Click any tag below to further narrow down your results
Links
Canon confirmed its U.S. subsidiary was targeted in the Oracle E-Business Suite hacking campaign. The incident affected only a web server, and no Canon data has been leaked so far. Other companies, including Cox Enterprises and Mazda, also reported impacts from the same campaign.
Cl0p ransomware has leaked 241 GB of data from the NHS and also breached The Washington Post, exposing personal information of nearly 10,000 users. The attacks exploit critical vulnerabilities in Oracle's E-Business Suite, which have been previously flagged by NHS cybersecurity alerts. Experts warn that many systems remain vulnerable despite patches released by Oracle.
The article details the emergence of 01flip, a new ransomware written in Rust, which has begun targeting organizations in Southeast Asia. The attackers have compromised systems and are potentially selling stolen data on dark web forums. Initial access was gained through exploiting older vulnerabilities, leading to the deployment of the ransomware across both Windows and Linux devices.
Romania's oil pipeline operator Conpet confirmed a cyberattack that disrupted its technology infrastructure and took its website offline, but oil transport operations remained unaffected. The Qilin ransomware group claimed responsibility, alleging they stole nearly one terabyte of data, including sensitive internal documents. Conpet is investigating the incident and has filed a criminal complaint.
This article analyzes a malicious Visual Studio Code extension that implements ransomware-like behavior. It highlights how the extension encrypts files, uploads sensitive data, and communicates with a command and control server via a private GitHub repository. The piece questions how such obvious malware passed the marketplace review.
The article details a novel cyberattack where adversaries used email bombing to distract a target before introducing a custom QEMU virtual machine into the compromised system. This VM facilitated reconnaissance and potential lateral movement within the network, showcasing an evolution in attack strategies.
DXS International, a tech provider for NHS England, reported a cyberattack that compromised its office servers. A ransomware group claimed responsibility, alleging they stole 300 gigabytes of data, though the extent of the breach and any impact on patient information remains unclear.
The article outlines the collapse of major ransomware groups Black Basta and LockBit, highlighting internal issues and law enforcement pressures. New players like DragonForce are emerging with innovative business models, while the competition drives both sophistication and amateurism in ransomware operations.
Barts Health NHS Trust confirmed that the Cl0p ransomware group stole files from its invoice database, exposing sensitive information like patient names and addresses. The breach, which went undetected for months, highlights ongoing vulnerabilities in NHS cybersecurity, despite clinical records remaining safe.
Ransomware gangs are actively exploiting the VMware ESXi flaw CVE-2025-22225, which allows attackers to escape the VMX sandbox. Researchers found evidence of a toolkit used in these attacks, indicating that the vulnerabilities were known to the threat actors long before their public disclosure. CISA has confirmed the flaw's involvement in ongoing ransomware incidents.
The article outlines key developments in cyber threats during 2025, emphasizing how attackers increasingly exploit trust, identity, and initial access rather than relying on new tools. It discusses the rise of crimeware-as-a-service, the integration of AI in cybercrime, and the decline of traditional carding fraud, highlighting the changing tactics used by threat actors.
Google has introduced new AI detection tools and ransomware defenses for its Workspace for Education platform. These updates aim to help K-12 schools combat rising cyber threats, though concerns remain about the platform's compliance and oversight capabilities.
This article examines the traits that make ransomware groups effective, highlighting the role of automation, customization, and advanced tools. It discusses how these elements contribute to their financial success and ability to bypass defenses, ultimately shaping security strategies for enterprises.
The article analyzes RansomHouse, a ransomware-as-a-service operation linked to Jolly Scorpius. It details the group's upgraded encryption methods and outlines their multi-phase attack chain, which includes infiltration, data exfiltration, and extortion. The article highlights the impact of their operations on various critical sectors.
A ransomware attack on Conduent has compromised the personal information of at least 15.4 million people in Texas and another 10.5 million in Oregon, significantly more than initially reported. The stolen data includes names, Social Security numbers, and medical information. Conduent is still notifying affected individuals and has faced criticism for its lack of transparency.
