ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
The U.S. sanctions Nobitex crypto exchange used by ransomware
The U.S. Treasury's Office of Foreign Assets Control (OFAC) has announced sanctions against Nobitex, Iran's largest cryptocurrency exchange, for facilitating payments related to terrorist activities. [...]
The Gentlemen Ransomware Group Uses Fortinet Exploits, AI, and Custom C2 Frameworks
A Russian-speaking ransomware crew known as The Gentlemen has quickly risen to become one of the most active threats in 2026, ranking second only to Qilin in ransomware activity. Their toolkit combines Fortinet vulnerabi
Subpostmaster federation hit by ransomware attack
<p>The National Federation of Subpostmasters (NFSP) was hit by a ransomware attack after a bug was exploited in its web hosting provider’s software.</p> <p>The attack is still causing technical problems, with emails bet
Unternehmen verhandeln zum ersten Mal, Angreifer zum hundertsten
Nach einem Ransomware-Angriff beginnt für viele Unternehmen eine Phase, auf die sie kaum vorbereitet sind: die Kommunikation mit den Angreifern. Während Ransomware-Gruppen diese Verhandlungen routiniert führen, ist es fü
AI-built ransomware toolkit automates EDR evasion, AD discovery
A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions. [...]
Ransomware Operators Keep Business Hours. The Data Proves It
16,699 ransomware leak posts over 2 years show 84% drop Monday–Friday, peak at European afternoon hours. October spikes yearly. Someone analyzed 16,699 ransomware leak-site posts across 200 groups over two years and aske
Cybercrime Crew Claims It Hacked Mike Lindell’s MyPillow
Plus: A ransomware group is now stealing data in person, BusPatrol wants to hand its license plate surveillance data to the cops, and more.
Ransomware Uses SYSTEM Scheduled Task to Encrypt Local Drives With Elevated Privileges
A newly analyzed ransomware strain called The Gentlemen is raising serious alarms across the cybersecurity community. Built in the Go programming language and obfuscated with a tool called Garble, it combines powerful pe
The Gentlemen ransomware: Dissecting a self-propagating Go encryptor
Microsoft Threat Intelligence presents a comprehensive analysis of The Gentlemen, a Go-based ransomware deployed by affiliates of Storm-2697 that combines per-file ephemeral key encryption with an aggressive self-propaga
Kemper - 269,299 breached accounts
In April 2026, the American insurance holding company Kemper Corporation was named by the ShinyHunters ransomware group in a "pay or leak" extortion campaign. The attackers allegedly accessed Kemper's Salesforce environm
Silent Ransom Group Targets Law Firms With IT Support Impersonation Attacks
A threat group known as the Silent Ransom Group is actively targeting US-based law firms using a bold and deceptive social engineering playbook. Rather than deploying ransomware in the traditional sense, this group goes
„Passwort“ Folge 58: News mit Failzwiebel, Lösegeld und rostigen Coreutils
Vielschichtiges Sicherheitsversagen bei einer CA analysieren die Hosts ebenso wie den Wechsel der Linux-Coreutils auf Rust. Und es gibt Neues zu Ransomware.
The Gentlemen emerging as key ransomware player
<p>An emerging <a href="https://www.techtarget.com/whatis/definition/ransomware-as-a-service-RaaS" target="_blank" rel="noopener">ransomware gang</a> known as The Gentlemen is beginning to attract more attention as it be
The Hidden Ransomware Economy Running on Exposed Databases
A 5-year study on the Ransomware Economy found that 30,515 exposed databases were hit by ransom attacks, causing massive damage despite victims never paying. Database extortion doesn’t look like the ransomware stories th
How Tier 1 Can Process Alerts 3x Faster with Threat Intelligence
You already know the feeling.The shift starts, and the queue is already full. Somewhere in that pile of hundreds of alerts is the one that actually matters — the lateral movement no one caught, the C2 beacon hiding behin
Microsoft Defender Now Automatically Isolates Compromised Devices to Stop Ransomware
Microsoft Defender for Endpoint has introduced automatic device isolation, a proactive containment capability that disconnects compromised workstations from the network the moment a high-confidence attack is detected wit
NightSpire Ransomware Uses RDP Access and Remote Admin Tools for Stealthy Persistence
A new ransomware threat is making waves across dozens of industries and countries, using a surprisingly simple but effective approach to break into systems and lock victims out of their own data. NightSpire, first identi
Payload Ransomware Uses ChaCha20 and Curve25519 ECDH to Encrypt Windows Files
A dangerous new ransomware strain called Payload has been quietly building a global victim list since it first appeared in February 2026. The group launched its leak site with a high-profile target and has since expanded
Ransomware-Lösegelder explodieren bei sinkender Zahlungsquote
Ransomware bedroht weiter deutsche Unternehmen. Zwar zahlen nur noch 7 Prozent der Geschädigten Lösegeld, doch die durchschnittliche Lösegeldhöhe ist um 65 Prozent gestiegen. Das BKA-Bundeslagebild Cybercrime 2025 zeigt
Why pure extortion is replacing traditional ransomware
Ransomware gangs are shifting from encryption to pure extortion, focusing on stolen data, reputational pressure, and stealthier attacks. Ransomware groups are quietly changing strategy in 2026. Instead of encrypting syst