JadePuffer Ransomware: The First Fully AI-Run Cyberattack
A ransomware attack usually needs a human behind the keyboard, at least at the critical moments. That assumption just broke. Security researchers at Sysdig have documented what appears to be the first ransomware operation carried out from start to finish by an autonomous AI agent, and they've named it JadePuffer ransomware. No operator typed commands during the intrusion. An AI

Prinz Eugen Ransomware Targets Your Newest Files
A new ransomware strain called Prinz Eugen is drawing attention from security researchers, and its approach sets it apart from most threats in this space. Rather than encrypting files in a random or alphabetical order, Prinz Eugen targets the most recently modified files first. The goal is to lock down the data that matters most before defenders have a chance

West Pharmaceutical Hit by Ransomware Attack, Data Stolen
One of America's largest pharmaceutical manufacturers is recovering from a serious cyberattack after criminals broke into its network, made off with company data, and locked down critical systems. West Pharmaceutical Services, a Pennsylvania-based S&P 500 company, disclosed the ransomware attack to the U.S. Securities and Exchange Commission on May 7, 2026, classifying it as a material cybersecurity incident with global

MuddyWater False Flag Attack Hid Behind Chaos Ransomware
What looked like a ransomware attack earlier this year turned out to be something far more calculated. Security researchers have linked a sophisticated intrusion to MuddyWater, an Iranian state-sponsored hacking group, in what has been assessed as a deliberate false flag attack designed to look like the work of a criminal ransomware gang. The Chaos Ransomware Cover Story Chaos is

Trigona Ransomware Returns With Custom Data Theft Tool
Trigona ransomware is back, and it has upgraded its playbook. New attacks observed in March 2026 show the group using a purpose-built data theft tool — one designed specifically to fly under the radar of modern security software. The shift marks one of the more technically significant developments in the ransomware landscape this year, and it raises a serious question:

Kyber Ransomware Hits Windows and VMware With PQC Twist
A new cyber threat is making waves in the security community — and it comes with a bold claim. Kyber ransomware has emerged as a cross-platform operation hitting both Windows file servers and VMware ESXi infrastructure, with operators advertising post-quantum encryption as part of their attack. The reality, however, is more complicated than the ransom note suggests. Two Variants, One

Advantest Ransomware Attack Disrupts Chip Supply Chain
Advantest ransomware attack news has raised fresh concerns across the semiconductor sector after the Japanese technology giant confirmed a cyber intrusion into its corporate network. The company detected suspicious activity on February 15 and immediately activated its incident response protocols to contain the threat and protect critical systems. Advantest later confirmed that attackers gained unauthorized access and deployed ransomware on

RansomHouse Encryption Upgrade Complicates Recovery
Ransomware groups continue to refine their tools, and the latest RansomHouse encryption upgrade shows how quickly these threats evolve. Security researchers have identified a new encryptor used by the group that applies multi-layered data processing, making file recovery significantly harder after an attack. Instead of relying on a single encryption pass, the updated ransomware processes data in multiple stages. Each

PayPal Subscription Scam Abuses Legitimate Billing Emails
A PayPal subscription scam is circulating that does not rely on fake domains, malicious links, or compromised accounts. Instead, it abuses a legitimate PayPal feature to deliver fraudulent messages directly from PayPal’s own email infrastructure. The result is a scam that bypasses many traditional warning signs and places users at risk through trust rather than technical deception. Security researchers warn

CyberVolk Ransomware Trips Over Its Own Encryption
CyberVolk ransomware appeared suddenly and attempted to establish itself as a serious new extortion threat. Security researchers quickly discovered that the operation suffers from critical technical weaknesses. The most damaging issue involves broken cryptography that prevents the malware from securely encrypting victim data. A new ransomware group enters the scene CyberVolk ransomware surfaced as a previously unknown operation targeting Windows
