Tag: ransomware
-
Vibe-coded ransomware proof-of-concept ended up on Microsoft’s marketplace
Tags: access, ai, control, credentials, data, data-breach, github, infrastructure, malicious, malware, marketplace, microsoft, ransomware, toolExtension pointed to a GitHub-based C2: Ransomvibe deployed a rather unusual GitHub-based command-and-control (C2) infrastructure, instead of relying on traditional C2 servers. The extension used a private GitHub repository to receive and execute commands. It routinely checked for new commits in a file named “index.html”, executed the embedded commands, and then wrote the output back…
-
New Analysis Reveals LockBit 5.0’s Core Features and Dual-Stage Attack Model
LockBit has remained one of the most dominant ransomware-as-a-service (RaaS) groups in the world since its emergence as ABCD ransomware in 2019 and official launch as LockBit in 2020. Despite high-profile setbacks including international law enforcement takedowns in early 2024 and a damaging affiliate panel leak in May 2025 the group continues to update its…
-
New Analysis Reveals LockBit 5.0’s Core Features and Dual-Stage Attack Model
LockBit has remained one of the most dominant ransomware-as-a-service (RaaS) groups in the world since its emergence as ABCD ransomware in 2019 and official launch as LockBit in 2020. Despite high-profile setbacks including international law enforcement takedowns in early 2024 and a damaging affiliate panel leak in May 2025 the group continues to update its…
-
New Analysis Reveals LockBit 5.0’s Core Features and Dual-Stage Attack Model
LockBit has remained one of the most dominant ransomware-as-a-service (RaaS) groups in the world since its emergence as ABCD ransomware in 2019 and official launch as LockBit in 2020. Despite high-profile setbacks including international law enforcement takedowns in early 2024 and a damaging affiliate panel leak in May 2025 the group continues to update its…
-
Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities
Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities that appears to be created with the help of artificial intelligence in other words, vibe-coded.Secure Annex researcher John Tuckner, who flagged the extension “susvsex,” said it does not attempt to hide its malicious functionality. The extension was uploaded on…
-
Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities
Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities that appears to be created with the help of artificial intelligence in other words, vibe-coded.Secure Annex researcher John Tuckner, who flagged the extension “susvsex,” said it does not attempt to hide its malicious functionality. The extension was uploaded on…
-
Gootloader malware back for the attack, serves up ransomware
Move fast – miscreants compromised a domain controller in 17 hours First seen on theregister.com Jump to article: www.theregister.com/2025/11/06/gootloader_back_ransomware/
-
Clop Ransomware group claims the breach of The Washington Post
The Clop Ransomware group claims the breach of The Washington Post and added the Americandaily newspaperto its Tor data leak site. The Clop Ransomware group announced the hack of the prestigious Americandaily newspaper The Washington Post. The cybercrime group created a page for the university on its Tor data leak site and announced it will…
-
Ransom Tales: Volume V, Throwback Edition! Emulating REvil, DarkSide, and BlackMatter Ransomware
AttackIQ presents the fifth volume of Ransom Tales, an initiative focused on emulating the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ revisits historical ransomware operations with…
-
AI-Slop ransomware test sneaks on to VS Code marketplace
A malicious extension with basic ransomware capabilities seemingly created with the help of AI, has been published on Microsoft’s official VS Code marketplace. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-slop-ransomware-test-sneaks-on-to-vs-code-marketplace/
-
Breach Roundup: UPenn Hit by Email Breach
Also, Australian Police Arrest 55 in New Round of Anom App Sting. This week: UPenn hit by email breach, Australian police arrested 55, ‘SesameOp’ backdoor hid C2 traffic, BEC scammers used AWS, hackers stole trucking cargo, Ukrainian national extradited to United States for role in Conti ransomware and a supply chain risk in advanced installer…
-
SonicWall Firewall Backups Stolen by Nation-State Actor
The network security vendor said the MySonicWall breach was unrelated to the recent wave of Akira ransomware attacks targeting the company’s devices. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/sonicwall-firewall-backups-nation-state-actor
-
Federally Qualified Health Center Reports Ransomware Breach
Central Jersey Medical Center Runs Health Centers for Schools in Newark. Central Jersey Medical Center, a federally qualified health center that partners with public schools in Newark, New Jersey, is notifying an undisclosed number of people of a data breach related to an August ransomware attack. The incident is latest to hit a resourced-stretched healthcare…
-
Breach Roundup: UPenn Hit by Email Breach
Also, Australian Police Arrest 55 in New Round of Anom App Sting. This week: UPenn hit by email breach, Australian police arrested 55, ‘SesameOp’ backdoor hid C2 traffic, BEC scammers used AWS, hackers stole trucking cargo, Ukrainian national extradited to United States for role in Conti ransomware and a supply chain risk in advanced installer…
-
Federally Qualified Health Center Reports Ransomware Breach
Central Jersey Medical Center Runs Health Centers for Schools in Newark. Central Jersey Medical Center, a federally qualified health center that partners with public schools in Newark, New Jersey, is notifying an undisclosed number of people of a data breach related to an August ransomware attack. The incident is latest to hit a resourced-stretched healthcare…
-
Report: Nevada State Hackers Evaded Detection for Months
