ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Vect ransomware actually destructive wiper malware
<p>The authors of a new strain of ransomware called <a href="https://www.halcyon.ai/ransomware-alerts/emerging-ransomware-group-vect" target="_blank" rel="noopener">Vect</a> are drawing attention thanks to a partnership
Trigona ransomware adopts custom tool to steal data and evade detection
Trigona ransomware now uses a custom command-line tool to steal data faster and evade detection, replacing tools like Rclone and MegaSync. Symantec researchers report that recent Trigona ransomware attacks used a custom-
Trigona ransomware attacks use custom exfiltration tool to steal data
Recently observed Trigona ransomware attacks are using a custom, command-line tool to steal data from compromised environments faster and more efficiently. [...]
Kyber ransomware gang toys with post-quantum encryption on Windows
A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints in recent attacks, with one variant implementing Kyber1024 post-quantum encryption. [...]
SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation
Threat actors associated with The Gentlemen ransomware‑as‑a‑service (RaaS) operation have been observed attempting to deploy a known proxy malware called SystemBC. According to new research published by Check Point, the
Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023
A third individual who was employed as a ransomware negotiator has pleaded guilty to conducting ransomware attacks against U.S. companies in 2023. Angelo Martino, 41, of Land O'Lakes, Florida, teamed up with the operator
The Gentlemen ransomware now uses SystemBC for bot-powered attacks
A SystemBC proxy malware botnet of more than 1,570 hosts, believed to be corporate victims, has been discovered following an investigation into a Gentlemen ransomware attack carried out by a gang affiliate. [...]
CVE-2026-5967 - TeamT5|ThreatSonar Anti-Ransomware - Privilege Escalation
CVE ID :CVE-2026-5967 Published : April 20, 2026, 7:44 a.m. | 2 hours, 13 minutes ago Description :ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authenticated remote att
CVE-2026-5966 - TeamT5|ThreatSonar Anti-Ransomware - Arbitrary File Deletion
CVE ID :CVE-2026-5966 Published : April 20, 2026, 7:40 a.m. | 17 minutes ago Description :ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers
Payouts King ransomware uses QEMU VMs to bypass endpoint security
The Payouts King ransomware is using the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines on compromised systems and bypass endpoint security. [...]
Cookeville Regional Medical Center hospital data breach impacts 337,917 people
A ransomware attack on Cookeville Regional Medical Center hospital (Tennessee) exposed data of 337,000 people after hackers stole 500GB of sensitive information from its systems. A ransomware attack on Cookeville Regiona
China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware
A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate "high-velocity" attacks and break into susceptib
Microsoft links Medusa ransomware affiliate to zero-day attacks
Microsoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks. [...]
Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools
Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver (BYOVD) technique to silence security tools running on compromised hosts, according to f
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed
Qilin Ransomware Uses Malicious DLL to Kill Almost Every Vendor’s EDR Solutions
Qilin ransomware group is deploying a sophisticated, multi-stage infection chain via a malicious msimg32.dll that can disable over 300 endpoint detection and response (EDR) drivers from virtually every major security ven
Exposed Server Reveals TheGentlemen Ransomware Toolkit, Victim Credentials, and Ngrok Tokens
A misconfigured server hosted on a Russian bulletproof hosting provider has exposed the complete operational toolkit of a TheGentlemen ransomware affiliate, including harvested victim credentials and plaintext authentica
Bearlyfy Hits 70+ Russian Firms with Custom GenieLocker Ransomware
A pro-Ukrainian group called Bearlyfy has been attributed to more than 70 cyber attacks targeting Russian companies since it first surfaced in the threat landscape in January 2025, with recent attacks leveraging a custom
CISA Warns of Cisco Secure Firewall Management Center 0-Day Exploited in Ransomware Attacks
An urgent warning highlights a critical zero-day in Cisco products, now added to the CISA Known Exploited Vulnerabilities Catalog after active exploitation in ransomware campaigns. Network defenders and security administ
Interlock group exploiting the CISCO FMC flaw CVE-2026-20131 36 days before disclosure
The Interlock ransomware group has exploited a Cisco FMC zero-day RCE vulnerability in attacks since late January. The Interlock ransomware group has been exploiting a critical zero-day RCE vulnerability, tracked as CVE-