A ransomware attack took 1,000 computers offline at Romania's water management authority, disrupting various systems but not affecting water supply. The attack used Windows' BitLocker for data encryption, and no group has claimed responsibility yet. Investigations are underway to pinpoint the attack vector and restore operations.

Chinese-speaking hackers used a compromised SonicWall VPN to access VMware ESXi systems, exploiting three zero-day vulnerabilities for potential ransomware attacks. Cybersecurity firm Huntress intervened before the attack could escalate, revealing a sophisticated toolkit that enables virtual machine escapes and backdoor access.

The Flashpoint 2025 Global Threat Intelligence Report provides insights into the evolving cyber threat landscape, highlighting key threats such as infostealers and the influence of geopolitical tensions. It offers detailed analysis of adversary tactics, including ransomware-as-a-service, and presents actionable intelligence to enhance security resilience and risk mitigation.

Sensata, a US sensor manufacturer, has reported that a ransomware attack on April 6 has disrupted its operations, affecting shipping, manufacturing, and support functions. The company is working to restore its systems and has initiated an investigation with cybersecurity professionals, though the full impact and details of the attack remain unclear. Sensata's disclosure highlights the growing threat of ransomware in industries that are critical to supply chains.

Scattered Spider hackers have been targeting VMware ESXi hypervisors in U.S. companies across various sectors through sophisticated social engineering techniques, rather than exploiting software vulnerabilities. Their attack methodology enables them to gain significant control over virtualized environments, leading to data exfiltration and ransomware deployment. Google Threat Intelligence Group has outlined protective measures organizations can take to defend against these attacks.

RTÉ is investigating a potential cyber security threat after being alerted by the National Cyber Security Centre (NCSC), which indicated that RTÉ may be among several state bodies targeted. While the specific nature of the threat is unclear, there are indications of a possible ransomware element, and a deadline for the threat has been set for August 4th. The NCSC has noted an increase in cyber attack risks in Ireland following previous incidents.

Interlock ransomware is making waves in the UK as it targets various organizations, exploiting vulnerabilities to encrypt files and demand ransom. This new strain is linked to the Nodesnake RAT, which enhances the attack's effectiveness by providing additional remote access capabilities to attackers. Cybersecurity experts are urging organizations to bolster their defenses against these evolving threats.

Charon ransomware is targeting the Middle East using advanced persistent threat (APT) attack methodologies. This new variant of ransomware is designed to evade detection and is part of a broader trend of increasing cyber threats in the region. Organizations are urged to enhance their security measures to combat these sophisticated attacks.

Cyberattacks surged during the summer of 2025, with ransomware groups targeting healthcare and retail sectors, while nation-state actors engaged in geopolitical cyber activities. Major incidents included the rise of the Interlock and Qilin ransomware groups, significant data breaches in retail, and the exploitation of Microsoft SharePoint vulnerabilities in a widespread campaign. Organizations are urged to improve their defenses by patching vulnerabilities, training personnel, and monitoring for lateral movement post-intrusion.

Threat actors have been distributing a trojanized version of the KeePass password manager, known as KeeLoader, for at least eight months, which installs Cobalt Strike beacons and steals credentials. This campaign has been linked to ransomware attacks on VMware ESXi servers and utilizes malicious advertisements to promote fake software sites. Users are warned to download software only from legitimate sources to avoid such threats.

Entropy triage is a novel method developed by MOXFIVE to repair files corrupted by failed ransomware encryption using Shannon entropy to select usable data blocks. By automating the reconstruction process, this technique has achieved over 90% success in restoring virtual disks that standard decryptors cannot fix. However, it requires specialized skills and has limitations regarding the type of data it can recover.

Ingram Micro is facing a ransomware threat from the SafePay group, which has announced a deadline of August 1 to leak 3.5 TB of the company's data after a cyber attack nearly a month prior. Despite claims of restored operations, some of Ingram Micro's websites are still being brought back online, indicating ongoing challenges from the incident.

The FBI reported that the Play ransomware group has breached approximately 900 organizations as of May 2025, a significant increase from previous counts. The gang employs advanced tactics, including recompiled malware and threats to leak stolen data, while urging affected organizations to enhance their security measures, including implementing multifactor authentication and maintaining updated systems.

The article explores the ransomware tactics employed by the Akira group, highlighting the importance of understanding their methods to effectively defend against such cyber threats. It emphasizes the need for organizations to stay informed about evolving ransomware strategies and implement robust security measures to mitigate risks.

Around 8,000 children's names, pictures, and addresses have been stolen from the Kido nursery chain by a hacking group named Radiant, who are demanding ransom from the company. The breach has raised significant concerns regarding the safety of sensitive data related to children and has prompted responses from cyber-security experts and law enforcement.