_Tithi_Luadthong_alamy.png?width=1280&auto=webp&quality=80&disable=upscale)
Warlock Ransomware Group Augments Post-Exploitation Activities
In a recent attack, the group showcased stealthier cross-network activity, thanks to its use of a new BYOVD technique and other tools.
Less Lucrative Ransomware Market Makes Attackers Alter Methods
Ransomware actors are ditching Cobalt Strike in favor of native Windows tools, as payment rates hit record lows and data theft surges.
More Attackers Are Logging In, Not Breaking In
Credential theft soared in the second half of 2025, thanks in part to the industrialization of infostealer malware and AI-enabled social engineering.
C2 Implant 'SnappyClient' Targets Crypto Wallets
In addition to enabling remote access, the malware supports a wide range of capabilities, including data theft and spying.
Interlock Ransomware Targets Cisco Enterprise Firewalls
The ransomware gang, known for double-extortion attacks, had access to a critical Cisco firewall vulnerability weeks before it was publicly disclosed.
Cyber OpSec Fail: Beast Gang Exposes Ransomware Server
Files on a central cloud server used by the ransomware group highlight a systematic, aggressive attack on network backups as a key TTP.
_Wavebreakmedia_Ltd_IFE-210813_Alamy.png?width=1280&auto=webp&quality=80&disable=upscale)
Attackers Hide Infostealer in Copyright Infringement Notices
A phishing campaign targeting healthcare, government, hospitality, and education sectors in various countries uses several evasion techniques to avoid detection.
Ransomware's New Era: Moving at AI Speed
Threat actors bypass security tools and use AI to launch faster ransomware attacks that exploit valid credentials and target data
Trivy Supply Chain Attack Targets CI/CD Secrets
A threat actor used the open source security tool to deploy an infostealer into CI/CD workflows and steal cloud credentials, SSH keys, tokens, and other sensitive secrets.
INTERPOL Dismantles 45,000 Malicious IPs, Arrests 94 in Global Cybercrime
INTERPOL on Friday announced the takedown of 45,000 malicious IP addresses and servers used in connection with phishing, malware, and ransomware campaigns, as part of the agency's ongoing efforts to dismantle criminal networks, disrupt emerging threats, and safeguard victims from
Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware
A suspected China-based cyber espionage operation has targeted Southeast Asian military organizations as part of a state-sponsored campaign that dates back to at least 2020. Palo Alto Networks Unit 42 is tracking the threat activity under the moniker CL-STA-1087, where CL refers
GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers
Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a "significant escalation" in how it propagates through the Open VSX registry. "Instead of requiring every malicious listing to embed the loader directly, the threat actor is