ClickFix ransomware now employs deceptive Windows Update animations to mislead users. This article explores the ClickFix attack evolution, detection innovations,
Huntress analysts deconstruct a Qilin ransomware attack using a single endpoint and limited logs, uncovering rogue access, failed infostealer attempts,
ShinyHunters admits to exploiting Gainsight security vulnerabilities, affecting numerous Salesforce users. This breach heightens concerns over data security and ransomware
An early leak of the ShinySp1d3r ransomware-as-a-service platform reveals a modular, highly customizable framework still in development. Featuring configurable encryption
A ransomware attack by the Inc Ransom group has hit the Pennsylvania Office of the Attorney General, with attackers claiming
A malware campaign tied to the EVALUSION threat cluster is abusing fake ClickFix utilities to deploy Amatera Stealer or NetSupport
Clop exploited an unpatched Oracle E-Business Suite flaw to steal corporate data from Logitech, prompting the company to confirm exposure
Kraken ransomware benchmarks system performance to choose full or partial encryption, enabling efficient data theft and encryption across Windows, Linux,
Researchers have linked the new Maverick malware to the Coyote banking trojan, both targeting financial users in Brazil. Distributed via
Rhysida ransomware operators breached Spain’s KISS FM, stealing internal data and demanding 300 000 U.S. dollars, marking a new escalation
Clop ransomware continues to evolve as one of the most destructive global cyber threats. Learn how it spreads, its impact,
Violet Typhoon, a China-linked cyber-espionage actor active since 2015, targets governments, NGOs, and academic institutions using SharePoint zero-day exploits. Its
GhostSec evolved from hacktivist roots into a hybrid ransomware threat, using GhostLocker to target global sectors with encryption, extortion, and
This threat actor profile examines the Warlock ransomware group, tracked as Storm-2603 and GOLD SALEM. Active since March 2025, Warlock
Gunra is a double-extortion ransomware group, active since April 2025, leveraging leaked Conti code for high-speed, cross-platform attacks. With victims
APT36 (Transparent Tribe) is exploiting Linux .desktop files in a new espionage campaign against Indian defense and government targets. Disguised
Crypto24 is a rising ransomware group targeting mid-sized global firms, using stealth tools, cloud exfiltration, and double-extortion tactics to steal,
Charon ransomware, emerging in 2025, targets Middle East sectors with APT-level tactics, DLL sideloading, hybrid encryption, and advanced evasion, posing
APT28, aka Fancy Bear, a Russian GRU-linked group, conducts sophisticated espionage and information theft campaigns globally, targeting governments and critical
DragonForce is a ransomware and data extortion group that evolved from a pro-Palestinian hacktivist collective into a financially motivated cybercriminal
The Lynx ransomware group is a financially motivated threat actor operating under a Ransomware-as-a-Service (RaaS) model. Emerging as a successor
Fog ransomware, a prolific and secretive threat actor, targets organizations globally, deploying sophisticated multi-stage attacks resulting in data encryption and
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.