Threat Actor

Violet Typhoon: China-Nexus Espionage Actor

October 21, 2025

Violet Typhoon, a China-linked cyber-espionage actor active since 2015, targets governments, NGOs, and academic institutions using SharePoint zero-day exploits. Its

GhostSec – From Hacktivist to Ransomware Warlord

September 30, 2025

GhostSec evolved from hacktivist roots into a hybrid ransomware threat, using GhostLocker to target global sectors with encryption, extortion, and

Warlock Group / GOLD SALEM (aka Storm-2603) — Threat Profile

September 25, 2025

This threat actor profile examines the Warlock ransomware group, tracked as Storm-2603 and GOLD SALEM. Active since March 2025, Warlock

Hackers Threaten Google with Data Leak Unless it Fires Threat Intelligence Employees

September 3, 2025

Hackers calling themselves Scattered LapSus Hunters threatened to leak Google databases unless two employees are dismissed, linking their demand to

Lynx Ransomware: INC Ransomware Reincarnated

July 29, 2025

The Lynx ransomware group is a financially motivated threat actor operating under a Ransomware-as-a-Service (RaaS) model. Emerging as a successor

Fog Ransomware: Data in the Mist

July 24, 2025

Fog ransomware, a prolific and secretive threat actor, targets organizations globally, deploying sophisticated multi-stage attacks resulting in data encryption and

Termite Ransomware: The Silent Invader

July 22, 2025

Termite ransomware, active since at least late 2024, targets high-profile organizations. Recent victims include Blue Yonder and Zschimmer & Schwarz,

INC Ransomware: TTPs, Impact and Mitigation

June 30, 2025

INC Ransomware is a sophisticated threat actor employing advanced techniques for devastating double extortion attacks. This in-depth analysis reveals their

BlackSuit (Royal) Ransomware: Conti Ransomware Reborn

June 11, 2025

BlackSuit, formerly Royal, is a sophisticated ransomware group using multi-vector attacks, partial encryption, and double extortion to target global organizations,

INC Ransomware: Master of Double Extortion

June 10, 2025

INC Ransomware is a sophisticated and relatively new cybercriminal group known for its targeted ransomware attacks against corporate and organizational

Violet Typhoon: China-Nexus Espionage Actor

GhostSec – From Hacktivist to Ransomware Warlord

Warlock Group / GOLD SALEM (aka Storm-2603) — Threat Profile

Hackers Threaten Google with Data Leak Unless it Fires Threat Intelligence Employees

Lynx Ransomware: INC Ransomware Reincarnated

Fog Ransomware: Data in the Mist

Termite Ransomware: The Silent Invader

INC Ransomware: TTPs, Impact and Mitigation

BlackSuit (Royal) Ransomware: Conti Ransomware Reborn

INC Ransomware: Master of Double Extortion

Violet Typhoon: China-Nexus Espionage Actor

GhostSec – From Hacktivist to Ransomware Warlord

Warlock Group / GOLD SALEM (aka Storm-2603) — Threat Profile

Hackers Threaten Google with Data Leak Unless it Fires Threat Intelligence Employees

Lynx Ransomware: INC Ransomware Reincarnated

Fog Ransomware: Data in the Mist

Termite Ransomware: The Silent Invader

INC Ransomware: TTPs, Impact and Mitigation

BlackSuit (Royal) Ransomware: Conti Ransomware Reborn

INC Ransomware: Master of Double Extortion

AI-Powered Phishing Campaigns Mimic Enterprise Marketing Operations

Sneaky 2FA PhaaS Platform Adds Browser-in-the-Browser Attacks to Bypass MFA

Dutch Police Dismantle Bulletproof Hosting Platform Used by Cybercriminals

Fraudsters Spoof U.S. Insurers in Health Scam Targeting Chinese Speakers

Google Sues Chinese Cybercriminal Group Behind Massive “Lighthouse” Smishing Campaign

LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives

Route Redirect Automates Large-Scale Microsoft 365 Phishing

Swiss Cybersecurity Agency Warns of Phishing Scam Targeting Apple ID Credentials

Rhysida Ransomware Gang Exploits Bing Ads to Spread Malware

Cybercriminals Target Shipping Sector With RMM-Based Cargo Theft Attacks

Daily Briefing Newsletter