React2Shell is exploiting a severe flaw in React Server Components to install cryptocurrency miners and introduce unseen malware families. The
Initial Access Broker Storm-0249 exploits Endpoint Detection and Response (EDR) solutions and Windows utilities to load malware, establish communication channels,
Inotiv, a major research organization, disclosed a ransomware attack that exposed personal, financial, and medical information of over 9,500 individuals.
The combined force of DragonForce and English-speaking hackers brings sophisticated social engineering to ransomware attacks. Discover the advancement and implication
The University of Pennsylvania recently disclosed a data breach affecting over 1,400 individuals. Attackers exploited a zero-day vulnerability in Oracle’s
A U.S. civil engineering firm’s security was compromised by RomCom malware in September 2025. Researchers at Arctic Wolf Labs discovered
ShadowV2, a Mirai-based botnet, exploited last October’s AWS outage to infect IoT devices worldwide. Experts at Fortinet highlight this event
ClickFix ransomware now employs deceptive Windows Update animations to mislead users. This article explores the ClickFix attack evolution, detection innovations,
Huntress analysts deconstruct a Qilin ransomware attack using a single endpoint and limited logs, uncovering rogue access, failed infostealer attempts,
ShinyHunters admits to exploiting Gainsight security vulnerabilities, affecting numerous Salesforce users. This breach heightens concerns over data security and ransomware
Over the past three months, the formidable Aisuru botnet has executed more than 1,300 DDoS attacks, one of which reached
Clop ransomware continues to evolve as one of the most destructive global cyber threats. Learn how it spreads, its impact,
Violet Typhoon, a China-linked cyber-espionage actor active since 2015, targets governments, NGOs, and academic institutions using SharePoint zero-day exploits. Its
GhostSec evolved from hacktivist roots into a hybrid ransomware threat, using GhostLocker to target global sectors with encryption, extortion, and
This threat actor profile examines the Warlock ransomware group, tracked as Storm-2603 and GOLD SALEM. Active since March 2025, Warlock
Gunra is a double-extortion ransomware group, active since April 2025, leveraging leaked Conti code for high-speed, cross-platform attacks. With victims
APT36 (Transparent Tribe) is exploiting Linux .desktop files in a new espionage campaign against Indian defense and government targets. Disguised
Crypto24 is a rising ransomware group targeting mid-sized global firms, using stealth tools, cloud exfiltration, and double-extortion tactics to steal,
Charon ransomware, emerging in 2025, targets Middle East sectors with APT-level tactics, DLL sideloading, hybrid encryption, and advanced evasion, posing
APT28, aka Fancy Bear, a Russian GRU-linked group, conducts sophisticated espionage and information theft campaigns globally, targeting governments and critical
DragonForce is a ransomware and data extortion group that evolved from a pro-Palestinian hacktivist collective into a financially motivated cybercriminal
The Lynx ransomware group is a financially motivated threat actor operating under a Ransomware-as-a-Service (RaaS) model. Emerging as a successor
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.