SafePay Ransomware Threatens Ingram Micro with Data Leak
Ingram Micro, one of the world’s largest IT distributors, is facing mounting pressure after the SafePay ransomware gang claimed responsibility for a devastating cyberattack and is now threatening to leak a massive trove of stolen data. Ransomware Hits Ingram Micro Operations The incident began on July 3, 2025, when Ingram Micro employees started receiving ransomware pop-ups. Core systems, including the
BERT Ransomware: A New Threat Targeting ESXi Virtual Machines
A new cross-platform ransomware strain, known as BERT, has emerged, posing a significant threat to organizations running VMware ESXi environments. This article explores how BERT ransomware operates, its unique features, and how businesses can defend against it. What is BERT Ransomware? First identified in April 2025, BERT ransomware targets Windows, Linux, and ESXi systems. Its primary focus on ESXi virtual
Ingram Micro Hit by Ransomware Attack, Causing Global Service Outages
Ingram Micro, one of the world's largest IT distributors, has confirmed that a ransomware attack caused an ongoing outage affecting its systems and services. The incident, which began on July 3, 2025, has impacted the company's ability to process online orders, manage back-end systems, and provide essential services to partners and clients. The ransomware group, identifying itself as "SafePay," claims
U.S. Sanctions Aeza Group for Hosting Ransomware Infrastructure
The U.S. Treasury Department has imposed sanctions on Russian internet service provider Aeza Group, accusing the company of knowingly supporting cybercriminal activities by hosting servers used in ransomware and infostealer operations. This move marks a significant escalation in the United States’ ongoing efforts to disrupt the infrastructure that underpins global cybercrime. Aeza Group: A Safe Haven for Cybercriminals Aeza Group,
Dire Wolf Ransomware Gang Targets Manufacturing and Tech
A new ransomware gang known as Dire Wolf is making waves in the cybersecurity landscape with a string of calculated and stealthy attacks targeting manufacturing and technology sectors. The group has been active since at least 2023, but their recent operations have caught the attention of security researchers due to the sophistication and patience behind their campaigns. A Quiet, Calculated
Scattered Spider Strikes With Attacks on U.S. Insurance Firms
Google’s Threat Intelligence Group has issued a stark warning: the cybercriminal group known as Scattered Spider has shifted focus once again, this time toward U.S.-based insurance companies. Infamous for their high-profile breaches in the casino and retail sectors, this adaptable and increasingly aggressive group has now taken aim at a sector rich in sensitive data and operational vulnerabilities. Who Is
Anubis Ransomware Now Wipes Files Beyond Recovery
A new, far more destructive chapter has begun for the Anubis ransomware operation. Previously known for encrypting data and extorting victims, the cybercriminals behind Anubis have now introduced a wiper feature. One that makes data recovery virtually impossible, even if the ransom is paid. This strategic shift marks a dangerous evolution in the ransomware-as-a-service (RaaS) ecosystem and signals a chilling
Fog Ransomware Turns Legitimate Tools Against Defenders
In May 2025, incident responders at a regional bank in Southeast Asia stumbled upon a ransomware intrusion that looked nothing like the smash‑and‑grab playbooks they were used to. Instead of Cobalt Strike, MimiKatz or custom droppers, the adversary - operators of the Fog ransomware - stitched together a workbench of legitimate admin utilities and niche open‑source red‑team projects. Because every binary
AT&T Data Breach Exposes 86 Million Records, Including SSNs
AT&T is under fire once again, but this time, it’s not just about poor service or billing issues – they suffered a data breach. In a deeply troubling turn of events, the personal data of approximately 86 million current and former customers has been leaked online, including an estimated 44 million Social Security Numbers (SSNs) in decrypted form. The breach
Play Ransomware Breaches 900 Victims Worldwide, FBI Confirms
The FBI, Cybersecurity and Infrastructure Security Agency (CISA), and Australian Cyber Security Centre (ACSC) have issued a joint advisory revealing that the Play ransomware group (also known as Playcrypt) has compromised over 900 organizations globally as of May 2025. This marks a sharp increase from the 300 known victims in October 2023, underscoring the escalating threat posed by the group.
