June 26, 2025

Dire Wolf Ransomware Gang Targets Manufacturing and Tech

A new ransomware gang known as Dire Wolf is making waves in the cybersecurity landscape with a string of calculated and stealthy attacks targeting manufacturing and technology sectors. The group has been active since at least 2023, but their recent operations have caught the attention of security researchers due to the sophistication and patience behind their campaigns. A Quiet, Calculated

dire wolf ransomware
June 17, 2025

Scattered Spider Strikes With Attacks on U.S. Insurance Firms

Google’s Threat Intelligence Group has issued a stark warning: the cybercriminal group known as Scattered Spider has shifted focus once again, this time toward U.S.-based insurance companies. Infamous for their high-profile breaches in the casino and retail sectors, this adaptable and increasingly aggressive group has now taken aim at a sector rich in sensitive data and operational vulnerabilities. Who Is

Scattered Spider Strikes US Insurance Companies
June 16, 2025

Anubis Ransomware Now Wipes Files Beyond Recovery

A new, far more destructive chapter has begun for the Anubis ransomware operation. Previously known for encrypting data and extorting victims, the cybercriminals behind Anubis have now introduced a wiper feature. One that makes data recovery virtually impossible, even if the ransom is paid. This strategic shift marks a dangerous evolution in the ransomware-as-a-service (RaaS) ecosystem and signals a chilling

Anubis Ransomware
June 15, 2025

Fog Ransomware Turns Legitimate Tools Against Defenders

In May 2025, incident responders at a regional bank in Southeast  Asia stumbled upon a ransomware intrusion that looked nothing like the smash‑and‑grab playbooks they were used to. Instead of Cobalt Strike, MimiKatz or custom droppers, the adversary - operators of the Fog ransomware - stitched together a workbench of legitimate admin utilities and niche open‑source red‑team projects. Because every binary

fog ransomware
June 8, 2025

AT&T Data Breach Exposes 86 Million Records, Including SSNs

AT&T is under fire once again, but this time, it’s not just about poor service or billing issues – they suffered a data breach. In a deeply troubling turn of events, the personal data of approximately 86 million current and former customers has been leaked online, including an estimated 44 million Social Security Numbers (SSNs) in decrypted form. The breach

At&T Data Breach
June 6, 2025

Play Ransomware Breaches 900 Victims Worldwide, FBI Confirms

The FBI, Cybersecurity and Infrastructure Security Agency (CISA), and Australian Cyber Security Centre (ACSC) have issued a joint advisory revealing that the Play ransomware group (also known as Playcrypt) has compromised over 900 organizations globally as of May 2025. This marks a sharp increase from the 300 known victims in October 2023, underscoring the escalating threat posed by the group.

Play Ransomware
June 3, 2025

Spear Phishing Campaign Targets CFOs and Abuses Legit Tools

A sophisticated spear phishing campaign that specifically targets CFOs (Chief Financial Officers) was recently uncovered by cybersecurity firm Trellix. This ongoing operation, first detected in mid-May 2025, has already affected organizations spanning Europe, Africa, Canada, the Middle East, and South Asia. The campaign’s method? A clever blend of social engineering and abuse of legitimate remote access software. Anatomy of the

Spear Phishing Campaign Targets CFOs
June 2, 2025

Victoria’s Secret Cyberattack Shuts Down the Company Website

At the end of May 2025, Victoria’s Secret experienced a major cyberattack that forced the company to take its U.S. website offline. The sudden shutdown disrupted online shopping for millions of customers and caused ripple effects across its retail operations. Although the company has not shared specific details about the nature of the attack, the disruption suggests it may have

Victoria's Secret Cyberattack
May 31, 2025

Dark Partners Cybercrime Gang Fuels AI and Crypto Heists

A new player has entered the cybercrime arena — and they’re not after just your passwords. The Dark Partners cybercrime gang is behind a sophisticated malware campaign that’s targeting users of AI tools, VPN services, and cryptocurrency platforms. By cloning popular websites like Windscribe, Ledger, and Sora, the gang lures victims into downloading malware disguised as legitimate software. The goal:

Dark Partners Cybercrime Gang
May 30, 2025

DragonForce Ransomware Hits MSPs via SimpleHelp

In a chilling reminder of the risks posed by insecure remote access tools, the ransomware group DragonForce has launched a sophisticated supply chain attack by exploiting critical vulnerabilities in SimpleHelp, a remote monitoring and management (RMM) platform widely used by Managed Service Providers (MSPs). The campaign, first uncovered by researchers at Group-IB, reveals how three recently discovered vulnerabilities in SimpleHelp

DragonForce Ransomware