Two U.S. cybersecurity professionals, Ryan Goldberg and Kevin Martin, admitted to their involvement in BlackCat ransomware attacks that extorted over $1.2 million from various companies in 2023. Despite their expertise in cybersecurity, they used their skills to conduct ransomware attacks, leading to federal charges that could result in lengthy prison sentences.
Sedgwick has confirmed a ransomware attack that compromised a file transfer system at its subsidiary, Sedgwick Government Solutions, which serves various U.S. government agencies. The company stated that the attack was contained and did not affect its broader network or data.
Threat actors are exploiting exposed MongoDB servers, demanding ransoms around $500 in Bitcoin to restore compromised data. A recent study found over 208,500 public MongoDB instances, with many already wiped and ransom notes left behind. Security experts recommend stronger authentication and regular updates to prevent these attacks.
AZ Monica hospital in Belgium suffered a ransomware attack, leading to the cancellation of surgeries and the transfer of seven critical care patients to other facilities. The hospital shut down its IT systems to protect patient data, causing significant disruption to its services. Emergency care is operating at reduced capacity, and patients are advised to seek alternative medical options.
This report highlights the increasing cyber threats targeting small and medium businesses (SMBs), with a focus on credential abuse and ransomware. It details the rise of business email compromise and ransomware-as-a-service, emphasizing the need for stronger security measures like passwordless authentication.
The Apache Software Foundation rejected the Akira ransomware gang's assertion that they stole 23 GB of data from OpenOffice, including sensitive employee and financial information. Apache insists it does not have the data claimed and found no evidence of a breach.
Japanese companies, including Asahi Holdings and Askul, are struggling to recover from ransomware attacks that have caused significant operational disruptions. Many firms are experiencing prolonged recovery times, shipment delays, and potential data breaches, highlighting vulnerabilities in their cybersecurity defenses.
This article outlines the increasing cybersecurity threats facing small and medium-sized businesses by 2026. It highlights the need for stronger defenses due to rising ransomware attacks, new regulations, and insurance requirements. A Readiness Roadmap is provided to help organizations prepare for these challenges.
Comhairle nan Eilean Siar is still recovering from a ransomware attack that occurred in November 2023. Two years later, key systems remain unrepaired, and audit reports highlight ongoing cybersecurity weaknesses and staffing challenges. The council's response was deemed effective, but significant work and improvements are still needed.
A ransomware attack took 1,000 computers offline at Romania's water management authority, disrupting various systems but not affecting water supply. The attack used Windows' BitLocker for data encryption, and no group has claimed responsibility yet. Investigations are underway to pinpoint the attack vector and restore operations.
The Everest ransomware group claims to have stolen over 1TB of data from ASUS, including sensitive camera source code and internal tools. ASUS confirmed the breach originated from a third-party supplier, asserting that it does not affect customer products or user privacy.
Fintech firm Marquis is seeking compensation from SonicWall after a breach at the firewall provider exposed critical data, enabling hackers to steal customer information during a ransomware attack. Marquis confirmed that it stored a backup of its firewall configuration in SonicWall's cloud, linking the two incidents. SonicWall has requested evidence to support Marquis' claims.
The US Treasury reported that ransomware payments reached over $4.5 billion from 2022 to 2024. The median payment increased from $124,097 in 2022 to $175,000 in 2023, with the financial services, manufacturing, and healthcare sectors being the most targeted. Akira ransomware group led in incidents, while ALPHV/BlackCat received the highest payments.
Askul, a Japanese e-commerce and logistics company, suffered a ransomware attack in October, compromising over 700,000 records. The RansomHouse group claimed responsibility and leaked data after the company refused to pay a ransom. The breach affected both customer and business partner information, disrupting logistics and operations.
A report from At-Bay reveals that organizations using Cisco and Citrix VPNs are nearly seven times more likely to experience ransomware attacks compared to those without VPNs. The findings suggest that the complexity of these devices can lead to security vulnerabilities, emphasizing the need for companies to consider cloud-based solutions.