Statewide Breach Hit 60 Agencies Before Ransomware Was Deployed. A threat actor infiltrated Nevada’s statewide systems undetected for months, ultimately disrupting at least 60 agencies by deleting backups and launching ransomware that forced a full rebuild of core infrastructure and triggered a multimillion-dollar emergency response. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/report-nevada-state-hackers-evaded-detection-for-months-a-29948
-
How a ransomware gang encrypted Nevada government’s systems
The State of Nevada has completed its recovery from a ransomware attack it suffered on August 24, 2025, which impacted 60 state agencies, disrupting critical services related to health and public safety. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/how-a-ransomware-gang-encrypted-nevada-governments-systems/
-
SonicWall pins attack on customer portal to undisclosed nation-state
The security vendor said the attack, which exposed customers’ firewall configuration files, is contained and unrelated to recent Akira ransomware attacks on its customers. First seen on cyberscoop.com Jump to article: cyberscoop.com/sonicwall-customer-portal-nation-state-attack/
-
SonicWall pins attack on customer portal to undisclosed nation-state
The security vendor said the attack, which exposed customers’ firewall configuration files, is contained and unrelated to recent Akira ransomware attacks on its customers. First seen on cyberscoop.com Jump to article: cyberscoop.com/sonicwall-customer-portal-nation-state-attack/
-
Critical Bug in Midnight Ransomware Tool Unlocks File Recovery
In the ever-evolving landscape of cyber threats, a new ransomware strain, Midnight, has emerged, echoing the notorious tactics of its predecessor, Babuk. First detected by Gen researchers, Midnight blends familiar ransomware mechanics with novel cryptographic modifications”, some of which unintentionally open the door to file recovery. This represents a rare opportunity for victims to reclaim…
-
Critical Bug in Midnight Ransomware Tool Unlocks File Recovery
In the ever-evolving landscape of cyber threats, a new ransomware strain, Midnight, has emerged, echoing the notorious tactics of its predecessor, Babuk. First detected by Gen researchers, Midnight blends familiar ransomware mechanics with novel cryptographic modifications”, some of which unintentionally open the door to file recovery. This represents a rare opportunity for victims to reclaim…
-
Threat Actors Exploit VS Code Extensions for Ransomware via GitHub C2
Tags: attack, control, cyber, espionage, exploit, github, government, group, infrastructure, malware, north-korea, ransomware, threatSecurity researchers have uncovered a sophisticated attack campaign attributed to Kimsuky, the North Korean-backed threat group known for conducting espionage operations against government entities and think tanks. Recent analysis reveals that threat actors are leveraging Visual Studio Code extensions and GitHub as command-and-control infrastructure to deliver multi-stage malware payloads capable of deploying ransomware and conducting…
-
Threat Actors Exploit VS Code Extensions for Ransomware via GitHub C2
Tags: attack, control, cyber, espionage, exploit, github, government, group, infrastructure, malware, north-korea, ransomware, threatSecurity researchers have uncovered a sophisticated attack campaign attributed to Kimsuky, the North Korean-backed threat group known for conducting espionage operations against government entities and think tanks. Recent analysis reveals that threat actors are leveraging Visual Studio Code extensions and GitHub as command-and-control infrastructure to deliver multi-stage malware payloads capable of deploying ransomware and conducting…
-
Retailers are learning to say no to ransom demands
Ransomware remains one of the biggest operational risks for retailers, but the latest data shows a shift in how these attacks unfold. Fewer incidents now lead to data … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/06/sophos-retail-ransomware-recovery-report/
-
Survey: Organizations Are Too Confident in Their Cyber Resiliency
A global survey of 1,773 C-level executives, security professionals and security and technical directors finds nearly all (95%) are confident in their ability to recover from a ransomware attack. Conducted by OpenText, the survey also notes that 40% of respondents said their organization experienced a ransomware attack in the past year, with nearly half hit..…
-
Survey: Organizations Are Too Confident in Their Cyber Resiliency
A global survey of 1,773 C-level executives, security professionals and security and technical directors finds nearly all (95%) are confident in their ability to recover from a ransomware attack. Conducted by OpenText, the survey also notes that 40% of respondents said their organization experienced a ransomware attack in the past year, with nearly half hit..…
-
2 Ex-Cyber Specialists Indicted for Alleged BlackCat Attacks
DOJ: Suspects Hit 5 Firms, Including 3 in Healthcare, Netted $1.3M in Ransom Money. Three former employees of two cybersecurity firms stand accused of using BlackCat ransomware in a conspiracy to extort five U.S. companies, including three in the healthcare sector. One of the victim companies paid nearly $1.3 million to the attackers, U.S. federal…
-
What Makes Ransomware Groups Successful?
Successful ransomware groups have three key elements in common. Spoiler alert: Indicators of success don’t all revolve around artificial intelligence. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/inside-the-playbook-of-ransomware-s-most-profitable-players
-
Google uncovers malware using LLMs to operate and evade detection
PromptLock, the AI-powered proof-of-concept ransomware developed by researchers at NYU Tandon and initially mistaken for an active threat by ESET, is no longer an isolated … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/05/malware-using-llms/
-
US indicts three cyber pros who moonlit for ransomware gang
US prosecutors indict three men who allegedly attacked multiple victims with ALPHV/BlackCat ransomware whilst working as professional cyber incident responders. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366634172/US-indicts-three-cyber-pros-who-moonlit-for-ransomware-gang