Tag: ransomware
-
CISA Issues Alert on Oracle PeopleSoft Vulnerability Exploited by Ransomware Groups
Tags: authentication, cisa, control, cve, cyber, cybersecurity, exploit, flaw, group, infrastructure, oracle, ransomware, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical vulnerability in Oracle PeopleSoft Enterprise PeopleTools, identified as CVE-2026-35273. This vulnerability, categorized as CWE-306 (Missing Authentication for Critical Function), allows unauthenticated attackers to gain full control of vulnerable PeopleSoft environments. According to CISA, this flaw…
-
DragonForce ransomware uses Microsoft Teams for covert command and control
First seen on scworld.com Jump to article: www.scworld.com/brief/dragonforce-ransomware-uses-microsoft-teams-for-covert-command-and-control
-
Cybercriminals mask malicious communications through Microsoft Teams relays
Tags: communications, control, cybercrime, group, infrastructure, malicious, malware, microsoft, ransomwareThe DragonForce ransomware group used a custom malware called Backdoor.Turn to hide command-and-control traffic inside Microsoft Teams relay infrastructure during an intrusion … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/16/dragonforce-microsoft-teams-malware-backdoor-turn/
-
‘Lorem Ipsum’ Malware Pivots to ClickFix Delivery
New analysis shows the campaign, which uses compromised WordPress sites, may be linked to the ransomware and data extortion group Vice Society. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/lorem-ipsum-malware-clickfix-delivery
-
Microsoft Teams Relay Abused by Hackers to Hide Malicious Traffic
Tags: communications, control, cyber, exploit, hacker, infrastructure, malicious, microsoft, ransomware, threatMicrosoft Teams’ trusted infrastructure has been exploited by threat actors to secretly route malicious traffic, leading to a highly stealthy ransomware campaign attributed to the DragonForce group. Security researchers have discovered a novel technique in which attackers exploit Microsoft Teams’ TURN (Traversal Using Relays around NAT) servers to conceal command-and-control (C2) communications, making malicious activity…
-
Microsoft Teams Relay Abused by Hackers to Hide Malicious Traffic
Tags: communications, control, cyber, exploit, hacker, infrastructure, malicious, microsoft, ransomware, threatMicrosoft Teams’ trusted infrastructure has been exploited by threat actors to secretly route malicious traffic, leading to a highly stealthy ransomware campaign attributed to the DragonForce group. Security researchers have discovered a novel technique in which attackers exploit Microsoft Teams’ TURN (Traversal Using Relays around NAT) servers to conceal command-and-control (C2) communications, making malicious activity…
-
DragonForce Ransomware Exploited Microsoft Teams to Hide in Attack Against Major Company
Command and control traffic exploited a Teams visitor token to make malicious activity look legitimate to defenders First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/dragonforce-ransomware-hidden/
-
Ransomware gang abuses Microsoft Teams relays to hide malicious traffic
DragonForce ransomware used a custom malware named ‘Backdoor.Turn’ to hide command-and-control traffic inside Microsoft Teams relay infrastructure. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ransomware-gang-abuses-microsoft-teams-relays-to-hide-malicious-traffic/
-
Rhysida and Interlock Ransomware Groups Linked to Initial Access Brokers and Crypter Ecosystem
Rhysida and Interlock sit inside the same ransomware supply chain, but their latest observed behavior shows a more nuanced relationship than simple code reuse. IBM X-Force’s long-term analysis ties both groups to initial access brokers, private crypters, downloaders, and backdoors that help them stage intrusion chains before encryption. The core finding is that both operations…
-
Ransomware-Aktivität erreicht im Mai neuen Höchststand
Trotz eines leichten Rückgangs der weltweiten Cyberangriffe bleibt die Bedrohungslage für Unternehmen angespannt. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/ransomware-im-mai-neuen-hoechststand
-
The Gentlemen RaaS Scales to 166 Victims as Ransomware Groups Compete for Affiliates
Two new Ransomware-as-a-Service (RaaS) entrants publicly recruited affiliates, underscoring a rapid reconsolidation of the ransomware market and a sharpening competition for skilled operators. An actor using the handle hyflock123 posted a recruitment thread on Duty-Free on May 14 claiming prior work with LockBit and Qilin and launching “Hyflock.” The next day hastalamuerte, founder and administrator…
-
Adriatic Port Cyber-Attack by Anubis Sparks Warning Over Maritime Security Risks
How the Anubis ransomware group stole and leaked an Italian Adriatic port authority’s data First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/anubis-ransomware-adriatic-port/
-
Adriatic Port Cyber-Attack by Anubis Sparks Warning Over Maritime Security Risks
How the Anubis ransomware group stole and leaked an Italian Adriatic port authority’s data First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/anubis-ransomware-adriatic-port/
-
Ukrainian national pleads guilty in connection with Conti ransomware
A Ukrainian national pleaded guilty to conspiracy to commit wire fraud in connection with the deployment of Conti ransomware, which targeted more than 1,000 victims worldwide. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/15/conti-ransomware-member-pleads-guilty/
-
Infostealers, AI, and a 90% Affiliate Cut Fuel The Gentlemen group’s Rise
