LIVE · cybersecurity feed

ransomware

zeroday.news · 1d ago·high

County Government Reportedly Paid $1 Million to Cyber Extortion Group

A small county government in Ohio reportedly paid a cyber extortion group one million dollars. The payment was made to prevent the public release of data stolen during a cyberattack.

zeroday.news · 1d ago

Canadian spy agency reports hacking three criminal groups in 2025

Canada's Communications Security Establishment (CSE) conducted offensive cyber operations against three distinct criminal organizations in 2025. The targets included a ransomware-as-a-service operation, an extremist group with international ties, and drug trafficking networks.

zeroday.news · 2d ago

JadePuffer: The First Complete LLM-Driven Ransomware Attack

An "agentic threat actor" successfully exploited a Langflow flaw to steal data from a production database server and encrypt other systems.

zeroday.news · 2d ago

⚡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More

A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces were ordinary. Home devices became a routing

zeroday.news · 4d ago

U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case

A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and the blockchain trail the payment left. The odd p

zeroday.news · 4d ago

New Avalon Malware Framework Packs CrownX Ransomware Capabilities

Cybersecurity researchers have discovered a previously undocumented modular malware framework codenamed Avalon that's distributed by means of a multi-stage phishing chain capable of bypassing traditional security controls. Avalon combines c

zeroday.news · 5d ago

FortiBleed Actors Collaborating With Inc, Lynx Ransomware Gangs

After gaining a foothold in thousands of Fortinet firewalls, the attackers are starting to monetize that access, and are also piling on a Nextcloud zero-day bug.

zeroday.news · 5d ago

Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials

Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access. "Although tactics differ between affiliates, common patterns emerged in t

zeroday.news · 5d ago

Ransomware Thugs Masquerade as Interpol to Entice Small Biz

The ransomware campaign relies on basic social engineering and stretches across multiple regions, including the US, Europe, Middle East, and elsewhere.

zeroday.news · 6d ago

The Gentlemen ransomware: what you need to know

Who Are The Gentlemen? Despite the impeccably polite name, there is nothing polite or refined about this particular gang of cybercriminals. Read more in my article on the Fortra blog.

zeroday.news · 6d ago

ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories

This week’s security news is mostly about weak spots. Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a small gap and finds a way through. This

zeroday.news · 6d ago

AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack

Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent. Its Threat Research Team calls the operator JADEPUFFER and says a large language model handled the whole job: br

zeroday.news · 6d ago

FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations

The recently discovered financially-motivated FortiBleed campaign has been attributed to INC and Lynx ransomware operations, indicating that the verified, stolen credentials were intended for follow-on intrusions. "An operator tied to Forti

zeroday.news · 11d ago

Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Risk

Rising threats from third-party actors are forcing institutions to play defense to protect student data from ransomware and other attacks.

zeroday.news · 13d ago

Smashing Security podcast #473: How a hacker could have Rickrolled the entire World Cup

A polite caller from your bank says there is a problem with your account. Don't worry - they'll send someone round to help. They'll even take your cards away to keep them safe. The scam has run rampant, until Dutch police plastered blurred

zeroday.news · 28d ago

Who Runs the Ransomware Group ‘The Gentlemen?’

A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of

zeroday.news · 28d ago

Why schools remain one of cybercriminals’ favourite targets

Schools on both sides of the Atlantic have been revealed in recent days to have been hit by hackers, reminding all of us that ransomware gangs see educational instituions as targets all year round. Read more in my article on the Hot for Sec

zeroday.news · 41d ago

MyPillow listed on ransomware gang’s leak site, but denies it has been breached

A notorious ransomware gang claims to have stolen MyPillow's private data, but CEO Mike Lindell calls it a politically motivated "hit job." With the countdown ticking toward a massive dark web leak, who is telling the truth? Read more in my