Ransomware

Cybersecurity
CSE Admits Hacking Ransomware Gangs and Deleting Stolen Victim Data
Canada's CSE confirmed offensive cyber operations against ransomware gangs, including destroying a gang's full infrastructure and deleting stolen victim data.
Application Security
JADEPUFFER: First AI-Orchestrated Ransomware Exploits Langflow RCE
Sysdig identified JADEPUFFER, the first ransomware campaign run by an LLM autonomous agent exploiting CVE-2026-33017 in Langflow to complete full attack chains without human operators.
Cybersecurity
Qilin Ransomware Claims Canadian Manufacturer Chamco Industries
Qilin listed Chamco Industries on its dark web extortion portal, threatening to leak stolen data in its latest attack on a Canadian manufacturing company.
Cybersecurity
FortiBleed True Scale: 430,000 Firewalls Targeted, INC and Lynx Linked
SOCRadar confirmed FortiBleed hit 430,000 FortiGate firewalls with sniffers on 19,000 devices, linking the operation to INC Ransom and Lynx ransomware groups.
Application Security
DeepSeek Built Browser Ransomware Using Chrome File System API
Check Point researchers showed DeepSeek generated InfernoGrabber 9000, near-functional browser ransomware using Chrome's File System Access API to encrypt files across four OS platforms.
CVE Vulnerability Alerts
CISA Confirms BlueHammer CVE-2026-33825 Used in Ransomware
CISA updated its KEV entry for CVE-2026-33825 to flag ransomware group exploitation of the Windows Defender privilege escalation flaw, first patched in April.
Cybersecurity
Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps
The Rokarolla Android banking trojan evolved beyond credential theft with a 137-command C2 framework targeting 217 banking and cryptocurrency applications.
Cybersecurity
Phantom Stealer Fileless Malware Targets Browser Credentials in Memory
Researchers identified Phantom Stealer as a new fileless credential stealer targeting all browsers via in-memory execution and anti-analysis techniques.
Cybersecurity
INC Ransomware Targets Healthcare, Education, and Local Government
Investigation reveals INC ransomware achieves consistent revenue by targeting healthcare, education, and local government with rapid encryption and data exfiltration.
Cybersecurity
Gentlemen RaaS Group Maintains Purpose-Built EDR Killers
Gentlemen ransomware-as-a-service operation develops and maintains purpose-built endpoint detection kill tools to disable security protections before ransomware deployment.

Threat actors