Ransomware

Medusa and DragonForce use SimpleHelp flaws for attacks—learn about the tactics, impacts, and defenses against supply chain ransomware.

Qilin ransomware uses Windows tools to steal data—learn about its tactics, targets, and defenses like monitoring and segmentation to protect against this growing threat.

Ignoble Scorpius exploited a VPN login for ransomware chaos, stealing data and encrypting systems—learn to use MFA, segment networks, and detect threats early to safeguard your business from these growing risks.

FortiGuard Labs exposes Chaos ransomware's aggressive C++ upgrade—selective encryption, large file deletion, and Bitcoin wallet swapping via clipboard hijack. This RaaS threat from ex-BlackSuit actors targets big-game hunting; bolster backups and detection to counter faster, multifaceted attacks.

Unspecified flaw in Oracle E-Business Suite's BI Publisher Integration allows unauthenticated HTTP attacks to hijack Concurrent Processing, exploited in ransomware campaigns. Apply patches, follow BOD 22-01 guidance, or discontinue use to protect enterprise operations from data encryption and downtime.

Microsoft alerts on cybercriminals and state actors abusing Teams' messaging, calls, and sharing for full attack lifecycle—from reconnaissance with TeamsEnum to exfiltration via GraphRunner and extortion by Octo Tempest. Harden identities, monitor anomalies, and train users to mitigate.

New Android RAT on GitHub ("Huckel789/Android-RAT") promises permanent stealth, web-based control from any device, and features like SMS theft, 2FA hijacking, live cams, ransomware—no PC needed. Experts warn of lowered cybercrime barriers; analyze in isolation for defenses.

Attackers abuse Oracle Database Scheduler's External Jobs via extjobo.exe to execute commands, tunnel RDP with Ngrok, escalate privileges, and deploy ransomware. Learn about the breach tactics, cleanup methods, and key mitigations to secure database environments.

Kawa4096 ransomware, active since June 2025, attacks multinational firms using double extortion by stealing data before encryption and threatening public leaks. It employs partial encryption and deletes shadow copies to prevent recovery.

SentinelLABS uncovers MalTerminal, an early LLM-enabled malware using OpenAI's GPT-4 to dynamically create ransomware or reverse shells at runtime, evading detection and marking a new era in AI-driven cyber threats.