Incransom Claims Meirc Breach, Threatens to Leak 1TB of Client Data
May 26, 2026
Incransom has claimed a full-network breach of Meirc Training & Consulting on May 25, threatening to publish 1TB of employee
Ransomware
Incransom Claims Meirc Breach, Threatens to Leak 1TB of Client Data
Incransom has claimed a full-network breach of Meirc Training & Consulting on May 25, threatening to publish 1TB of employee and client data within one ...
DragonForce Lists Indiana Greenhouse Firm Heartland Growers
DragonForce ransomware listed Indiana wholesale greenhouse firm Heartland Growers on its dark web leak site amid escalating agricultural sector targeting.
Nova Ransomware Hits Brazilian Government Agency and Turkish Tech Firm
Nova ransomware claimed Brazil's SECONT and Turkey's Adensa Teknoloji on May 24, its third posting in three days spanning South America, Europe, and Turkey.
Qilin Ransomware Batch-Lists 7 Victims Across Five Countries
Qilin ransomware disclosed seven victims in a single May 24 batch across five countries, including a Czech financial firm and US accounting services provider.
Nightspire Ransomware Hits US Healthcare in Nine-Victim Batch
Nightspire ransomware posted nine victims on May 24 including US adult day center La Familia, an Egyptian Papa John's franchise, and a consumer lender across ...
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
ShinyHunters listed Charter Communications with 42 million claimed records and a May 27 dump deadline; Charter confirmed an investigation with authorities.
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Baker Distributing Company was added to ShinyHunters' Salesforce extortion campaign with 260,000 CRM records exposed and a May 27 public leak deadline.
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
Sophos CTU analysis reveals WantToCry ransomware encrypts files off-device via brute-forced SMB sessions, leaving no local binary for EDR tools to detect.
Microsoft Disrupts Fox Tempest Malware-Signing Service
Microsoft seized Fox Tempest's signspace.cloud domain and revoked over 1,000 fraudulent code-signing certificates used by ransomware groups and infostealers.
KongTuke IAB Uses Microsoft Teams to Deploy ModeloRAT in 5 Minutes
ReliaQuest found KongTuke impersonating IT help desk staff via Microsoft Teams to trick employees into running PowerShell, deploying ModeloRAT and selling access to ransomware groups.
DragonForce Lists Indiana Greenhouse Firm Heartland Growers
May 26, 2026
DragonForce ransomware listed Indiana wholesale greenhouse firm Heartland Growers on its dark web leak site amid escalating agricultural sector targeting.
Nova Ransomware Hits Brazilian Government Agency and Turkish Tech Firm
May 26, 2026
Nova ransomware claimed Brazil’s SECONT and Turkey’s Adensa Teknoloji on May 24, its third posting in three days spanning South
Qilin Ransomware Batch-Lists 7 Victims Across Five Countries
May 26, 2026
Qilin ransomware disclosed seven victims in a single May 24 batch across five countries, including a Czech financial firm and
Nightspire Ransomware Hits US Healthcare in Nine-Victim Batch
May 26, 2026
Nightspire ransomware posted nine victims on May 24 including US adult day center La Familia, an Egyptian Papa John’s franchise,
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
May 25, 2026
ShinyHunters listed Charter Communications with 42 million claimed records and a May 27 dump deadline; Charter confirmed an investigation with
ShinyHunters Claims 260K Baker Distributing Salesforce Records
May 25, 2026
Baker Distributing Company was added to ShinyHunters’ Salesforce extortion campaign with 260,000 CRM records exposed and a May 27 public
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
May 22, 2026
Sophos CTU analysis reveals WantToCry ransomware encrypts files off-device via brute-forced SMB sessions, leaving no local binary for EDR tools
Microsoft Disrupts Fox Tempest Malware-Signing Service
May 20, 2026
Microsoft seized Fox Tempest’s signspace.cloud domain and revoked over 1,000 fraudulent code-signing certificates used by ransomware groups and infostealers.
KongTuke IAB Uses Microsoft Teams to Deploy ModeloRAT in 5 Minutes
May 19, 2026
ReliaQuest found KongTuke impersonating IT help desk staff via Microsoft Teams to trick employees into running PowerShell, deploying ModeloRAT and
Threat actors
Cybercrime Group Targets Developers with Malicious Telnyx Package on PyPI
March 31, 2026
Cybercrime group associated with Trivy attack uploads malicious Telnyx packages to PyPI aiming to deploy credential-stealing malware.
FBI Seizes LeakBase and Disrupts a Major Cybercrime Forum
March 5, 2026
A recent FBI takedown of the LeakBase cybercrime forum disrupts major online criminal activities.
Texas Sues TP-Link Over Router Security Deception Tied to Chinese State-Backed Hackers
February 19, 2026
Texas accuses TP-Link of falsely advertising its routers’ security, allowing Chinese state-backed hackers to exploit firmware vulnerabilities and acce…
Polish Authorities Detain Suspected Phobos Ransomware Operative
February 18, 2026
Polish authorities have arrested a 47-year-old man suspected of participating in cybercrimes associated with the Phobos ransomware. During the operation,
FBI Successfully Seizes RAMP Cybercrime Forum Disrupting Ransomware Operations
January 29, 2026
The FBI has effectively dismantled RAMP, a prominent cybercriminal forum. Known for its bold promotion of ransomware activities, RAMP’s seizure
NoName057(16) Splinter Cells: Europe’s Volunteer DDoS Threat
January 22, 2026
Decentralized pro-Russian hacktivist cells execute targeted DDoS campaigns across Europe, leveraging volunteer botnets and pre-announced attacks to disrupt governments, banks,
Law Enforcement Identifies Black Basta Ransomware Leader
January 19, 2026
Ukraine and Germany confirm the identity of the Black Basta ransomware leader, now on the Europol and Interpol wanted lists.
Fleeing Ransomware Leader Now Among Germany’s Most Wanted
January 18, 2026
Russian national Oleg Evgenievich Nefekov, involved in major ransomware activities, has evaded capture, reportedly returning to his homeland. German authorities
Stalkerware Vendor’s Guilty Plea: A Rare Legal Victory in Consumer Spyware Prosecution
January 7, 2026
A significant legal breakthrough marks only the second successful prosecution of a consumer spyware vendor in over ten years by
ShinyHunters’ Strategic Use of Decoy Accounts in Cyber Espionage
January 5, 2026
In September 2025, a significant development in the realm of cyber threats emerged with the activities of a hacker group
Arrest Linked to KMSAuto Malware Campaign That Hit 2.8 Million Systems
December 29, 2025
Authorities arrest a Lithuanian individual suspected of deploying clipboard-stealer malware through KMSAuto, impacting 2.8 million computers. The tool, camouflaged as
Ukrainian Nefilim Ransomware Affiliate Pleads Guilty in U.S.
December 22, 2025
Artem Stryzhak, an alleged affiliate of the Nefilim ransomware group, has pleaded guilty to conspiracy to commit computer fraud in
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.