Synnovis has finished its 18-month investigation into a ransomware attack that disrupted NHS pathology services and contributed to a patient’s death. While the company confirmed data related to potentially 900,000 patients was compromised, it has not disclosed specifics on the number of individuals affected. Notifications to patients will be handled by the individual NHS organizations.
The FBI, in collaboration with German and Finnish authorities, has dismantled E-Note, a major crypto laundering service linked to over $70 million in illegal funds. The operation, run by Russian national Mykhalio Chudnovets, helped cybercriminals, including ransomware attackers, disguise their stolen money. Chudnovets now faces serious charges that could lead to a lengthy prison sentence.
Nitrogen ransomware has a major flaw that prevents victims' files from being decrypted, even if they pay the ransom. A programming error causes the gang's decryptor to overwrite the necessary public key, leaving both victims and criminals without access to the data. This coding mistake highlights the destructive potential of ransomware.
A massive data breach allegedly linked to Under Armour has exposed the email addresses and personal details of over 72 million people. The Everest ransomware group claims responsibility, and the leaked data includes sensitive information like names, addresses, and purchase history, raising concerns about identity theft and phishing.
Ukrainian and German authorities have identified two Ukrainians linked to the Black Basta ransomware group and named Oleg Nefedov as its leader. Nefedov, who has ties to Russian intelligence, has been added to INTERPOL's wanted list, and the group has reportedly earned hundreds of millions in cryptocurrency from attacks on over 500 companies. Recent leaks suggest Black Basta may have disbanded, but its members could regroup under new aliases.
Chinese-speaking hackers used a compromised SonicWall VPN to access VMware ESXi systems, exploiting three zero-day vulnerabilities for potential ransomware attacks. Cybersecurity firm Huntress intervened before the attack could escalate, revealing a sophisticated toolkit that enables virtual machine escapes and backdoor access.
AWS is discontinuing its SSE-C encryption for S3, a feature that allowed users to manage their own encryption keys. While not widely adopted, it was exploited in a ransomware scheme, prompting the decision to remove it. The article outlines alternatives like KMS and client-side encryption.
The Akira ransomware group hacked Fieldtex Products, stealing over 14 GB of data, including sensitive health information. The breach, disclosed by Fieldtex, impacts 238,615 individuals, with data such as names, addresses, and insurance details compromised.
Nearly 30 organizations, including major companies like Logitech and The Washington Post, have been named as victims of a recent Oracle E-Business Suite hack linked to the Cl0p ransomware group. The attackers have leaked data from 18 of these victims, with indications that vulnerabilities exploited may have been known prior to the attack.
This article details how cybercriminals misuse legitimate Remote Access Tools (RATs) like AnyDesk and UltraViewer in ransomware attacks. It breaks down the stages of these attacks, from initial access through to encryption, highlighting how attackers exploit these tools to maintain stealth and control.
A serious vulnerability in 7-Zip, tracked as CVE-2025-11001, allows attackers to execute arbitrary code by exploiting how older versions handle ZIP files. Although active exploitation hasn't been seen yet, a public proof-of-concept increases the risk of future attacks, especially on Windows systems with privileged accounts. Users must manually update to version 25.01 to mitigate the threat.
Covenant Health suffered a data breach in May 2025, affecting over 478,000 individuals. The Qilin ransomware group claimed responsibility and released stolen data, which includes personal and health information. The breach was initially reported to involve only 7,800 individuals.
A FinCEN report reveals ransomware incidents peaked in 2023, with victims paying over $2.1 billion in ransoms from January 2022 to December 2024. Law enforcement actions against major gangs like ALPHV/BlackCat and LockBit contributed to a decline in both incidents and payments in 2024. Manufacturing, financial services, and healthcare were the most targeted sectors.
The Qilin ransomware group claims to have stolen over 120,000 resumes and more than 1 million files from Cornerstone Staffing Solutions. The breach exposes sensitive personal information, including Social Security numbers and employee details, raising concerns about identity theft and phishing attacks.
