
Qilin Ransomware Hits Isuzu Motors, Opéra Comique, and 3 Others
Qilin ransomware posted six victims including Isuzu Motors, Opéra Comique, and Australian healthcare provider The Banyans in a cross-sector June

Qilin ransomware posted six victims including Isuzu Motors, Opéra Comique, and Australian healthcare provider The Banyans in a cross-sector June

Nova claimed Trevi S.p.A., Stormous listed a Dutch Catholic group, and Akira hit a French ambulatory clinic in coordinated European

Akira ransomware posted three US victims on June 9: Spray Equipment with 26GB of W-2 records and engineering drawings, Rockaway

Chaos ransomware listed US telecom provider Airespring on its leak site. Rapid7 documented Chaos as a MuddyWater Iranian APT false-flag

Check Point disclosed CVE-2026-50751, a critical VPN authentication bypass exploited by Qilin ransomware for five weeks, and released an emergency

TheGentlemen ransomware posted 12 victims across 8 countries in one day, including two healthcare providers with HIPAA and NHS breach

Akira, Qilin, and Nightspire claimed four victims including a port trade association, a German security firm, a youth nonprofit, and

ShinyHunters published 234 GB of DentaQuest healthcare records for 2.6 million patients after ransom talks failed, exposing Medicaid IDs and

Play, Genesis, Nova, Incransom, Blackwater, and Krybit each posted victims on the same day, spanning automotive, dental, higher education, travel,

Payload ransomware posted Plaza Lama, Hansoll Textile, and Villea Hotels on its Tor leak site, targeting the Dominican Republic, Vietnam,

The Lynx ransomware group is a financially motivated threat actor operating under a Ransomware-as-a-Service (RaaS) model. Emerging as a successor

Fog ransomware, a prolific and secretive threat actor, targets organizations globally, deploying sophisticated multi-stage attacks resulting in data encryption and

Termite ransomware, active since at least late 2024, targets high-profile organizations. Recent victims include Blue Yonder and Zschimmer & Schwarz,

SafePay is a centralized ransomware group leveraging LockBit-derived code, stealthy infiltration, and rapid encryption—targeting SMEs and MSPs globally without using

Scattered Spider isn’t a single group but a sprawling web of identity-based attackers exploiting help desks, MFA gaps, and cloud

Anubis ransomware combines encryption and file-wiping capabilities, targeting Windows, Linux, and NAS systems with stealthy command-line execution and affiliate-driven campaigns

BlackSuit, formerly Royal, is a sophisticated ransomware group using multi-vector attacks, partial encryption, and double extortion to target global organizations,

INC Ransomware is a sophisticated and relatively new cybercriminal group known for its targeted ransomware attacks against corporate and organizational

Scattered Spider, also known as UNC3944, is a financially motivated cybercriminal group known for its sophisticated social engineering tactics and

APT40, also known as ATK29, BRONZE MOHAWK, G0065, GADOLINIUM, Gingham Typhoon, ISLANDDREAMS, ITG09, KRYPTONITE PANDA, Leviathan, MUDCARP, Red Ladon, TA423,

GhostSec evolved from anti-ISIS hacktivists into a global ransomware threat, deploying GhostLocker via RaaS and targeting critical infrastructure with sophisticated,

Overview Sodinokibi, also known as REvil, is a highly prolific and sophisticated ransomware-as-a-service (RaaS) operation active since at least April
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.