Identitäten und komplexen Cloud”‘Abhängigkeiten müssen Unternehmen ihre Backup”‘Strategie konsequent auf messbare Recovery”‘Ergebnisse ausrichten. Dieser Beitrag zeigt, wie eine architekturgetriebene Enterprise”‘Backup”‘Strategie Wiederherstellbarkeit, Sicherheit und Resilienz systematisch in den Mittelpunkt stellt. Die Enterprise-Backup-Strategie hat sich weit über ihre traditionelle Rolle als operative… First…
Termite ransomware breaches linked to ClickFix CastleRAT attacks

Mar 7, 2026 6:47 PM

Tags: attack, breach, malware, ransomware, threat, windows

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/termite-ransomware-breaches-linked-to-clickfix-castlerat-attacks/
Teenage hacker myth primed for a middle-age criminal makeover

Mar 6, 2026 10:47 AM

Tags: access, breach, business, corporate, crypto, cyber, cybercrime, cybersecurity, data, detection, extortion, finance, group, hacker, hacking, infrastructure, jobs, malware, network, penetration-testing, programming, ransomware, service, skills, software, technology, threat, vulnerability

Cybercrime cartels: Dray Agha, senior security operations manager at managed detection and response services firm Huntress, said the analysis illustrates that the “Hollywood image of a teenage lone wolf hacking for bragging rights” is vastly outdated since the threat landscape is dominated by “highly organised, profit-driven syndicates.””While young people may still engage in digital vandalism…
Zero-day exploits hit enterprises faster and harder

Mar 6, 2026 9:48 AM

Tags: access, apple, attack, backdoor, business, china, cisco, cve, data, detection, endpoint, espionage, exploit, firewall, flaw, fortinet, google, group, hacker, infrastructure, ivanti, least-privilege, mobile, network, oracle, radius, ransomware, risk, router, russia, service, software, technology, threat, update, vpn, vulnerability, zero-day

Enterprise environments under siege: Chinese threat actors continued to display a preference for targets that are difficult to monitor and allow persistent access to strategic networks. Notable examples include the groups that GTIG tracks as UNC5221, which exploited a flaw in Ivanti Connect Secure (CVE-2025-0282) and UNC3886, which exploited a vulnerability in Juniper routers (CVE-2025-21590).Another…
Backup strategies are working, and ransomware gangs are responding with data theft

Mar 6, 2026 8:47 AM

Tags: backup, business, cyber, data, email, fraud, insurance, ransomware, strategy, theft

Business email compromise (BEC) and funds transfer fraud combined for 58% of all cyber insurance claims filed in 2025, according to data from Coalition covering more than … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/06/cyber-claims-report-ransomware-gangs-data-theft/
Whitelisting im Unternehmen: Wie Allow-Listing Zero-Day-Angriffe stoppt und die Angriffsfläche reduziert

Mar 6, 2026 7:46 AM

Tags: cloud, cyberattack, malware, ransomware, zero-day

Unternehmen stehen heute vor einer Sicherheitslage, in der klassische Abwehrmechanismen allein nicht mehr ausreichen. Malware, Ransomware, Schatten-IT, komplexe Multi-Cloud-Architekturen und strenge Datenschutzvorgaben treffen auf eine Arbeitswelt, die von Dynamik und Flexibilität geprägt ist. In diesem Spannungsfeld gewinnt ein Sicherheitsprinzip zunehmend an Bedeutung, das zwar traditionell wirkt aber gerade deshalb enorme Stärke entfaltet: konsequentes Whitelisting. First…
Whitelisting im Unternehmen: Wie konsequentes Allow-Listing Zero-Day-Angriffe stoppt und die Angriffsfläche dauerhaft reduziert Kontrolle statt reaktiver Abwehr

