Charon Ransomware Tactics Show APT-Level Sophistication
Charon ransomware tactics highlight a dangerous shift in cybercrime. The new malware combines traditional ransomware methods with advanced persistent threat (APT) techniques. Security researchers have already linked its activity to targeted attacks on organizations in the Middle East, especially in aviation and public services. This evolution shows how ransomware is moving beyond simple extortion. How Charon Ransomware Operates Charon ransomware
New EDR-Killer Tool Used by Eight Ransomware Gangs
A newly discovered EDR-killer tool is being actively deployed by at least eight different ransomware groups to disable antivirus and endpoint detection systems during attacks. The tool exploits a Bring Your Own Vulnerable Driver (BYOVD) method, allowing threat actors to neutralize even the most well-known security software. Shared but customized for each attack According to security researchers at Sophos, this
ShinyHunters Salesforce Breach Hits Qantas, Allianz Life, and LVMH
The hacking group ShinyHunters takes the spotlight again. This time tied to a wave of social engineering attacks that targeted Salesforce systems at major companies like Qantas, Allianz Life, and LVMH. The group exploited human trust, not software flaws, to access sensitive customer data across industries. Vishing Attacks Open the Door According to reports, attackers used vishing (voice phishing) to
SafePay Ransomware Threatens Ingram Micro with Data Leak
Ingram Micro, one of the world’s largest IT distributors, is facing mounting pressure after the SafePay ransomware gang claimed responsibility for a devastating cyberattack and is now threatening to leak a massive trove of stolen data. Ransomware Hits Ingram Micro Operations The incident began on July 3, 2025, when Ingram Micro employees started receiving ransomware pop-ups. Core systems, including the
BERT Ransomware: A New Threat Targeting ESXi Virtual Machines
A new cross-platform ransomware strain, known as BERT, has emerged, posing a significant threat to organizations running VMware ESXi environments. This article explores how BERT ransomware operates, its unique features, and how businesses can defend against it. What is BERT Ransomware? First identified in April 2025, BERT ransomware targets Windows, Linux, and ESXi systems. Its primary focus on ESXi virtual
Ingram Micro Hit by Ransomware Attack, Causing Global Service Outages
Ingram Micro, one of the world's largest IT distributors, has confirmed that a ransomware attack caused an ongoing outage affecting its systems and services. The incident, which began on July 3, 2025, has impacted the company's ability to process online orders, manage back-end systems, and provide essential services to partners and clients. The ransomware group, identifying itself as "SafePay," claims
U.S. Sanctions Aeza Group for Hosting Ransomware Infrastructure
The U.S. Treasury Department has imposed sanctions on Russian internet service provider Aeza Group, accusing the company of knowingly supporting cybercriminal activities by hosting servers used in ransomware and infostealer operations. This move marks a significant escalation in the United States’ ongoing efforts to disrupt the infrastructure that underpins global cybercrime. Aeza Group: A Safe Haven for Cybercriminals Aeza Group,
Dire Wolf Ransomware Gang Targets Manufacturing and Tech
A new ransomware gang known as Dire Wolf is making waves in the cybersecurity landscape with a string of calculated and stealthy attacks targeting manufacturing and technology sectors. The group has been active since at least 2023, but their recent operations have caught the attention of security researchers due to the sophistication and patience behind their campaigns. A Quiet, Calculated
Scattered Spider Strikes With Attacks on U.S. Insurance Firms
Google’s Threat Intelligence Group has issued a stark warning: the cybercriminal group known as Scattered Spider has shifted focus once again, this time toward U.S.-based insurance companies. Infamous for their high-profile breaches in the casino and retail sectors, this adaptable and increasingly aggressive group has now taken aim at a sector rich in sensitive data and operational vulnerabilities. Who Is
Anubis Ransomware Now Wipes Files Beyond Recovery
A new, far more destructive chapter has begun for the Anubis ransomware operation. Previously known for encrypting data and extorting victims, the cybercriminals behind Anubis have now introduced a wiper feature. One that makes data recovery virtually impossible, even if the ransom is paid. This strategic shift marks a dangerous evolution in the ransomware-as-a-service (RaaS) ecosystem and signals a chilling
