Conti Ransomware Associate Oleksii Lytvynenko Charged After U.S. Extradition
November 2, 2025
Ukrainian national Oleksii Lytvynenko has been extradited to the U.S. to face charges for aiding the Conti ransomware group, marking
Ransomware
Conti Ransomware Associate Oleksii Lytvynenko Charged After U.S. Extradition
Ukrainian national Oleksii Lytvynenko has been extradited to the U.S. to face charges for aiding the Conti ransomware group, marking a major milestone in cross-border ...
Qilin Ransomware Leverages WSL to Deploy Linux Encryptors on Windows Systems
Qilin ransomware now exploits the Windows Subsystem for Linux to deploy Linux encryptors on Windows hosts, blending BYOVD attacks and remote-management tools for stealth/
Maryland Paratransit Ransomware Disrupts Mobility: New Ride Requests Halted
A ransomware attack on Maryland’s Transit Administration crippled paratransit scheduling, disrupting transportation for disabled riders. The Rhysida group claimed responsibility, demanding ransom after locking key ...
Microsoft Ties Storm-1175 to Medusa Ransomware via GoAnywhere Flaw (CVSS 10.0)
Microsoft has linked the exploitation of a critical GoAnywhere MFT vulnerability (CVE-2025-10035) to the Storm-1175 threat group, operators of the Medusa ransomware. The flaw, rated ...
Muji Suspends Online Sales in Japan After Askul Ransomware Attack
Muji has halted its Japanese online sales following a ransomware attack on its logistics partner, Askul Corporation, disrupting orders, shipments, and digital retail services.
Clarins Listed by Everest Ransomware Gang on Dark Web Post
Paris-headquartered luxury skincare maker Clarins has been named on a dark web leak page run by the Everest ransomware gang, ...
Maryland’s Paratransit Ransomware Strike: Cyberattack Disrupts Disabled Transit Services
A ransomware attack on Maryland’s Mobility paratransit system has disrupted critical transportation for disabled residents, blocking new reservations and rebookings. While core transit services remain ...
Inotiv Ransomware Attack Disrupts Operations After Qilin Claims 176GB Data Theft
Inotiv confirms a ransomware attack encrypted systems and data, disrupting operations. SEC filing cites Qilin claims of 176GB theft as investigators restore and assess impact.
U.S. Seizes $1M in Cryptocurrency from BlackSuit Ransomware Gang
U.S. agencies seized over $1 million in cryptocurrency and critical infrastructure from the BlackSuit ransomware gang. While the takedown marks progress, core members have already ...
US Becomes Ransomware Capital with 146% Increase in Attacks
The U.S. now accounts for 50% of global ransomware incidents, with attacks surging 146% year-over-year. Critical sectors like manufacturing, healthcare, and energy face escalating threats ...
Qilin Ransomware Leverages WSL to Deploy Linux Encryptors on Windows Systems
October 29, 2025
Qilin ransomware now exploits the Windows Subsystem for Linux to deploy Linux encryptors on Windows hosts, blending BYOVD attacks and
Maryland Paratransit Ransomware Disrupts Mobility: New Ride Requests Halted
October 27, 2025
A ransomware attack on Maryland’s Transit Administration crippled paratransit scheduling, disrupting transportation for disabled riders. The Rhysida group claimed responsibility,
Microsoft Ties Storm-1175 to Medusa Ransomware via GoAnywhere Flaw (CVSS 10.0)
October 21, 2025
Microsoft has linked the exploitation of a critical GoAnywhere MFT vulnerability (CVE-2025-10035) to the Storm-1175 threat group, operators of the
Muji Suspends Online Sales in Japan After Askul Ransomware Attack
October 21, 2025
Muji has halted its Japanese online sales following a ransomware attack on its logistics partner, Askul Corporation, disrupting orders, shipments,
Clarins Listed by Everest Ransomware Gang on Dark Web Post
September 23, 2025
Paris-headquartered luxury skincare maker Clarins has been named on a dark web leak page run by the Everest ransomware gang,
Maryland’s Paratransit Ransomware Strike: Cyberattack Disrupts Disabled Transit Services
September 2, 2025
A ransomware attack on Maryland’s Mobility paratransit system has disrupted critical transportation for disabled residents, blocking new reservations and rebookings.
Inotiv Ransomware Attack Disrupts Operations After Qilin Claims 176GB Data Theft
August 19, 2025
Inotiv confirms a ransomware attack encrypted systems and data, disrupting operations. SEC filing cites Qilin claims of 176GB theft as
U.S. Seizes $1M in Cryptocurrency from BlackSuit Ransomware Gang
August 18, 2025
U.S. agencies seized over $1 million in cryptocurrency and critical infrastructure from the BlackSuit ransomware gang. While the takedown marks
US Becomes Ransomware Capital with 146% Increase in Attacks
August 12, 2025
The U.S. now accounts for 50% of global ransomware incidents, with attacks surging 146% year-over-year. Critical sectors like manufacturing, healthcare,
Threat actors
Clop Ransomware: A Growing Danger to Cybersecurity Worldwide
October 22, 2025
Clop ransomware continues to evolve as one of the most destructive global cyber threats. Learn how it spreads, its impact,
Violet Typhoon: China-Nexus Espionage Actor
October 21, 2025
Violet Typhoon, a China-linked cyber-espionage actor active since 2015, targets governments, NGOs, and academic institutions using SharePoint zero-day exploits. Its
GhostSec – From Hacktivist to Ransomware Warlord
September 30, 2025
GhostSec evolved from hacktivist roots into a hybrid ransomware threat, using GhostLocker to target global sectors with encryption, extortion, and
Warlock Group / GOLD SALEM (aka Storm-2603) — Threat Profile
September 25, 2025
This threat actor profile examines the Warlock ransomware group, tracked as Storm-2603 and GOLD SALEM. Active since March 2025, Warlock
Gunra Ransomware: Tactics, Victims, and Threat Intelligence
August 28, 2025
Gunra is a double-extortion ransomware group, active since April 2025, leveraging leaked Conti code for high-speed, cross-platform attacks. With victims
APT36 Hackers Abuse Linux to Deliver Malware in Espionage Attacks
August 28, 2025
APT36 (Transparent Tribe) is exploiting Linux .desktop files in a new espionage campaign against Indian defense and government targets. Disguised
Crypto24 Ransomware: The Phantom Encryptor
August 18, 2025
Crypto24 is a rising ransomware group targeting mid-sized global firms, using stealth tools, cloud exfiltration, and double-extortion tactics to steal,
Charon Ransomware: Stealthy Cyber Extortion Syndicate
August 18, 2025
Charon ransomware, emerging in 2025, targets Middle East sectors with APT-level tactics, DLL sideloading, hybrid encryption, and advanced evasion, posing
APT28 / Fancy Bear: Russian State Sponsored APT
August 6, 2025
APT28, aka Fancy Bear, a Russian GRU-linked group, conducts sophisticated espionage and information theft campaigns globally, targeting governments and critical
DragonForce Ransomware – Hacktivist Turned Cybercriminal Enterprise
August 4, 2025
DragonForce is a ransomware and data extortion group that evolved from a pro-Palestinian hacktivist collective into a financially motivated cybercriminal
Lynx Ransomware: INC Ransomware Reincarnated
July 29, 2025
The Lynx ransomware group is a financially motivated threat actor operating under a Ransomware-as-a-Service (RaaS) model. Emerging as a successor
Fog Ransomware: Data in the Mist
July 24, 2025
Fog ransomware, a prolific and secretive threat actor, targets organizations globally, deploying sophisticated multi-stage attacks resulting in data encryption and
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.