Mar 6, 2026 6:47 AM

Tags: cloud, cyberattack, malware, ransomware, zero-day

Unternehmen stehen heute vor einer Sicherheitslage, in der klassische Abwehrmechanismen allein nicht mehr ausreichen. Malware, Ransomware, Schatten-IT, komplexe Multi-Cloud-Architekturen und strenge Datenschutzvorgaben treffen auf eine Arbeitswelt, die von Dynamik und Flexibilität geprägt ist. In diesem Spannungsfeld gewinnt ein Sicherheitsprinzip zunehmend an Bedeutung, das zwar traditionell wirkt aber gerade deshalb enorme Stärke entfaltet: konsequentes Whitelisting. First…
Europa im Visier von Cyber-Identitätsdieben

Mar 6, 2026 5:47 AM

Tags: ai, authentication, china, cloud, cve, cyber, cyberattack, exploit, germany, google, korea, lazarus, mail, malware, mfa, microsoft, phishing, ransomware, saas, sap, service, strategy, threat, vpn, vulnerability

Deutsche Unternehmen müssen sich warm anziehen: Sowohl staatliche als auch ‘private” Akteure haben es auf sie abgesehen.ShutterstockWie die Experten von Darktrace in ihrem aktuellen Threat Report 2026 darstellen, bleiben Cloud- und E-Mail-Konten das Einfallstor Nummer Eins in Europa. Dem Bericht zufolge begannen im vergangenen Jahr in Europa 58 Prozent der Attacken mit kompromittierten Cloud-Accounts oder…
Phobos Ransomware admin faces up to 20 years after guilty plea

Mar 5, 2026 9:49 PM

Tags: fraud, korea, ransomware, russia

Russian national Evgenii Ptitsyn (43) pleaded guilty in the U.S. for his role in the Phobos ransomware operation. Russian national Evgenii Ptitsyn pleaded guilty in the US to wire fraud conspiracy for his role in the Phobos ransomware scheme. The man was arrested in South Korea in 2024 and extradited to the United States. He…
Phobos ransomware leader facing 20 years in prison after pleading guilty to hacking charges

Mar 5, 2026 7:47 PM

Tags: hacking, korea, ransomware

Ptitsyn and several others began using the Phobos ransomware in November 2020, attacking more than 1,000 organizations around the world. He was arrested in South Korea and extradited in November 2024. First seen on therecord.media Jump to article: therecord.media/phobos-ransomware-leader-facing-20-years
Phobos ransomware leader pleads guilty, faces up to 20 years in prison

Mar 5, 2026 7:47 PM

Tags: extortion, ransomware, russia

The 43-year-old Russian national ran a ransomware operation that impacted more than 1,000 victims globally. The conspiracy netted more than $39 million in extortion payments. First seen on cyberscoop.com Jump to article: cyberscoop.com/phobos-ransomware-leader-guilty/
Phobos ransomware admin pleads guilty to wire fraud conspiracy

Mar 5, 2026 10:47 AM

Tags: fraud, ransomware, russia

A Russian national pleaded guilty to a wire fraud conspiracy charge related to his role in administering the Phobos ransomware operation, which breached hundreds of victims worldwide. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/phobos-ransomware-admin-pleads-guilty-to-wire-fraud-conspiracy/
What to Expect from Iran’s Digital Counterstrike

Mar 5, 2026 1:47 AM

Tags: attack, breach, cloud, communications, cyber, cyberattack, cybersecurity, data, defense, espionage, exploit, extortion, finance, government, group, hacking, infrastructure, intelligence, international, iran, leak, middle-east, military, network, ransomware, risk, risk-assessment, service, tool, update, vulnerability, worm

After the United States and Israel began a bombing campaign on Iran, leading to the decapitation of its political and military leaders, the Middle East has erupted into waves of kinetic warfare. But what should we expect about cyber? Iran has a formidable offensive cybersecurity capability and is considered one of the four most aggressive…
Cancer Center Research Study Hack Affects 1.2M

Mar 4, 2026 11:48 PM

Tags: attack, ransomware

Health Researchers Often Overlook Security of Historical Datasets. An August 2025 ransomware attack on the University of Hawaii Cancer Center’s epidemiology division has affected 1.2 million individuals, including personal information such as Social Security numbers of certain research study participants dating back more than 30 years. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cancer-center-research-study-hack-affects-12m-a-30912