A 15-year-old hacker known as Rey has been linked to the Scattered LAPSUS$ Hunters group. His identity was revealed through an investigation that traced personal details and social media interactions, despite Rey's claims of wanting to leave the group and working with law enforcement.
Artem Stryzhak, a 35-year-old Ukrainian national, pleaded guilty to conspiracy for deploying Nefilim ransomware in attacks against companies in the U.S. and elsewhere. He worked with a group that extorted victims by threatening to publish stolen data unless they paid a ransom. Stryzhak faces up to 10 years in prison, with sentencing set for May 2026.
The Everest ransomware group claims to have breached Polycom’s systems, stealing about 90GB of data, potentially from legacy environments before HP Inc. acquired the company. They threaten to publish internal documentation and screenshots if their demands aren't met, though there's no evidence of customer data being compromised. HP Inc. has not confirmed the breach.
The Everest ransomware group claims to have hacked Nissan, releasing screenshots of internal files and directory structures. They are demanding a response within five days or they will leak the data online. This incident adds to Nissan's history of cybersecurity breaches.
The FBI has reportedly seized the RAMP cybercrime forum, a hub for ransomware groups. Following the seizure, its former administrator, Stallman, acknowledged the loss and indicated he would shift to purchasing access to victim networks instead of creating a new forum. The legitimacy of the seizure has raised questions, given past claims of similar operations being scams.
CyberVolk's new ransomware, VolkLocker, has significant flaws that allow victims to recover their files without paying the ransom. It targets Windows and Linux systems and includes a built-in timer that threatens to delete user files if payment isn't made in time. The group is also expanding its services to include a remote access trojan and keylogger.
Three former employees from DigitalMint and Sygnia have been indicted for their roles in BlackCat ransomware attacks against five U.S. companies. They face serious charges, including extortion and computer damage, with potential prison sentences totaling up to 50 years. The group allegedly stole data, encrypted systems, and demanded ransoms ranging from $300,000 to $10 million.
Japanese e-tailer Askul resumed limited online sales 45 days after a ransomware attack disrupted its operations. While B2B services are back online, consumer sales remain suspended, affecting companies that rely on Askul's logistics. The incident has resulted in significant data breaches and financial repercussions for the company.
CISA confirmed that a serious vulnerability in the Linux kernel, CVE-2024-1086, is being actively exploited in ransomware attacks. This flaw allows local attackers to escalate their privileges, potentially gaining root access and compromising entire systems. Federal agencies must secure their systems by June 20, 2024, or implement specific mitigations.
BridgePay Network Solutions confirmed a ransomware attack has disrupted its payment gateway, leading to widespread service outages across the U.S. Merchants reported being unable to process card payments, forcing many to accept cash only. The company is working with federal law enforcement and forensic teams, asserting that no payment card data was compromised.
Fintech firm Marquis reported a ransomware attack that compromised customer data for dozens of U.S. banks and credit unions. At least 400,000 individuals had their personal and financial information stolen, primarily due to a vulnerability in Marquis's SonicWall firewall. The number of affected customers is expected to increase as more notifications are filed.
Asahi Group Holdings suffered a ransomware attack in September, compromising personal data of approximately 2 million customers and employees. The Qilin ransomware group has claimed responsibility, leaking sensitive information including names, addresses, and phone numbers, while the company works to restore operations.
Logitech confirmed a data breach after being named a victim in the Cl0p ransomware attack related to Oracle's EBS vulnerabilities. The breach may involve limited employee and consumer data, but the company asserts that sensitive information like credit card details was not affected. Logitech does not expect significant financial repercussions from this incident.
This article details TangleCrypt, a new Windows malware packer linked to a ransomware attack. It discusses its methods for hiding payloads and the flaws in its implementation that may lead to crashes. Key features include its use of multiple encoding layers and basic anti-analysis techniques.
MIT Sloan has withdrawn a paper claiming that over 80% of ransomware attacks are driven by AI after criticism from cybersecurity experts. The paper faced backlash for its lack of evidence and methodology, leading to accusations of misleading research.
