Ex-Sygnia and DigitalMint employees confessed to deploying BlackCat ransomware against U.S. companies in 2023, using their insider knowledge for malicious
Oltenia Energy Complex, Romania’s primary coal-based energy producer, faced a ransomware attack on the second day of Christmas, severely impacting
The evolution of MacSync malware allows seamless operation without requiring direct user terminal interaction. Distribution via a signed Swift application
Artem Stryzhak, an alleged affiliate of the Nefilim ransomware group, has pleaded guilty to conspiracy to commit computer fraud in
The personal information of nearly 3.5 million University of Phoenix students, staff, and suppliers has been compromised due to a
The Kimwolf Android botnet, uncovered by XLab, has compromised more than 1.8 million devices globally. With over 1.7 billion DDoS
RansomHouse has enhanced their ransomware-as-a-service (RaaS) platform by transitioning from a simple single-phase encryption technique to a sophisticated multi-layered method.
The Clop ransomware group is targeting Gladinet CentreStack file servers, focusing on systems vulnerable due to internet exposure. This campaign
The e-commerce and logistics firm Askul was targeted by RansomHouse in October, resulting in a data breach impacting 700,000 records,
Ransomware groups target hypervisors to encrypt many virtual machines simultaneously, exploiting vulnerabilities in virtualized environments. Organizations must understand this evolving
Authorities arrest a Lithuanian individual suspected of deploying clipboard-stealer malware through KMSAuto, impacting 2.8 million computers. The tool, camouflaged as
ESET reports the emergence of LongNosedGoblin, an uncharted threat targeting governmental bodies in Southeast Asia and Japan since September 2023.
Over the past three months, the formidable Aisuru botnet has executed more than 1,300 DDoS attacks, one of which reached
Clop ransomware continues to evolve as one of the most destructive global cyber threats. Learn how it spreads, its impact,
Violet Typhoon, a China-linked cyber-espionage actor active since 2015, targets governments, NGOs, and academic institutions using SharePoint zero-day exploits. Its
GhostSec evolved from hacktivist roots into a hybrid ransomware threat, using GhostLocker to target global sectors with encryption, extortion, and
This threat actor profile examines the Warlock ransomware group, tracked as Storm-2603 and GOLD SALEM. Active since March 2025, Warlock
Gunra is a double-extortion ransomware group, active since April 2025, leveraging leaked Conti code for high-speed, cross-platform attacks. With victims
APT36 (Transparent Tribe) is exploiting Linux .desktop files in a new espionage campaign against Indian defense and government targets. Disguised
Crypto24 is a rising ransomware group targeting mid-sized global firms, using stealth tools, cloud exfiltration, and double-extortion tactics to steal,
Charon ransomware, emerging in 2025, targets Middle East sectors with APT-level tactics, DLL sideloading, hybrid encryption, and advanced evasion, posing
APT28, aka Fancy Bear, a Russian GRU-linked group, conducts sophisticated espionage and information theft campaigns globally, targeting governments and critical
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.