The Gentlemen ransomware used infostealer credentials, AI tools, and affiliates to hit 483 victims across 66 countries in under a year. The Gentlemen surfaced as a ransomware operation in September 2025 and by June 13, 2026 had listed 483 victims on their dark-web leak site, 380 of them in 2026 alone. That makes them the…
-
Ukrainian Extradited from Ireland Pleads Guilty Over Role in Conti Ransomware Scheme
Ukrainian national Oleksii Lytvynenko pleaded guilty in the U.S. for his role in Conti ransomware attacks targeting victims worldwide. Oleksii Oleksiyovych Lytvynenko (44), a Ukrainian national extradited from Ireland to the U.S., has pleaded guilty to conspiracy to commit wire fraud for his involvement in the Conti ransomware operation. Prosecutors said he helped conduct attacks…
-
Extradited Ukrainian Man Admits Role in Conti Ransomware Attacks
Ukrainian national Oleksii Lytvynenko has pleaded guilty in the US to wire fraud conspiracy linked to Conti ransomware, which hit more than 1,000 victims and generated at least $150 million in ransom payments. First seen on hackread.com Jump to article: hackread.com/extradited-ukrainian-admits-conti-ransomware-attacks/
-
The FCC Wants to Kill Burner Phones
Plus: AI bug hunting fuels Microsoft’s biggest-ever Patch Tuesday, ShinyHunters ransomware gang exploits an Oracle zero-day, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-the-fcc-wants-to-kill-burner-phones/
-
Conti ransomware group member pleads guilty, faces up to 20 years in prison
Oleksii Lytvynenko, a 44-year-old Ukrainian national, admitted to joining the prolific cybercrime group in 2021. Officials said he engaged in cybercrime up until his arrest in Ireland in 2023. First seen on cyberscoop.com Jump to article: cyberscoop.com/conti-ransomware-member-ukrainian-lytvynenko-guilty/
-
Ukrainian national pleads guilty to role in Conti ransomware operation
A Ukrainian national extradited from Ireland to the United States last year has pleaded guilty to conspiracy charges tied to the Conti ransomware operation. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ukrainian-national-pleads-guilty-to-role-in-conti-ransomware-operation/
-
Ransomware Payment Crypto Laundering Platform Taken Out by FBI and Europol
Domain of dark web money laundering platform AudiA6 seized and suspects arrested in joint operation by the FBI, Europol and others First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ransomware-crypto-laundering/
-
Authorities dismantle crypto laundering service that moved Euro336 million for cybercriminals
An international law enforcement operation has dismantled a cryptocurrency laundering service linked to ransomware groups and other cybercriminals that processed more than … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/12/europol-audia6-crypto-laundering-service-ransomware-groups/
-
Authorities Seize AudiA6 Crypto Laundering Service Used by Cybercriminal Gangs
Tags: crypto, cyber, cybercrime, finance, infrastructure, international, network, ransomware, serviceAuthorities have dismantled a major cryptocurrency laundering infrastructure known as “AudiA6,” disrupting a critical financial backbone used by ransomware gangs and cybercriminal networks to legitimize illicit proceeds. The coordinated international operation, supported by Europol and Eurojust, targeted a service believed to have laundered more than EUR 336 million between 2022 and 2025, marking one of…
-
Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs
Authorities in Europe have disrupted AudiA6, a cryptocurrency laundering service used by ransomware gangs and cybercriminal networks.Europol, in a statement issued Thursday, said the dismantling of AudiA6 cut off a “key financial pipeline used to wash hundreds of millions in illicit profits.” The service is estimated to have been used to launder more than Euro336…
-
Gesundheitsdaten gehören zu den wertvollsten Gütern der Cyberkriminalität
Nach Analyse des Handels mit Gesundheitsdaten im Cyberuntergrund: Deutschland zählt zu den Ländern mit den meisten öffentlich erreichbaren Medizinsystemen. TrendAI, der Enterprise-Cybersecurity-Geschäftsbereich von Trend Micro, veröffentlicht neue Forschungsergebnisse, die zeigen: Gestohlene Gesundheitsdaten werden heute in einer ausgereiften Underground-Economy gehandelt, an der Ransomware-Gruppen, Access Broker, Fraud-Marktplätze und Credential-Händler gleichermaßen beteiligt sind. Über einen Zeitraum von… First…
-
The Anubis Ransomware Attack on the Adriatic Port Authority
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/the-anubis-ransomware-attack-on-the-adriatic-port-authority
-
The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm
A new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while leveraging resources from various ransomware-as-a-service (RaaS) schemes like LockBit (aka Tenacious Mantis), Qilin (aka Pestilent Mantis), and Medusa (aka Venomous Mantis).According to a detailed report First seen on…
-
Authorities dismantle ‘AudiA6’ ransomware crypto-laundering service
Law enforcement has dismantled the “AudiA6” cryptocurrency service allegedly used by ransomware actors and other cybercriminals to launder more than $380 million. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/legal/authorities-dismantle-audia6-ransomware-crypto-laundering-service/
-
Extortion-Only Attacks Increase, With Data Theft Dominating Ransomware Claims
Extortion-only attacks are increasing as data theft drives most ransomware claims, with many organizations unable to stop stolen data from being exposed First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/extortion-only-attacks-surge/
-
Ransomware group The Gentlemen linked to Russian national
First seen on scworld.com Jump to article: www.scworld.com/brief/ransomware-group-the-gentlemen-linked-to-russian-national