Kyowon Group, a major South Korean conglomerate, confirmed a ransomware attack that compromised customer data. The incident affected around 600 of its 800 servers, and while some data was stolen, the company has not confirmed if customer information was included. They are currently investigating the breach and working to restore services.
Researchers have identified a new ransomware called Reynolds that includes a built-in component to exploit a vulnerable driver for evading security measures. This tactic, known as bring your own vulnerable driver (BYOVD), allows the ransomware to disable security programs and operate undetected. The attack also involved a suspicious loader and remote access tools for persistent control over compromised systems.
LKQ Corporation has confirmed a data breach affecting over 9,000 individuals due to a cyberattack targeting Oracle's E-Business Suite. The compromised information includes sensitive personal details like Social Security Numbers and Employer Identification Numbers. The company reported that several terabytes of data were stolen, and this incident follows a previous attack on LKQ last year.
GlobalLogic confirmed that personal data for over 10,000 current and former employees was compromised in a cyberattack linked to the Clop ransomware gang. The stolen information includes names, Social Security numbers, and bank account details, with attacks targeting Oracle E-Business Suite vulnerabilities. This incident highlights the ongoing threat posed by Clop and the vulnerabilities in widely used enterprise software.
Ingram Micro reported that a July 2025 ransomware attack affected 42,521 employees and job applicants, exposing personal and employment-related data. The attack, claimed by the group SafePay, led to significant operational disruptions and customer dissatisfaction due to poor communication.
The OnSolve CodeRED emergency alert system experienced a ransomware attack by the Inc Ransom group, leading to significant disruptions and a data breach. Affected cities and law enforcement agencies reported an inability to send emergency notifications, prompting a swift response from OnSolve to transition customers to a new platform.
Interpol's Operation Sentinel resulted in 574 arrests and the recovery of $3 million linked to cybercrimes across 19 countries. The operation dismantled over 6,000 malicious links and decrypted six ransomware strains, highlighting the growing threat of cyberattacks in Africa.
A data breach at Vitas Hospice exposed personal information of over 319,000 current and former patients, including names, addresses, and Social Security numbers. It's uncertain if the breach involved ransomware, as no group has claimed responsibility.
Conduent revealed a cyberattack that may have compromised sensitive data of around 10 million individuals. The breach, linked to the SafePay ransomware group, lasted nearly three months and exposed various personal and health information, particularly affecting residents in states like Texas and Washington.
Researchers found that Sicarii ransomware has a decryption flaw, rendering victims' data unrecoverable even if they pay the ransom. The malware generates a new RSA key for each attack, discarding the private key, leaving no viable recovery option. Caution is advised for organizations considering ransom payments.
Researchers at Huntress report a 700% increase in ransomware attacks targeting hypervisors, particularly by the Akira group. These attacks exploit vulnerabilities in hypervisor security, allowing criminals to bypass traditional defenses and compromise virtual machines. Admins are urged to enhance security measures, including multi-factor authentication and patching.
Aleksei Volkov, a 25-year-old Russian, pleaded guilty to charges related to his role as an initial access broker for the Yanluowang ransomware group. He helped facilitate attacks on seven U.S. businesses, resulting in over $24 million in ransom demands. Volkov faces a maximum sentence of 53 years in prison and must pay nearly $9.2 million in restitution.
Researchers found a phishing campaign using Phorpiex malware to spread Global Group ransomware. The attack employs deceptive file names to trick users into downloading a Windows shortcut that encrypts files offline, making recovery nearly impossible. It also erases backup files to cover its tracks.
The Richmond Behavioral Health Authority reported a ransomware attack that compromised the personal information of over 113,000 individuals. Stolen data includes names, Social Security numbers, and health information. The Qilin ransomware group has claimed responsibility for the attack.
The U.S. Treasury and allies have sanctioned Media Land, a Russian bulletproof hosting provider, and its leaders for facilitating ransomware and cybercrime. Despite these sanctions, experts warn that the infrastructure remains operational until key partners sever ties. Authorities emphasize the need for a strategic approach to disrupt these services without impacting legitimate internet operations.
