ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 75
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter UDPGangster Campaigns Target Multiple Countries Ransomware Trends i
CyberVolk’s ransomware debut stumbles on cryptography weakness
The pro-Russia hacktivist group CyberVolk launched a ransomware-as-a-service (RaaS) called VolkLocker that suffered from serious implementation flaws, allowing victims to potentially decrypt files for free. [...]
In Other News: PromptPwnd Attack, Small macOS Bounties, Chinese Hackers Trained in Cisco Academy
Other noteworthy stories that might have slipped under the radar: Pentagon orders accelerated move to PQC, US shuts down scheme to smuggle GPUs to China, DroidLock Android ransomware. The post In Other News: PromptPwnd A
Fieldtex Data Breach Impacts 238,000
The Akira ransomware group took credit for the Fieldtex Products hack in November, claiming to have stolen 14 Gb of data. The post Fieldtex Data Breach Impacts 238,000 appeared first on SecurityWeek.
CyberVolk Hackers Group With New VolkLocker Payloads Attacks both Linux and Windows Systems
CyberVolk, a pro-Russia hacktivist group, has reemerged with a new ransomware platform called VolkLocker following a period of dormancy in 2025. The group, first documented in late 2024 for conducting attacks aligned wit
Streisand effect: Businesses that pay ransomware gangs are more likely to hit the headlines
<p>Companies that pay ransom demands to cyber criminals in the hope of restoring their IT systems may be at risk of greater negative publicity than those that refuse.</p> <p>An initial analysis of data seized by the Nat
Check Point veröffentlicht Cyber Threat Report für November 2025
Der November 2025 zeichnet ein klares und überzeugendes Bild: Sowohl das Volumen der weltweiten Cyberangriffe als auch die erfolgreichen Ransomware-Angriffe nehmen zu und betreffen eine Vielzahl von Regionen und Branchen
New DroidLock Malware Locks Android Devices and Demands a Ransom
A dangerous new malware called DroidLock is targeting Android users, particularly in Spanish-speaking regions, through phishing websites. This threat combines ransomware tactics with remote-control capabilities, posing a
New Multi-Platform 01flip Ransomware Supports Multi-platform Architecture, Including Windows and Linux
Security researchers at Palo Alto Networks discovered a new ransomware threat in June 2025 that marks a significant shift in malware development tactics. The 01flip ransomware family emerges as a fully Rust-written malwa
Makop Ransomware Exploits RDP Systems with AV Killer and Other Exploits
Makop ransomware, a strain of the Phobos malware family first spotted in 2020, continues to evolve into a significant threat to businesses worldwide. Recent analysis reveals that attackers are combining brute-force RDP a
GOLD BLADE Using Custom QWCrypt Locker that Allows Data Exfiltration and Ransomware Deployment
The GOLD BLADE threat group has shifted from pure espionage to a hybrid model that combines data theft with targeted ransomware attacks using a custom locker called QWCrypt. This shift follows a long-running campaign tra
Ransomware Targeting Hyper-V and VMware ESXi Surges as Akira Group Exploits System Vulnerabilities
A new wave of ransomware attacks targeting virtual machine platforms has emerged, with the Akira ransomware group leading a campaign against Hyper-V and VMware ESXi systems. These attacks pose a growing threat to enterpr
Ransomware IAB abuses EDR for stealthy malware execution
An initial access broker tracked as Storm-0249 is abusing endpoint detection and response solutions and trusted Microsoft Windows utilities to load malware, establish communication, and persistence in preparation for ran
Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading
The threat actor known as Storm-0249 is likely shifting from its role as an initial access broker to adopt a combination of more advanced tactics like domain spoofing, DLL side-loading, and fileless PowerShell execution
STAC6565 Targets Canada in 80% of Attacks as Gold Blade Deploys QWCrypt Ransomware
Canadian organizations have emerged as the focus of a targeted cyber campaign orchestrated by a threat activity cluster known as STAC6565. Cybersecurity company Sophos said it investigated almost 40 intrusions linked to
FinCEN data shows $4.5B in ransomware payments, record spike in 2023
Ransomware payments reported to FinCEN exceeded $4.5B by 2024, with 2023 marking a record year at $1.1B across 1,512 incidents. FinCEN analyzed ransomware trends using Bank Secrecy Act (BSA) reports filed from January 20
Ransomware gangs turn to Shanya EXE packer to hide EDR killers
Several ransomware groups have been spotted using a packer-as-a-service (PaaS) platform named Shanya to assist in EDR (endpoint detection and response) killing operations. [...]
Ransomware-Bande Qilin stiehlt Daten von Scientology
Die Cyber-Bande Qilin hat aus der IT von Scientology Daten geklaut. Offenbar ist die Organisation in Großbritannien betroffen.
FinCEN says ransomware gangs extorted over $2.1B from 2022 to 2024
A new report by the Financial Crimes Enforcement Network (FinCEN) shows that ransomware activity peaked in 2023 before falling in 2024, following a series of law enforcement actions targeting the ALPHV/BlackCat and LockB
Oracle EBS zero-day used by Clop to breach Barts Health NHS
Clop ransomware stole data from Barts Health NHS after exploiting a zero-day in its Oracle E-Business Suite. Barts Health NHS confirmed that Clop ransomware group stole data by exploiting zero-day CVE-2025-61882 in its O