The Akira ransomware group has generated over $244 million since its emergence in March 2023. They target businesses and critical infrastructure, using various tactics like exploiting vulnerabilities in SonicWall and Veeam, to encrypt files and extort victims. Recent attacks demonstrate their ability to bypass security measures and exfiltrate data quickly.
Profero successfully decrypted DarkBit ransomware, enabling recovery of a victim's files without ransom payment. The attack, linked to Iranian state-sponsored actors, involved a unique encryption method that Profero exploited, ultimately leading to significant data recovery due to the sparse nature of the affected VMware ESXi server files. Profero is offering assistance to future victims but will not publicly release the decryptor.
Jaguar Land Rover's recent cyberattack is projected to have cost the UK £1.9 billion, marking it as potentially the most economically damaging cyber event in the country's history. The attack led to a month-long shutdown of production and internal systems, affecting over 5,000 organizations, while the government provided a £1.5 billion loan guarantee to support the carmaker's recovery. Analysts attribute the financial impact to lost sales, production delays, and wider supply chain disruptions.
U.S. authorities have charged Ukrainian national Volodymyr Viktorovich Tymoshchuk for his involvement in managing the LockerGoga, MegaCortex, and Nefilim ransomware operations, which targeted over 250 companies globally, causing significant financial damage. Tymoshchuk faces multiple charges including conspiracy for computer fraud and unauthorized access, while a reward of up to $11 million is offered for information leading to his arrest.
Attackers are exploiting a critical authentication bypass vulnerability (CVE-2025-2825) in CrushFTP file transfer software, allowing unauthenticated access to unpatched versions. CrushFTP has urged users to update their software immediately, while security monitoring platforms report numerous exploitation attempts against exposed servers. A workaround is available for those unable to update right away, but vulnerability remains a significant concern, especially given past attacks linked to ransomware gangs.
Andy Frain Services, a security firm, revealed that a ransomware attack by the Black Basta group has affected over 100,000 individuals, with sensitive information likely compromised. The breach, discovered in October 2024, involved the theft of 750 GB of data, prompting the company to offer credit monitoring and identity restoration services to those impacted.
The Scattered Spider ransomware group has decided to cease operations due to intense law enforcement pressure following significant cyberattacks on companies like Jaguar Land Rover and Salesforce. In a farewell message, they apologize to their victims and hint at a possible return with a new venture called "ShinySp1d3r RaaS."
The VanHelsing ransomware-as-a-service operation leaked its source code, including the affiliate panel and Windows encryptor builder, after an ex-developer attempted to sell it on a hacking forum. While the leak provides some useful tools for threat actors, it lacks key components like the Linux builder and databases, which could have aided law enforcement efforts. This incident highlights the ongoing trend of ransomware source code leaks facilitating new cyber attacks.
An Iranian individual has pleaded guilty to participating in the RobbinHood ransomware attacks, which targeted various organizations, leading to significant financial losses. He now faces a potential sentence of up to 30 years in prison for his crimes.
Ransomware groups like Black Basta and FunkSec are increasingly using AI to enhance their extortion tactics, resulting in significant financial losses, such as $724 million stolen using TrickBot malware. The report highlights the growing prevalence of extortion methods, including DDoS attacks, and offers insights into regional trends and mitigation strategies.
German police have identified Vitaly Nikolaevich Kovalev as the notorious leader of the Trickbot ransomware group, known as "Stern." This revelation comes after years of investigations into the cybercrime cartel, which has targeted thousands of victims and stolen hundreds of millions of dollars. An Interpol red notice has been issued for Kovalev, who is believed to be in Russia and protected from extradition.
The Everest ransomware group has taken responsibility for a significant cyberattack on Collins Aerospace, affecting its MUSE check-in software and causing significant disruptions at major European airports. The attackers exfiltrated a large database and set an eight-day ransom deadline, highlighting the growing threat to aviation infrastructure.
Insight Partners has confirmed that a ransomware attack in January compromised the personal data of over 12,000 individuals, including employees and limited partners. The breach, initially described as a "sophisticated social engineering attack," involved unauthorized access to HR and finance servers, with details of the stolen data remaining undisclosed. The firm has since enhanced its security measures and offered credit monitoring to those affected.
A ransomware group known as Medusa has breached Albavision, a major media company, stealing sensitive data and demanding a ransom for its return. The attack showcases the increasing threat of cybercrime targeting prominent organizations, emphasizing the need for robust cybersecurity measures.
PowerSchool has reported that the hacker behind a December cyberattack is now extorting individual school districts, threatening to release stolen student and teacher data unless a ransom is paid. Despite previously paying a ransom to prevent such an incident, PowerSchool acknowledges that the threat actor has not kept their promise to delete the data, leading to renewed extortion attempts against affected schools.
The LockBit 4.0 leak provides critical insights into the chaotic nature of ransomware-as-a-service (RaaS) groups, revealing that many affiliates operate without oversight and often act unpredictably. This disorganization complicates defenses and incident response efforts, emphasizing the necessity of proactive preparation over negotiation. The evolving landscape suggests increasing fragmentation among ransomware groups, making them harder to attribute and defend against.
The article discusses the emergence of Matanbuchus 3.0, a new variant of ransomware that operates as a Malware-as-a-Service (MaaS) offering. This evolution in ransomware capabilities enables cybercriminals to launch more sophisticated attacks with less technical expertise, raising concerns about the potential for widespread damage across various sectors.
Nucor Corporation has reported a cyberattack that has disrupted its production operations. The company detected unauthorized access to its IT systems, prompting it to take systems offline and alert law enforcement while working with cybersecurity experts to investigate the incident.
A Russian hacker associated with the REvil ransomware group received a suspended sentence and time served for his involvement in cybercrimes that targeted businesses worldwide. The case highlights the complexities of international cybercrime prosecution and the challenges of enforcing justice across borders.
Manpower, a major staffing agency, has disclosed a data breach affecting nearly 145,000 individuals after attackers accessed its systems in late December 2024. The RansomHub ransomware group claimed responsibility for the attack, reportedly stealing around 500GB of sensitive data, including personal client information. In response, Manpower is enhancing its IT security and offering affected individuals free credit monitoring services.
Flashpoint’s 2025 Midyear Threat Index highlights a significant increase in cyber threats, emphasizing the urgency for security teams to prioritize infostealers, ransomware, and vulnerabilities. It also discusses the risks of relying solely on public sources for threat intelligence and offers strategies for more effective threat prioritization.
DaVita, a leading kidney dialysis provider in the U.S., reported a ransomware attack that encrypted parts of its network and affected some operations over the weekend. The company activated response protocols to contain the incident and continues to provide patient care while investigating the breach's full scope, which may involve stolen patient data.
Downtime from an ICS/OT ransomware attack can average $4.73 million, yet many organizations lack adequate incident response plans. SANS offers resources, including a white paper and training, to help organizations develop effective ransomware response strategies tailored to critical infrastructure, emphasizing life safety and operational continuity. Expert-led webcasts and courses further equip teams with the skills needed to protect industrial operations from cybersecurity threats.
A ransomware attack in Ohio has disrupted the operations of a local government agency, affecting over 45,000 residents. The attack has prompted an investigation and raised concerns about cybersecurity measures in place to protect sensitive information.
Farmers Insurance has reported a data breach that compromised the personal information of more than one million individuals, including names, addresses, dates of birth, and Social Security numbers. The breach was discovered shortly after the data theft occurred, but it remains unclear whether a third-party vendor was involved in a ransomware attack.
Senator Ron Wyden has criticized Microsoft for delivering "dangerous, insecure software" that contributed to a ransomware attack on Ascension, a major hospital network, and has urged the FTC to investigate the company's cybersecurity practices. Wyden highlighted longstanding vulnerabilities, particularly the use of the outdated RC4 encryption algorithm, and accused Microsoft of prioritizing profits over security while failing to provide adequate protections for its users. He argues that Microsoft's dominance in the enterprise operating system market poses a significant national security risk due to its negligence in addressing these issues.