ransomware

County Government Reportedly Paid $1 Million to Cyber Extortion Group
A small county government in Ohio reportedly paid a cyber extortion group one million dollars. The payment was made to prevent the public release of data stolen during a cyberattack.

Canadian spy agency reports hacking three criminal groups in 2025
Canada's Communications Security Establishment (CSE) conducted offensive cyber operations against three distinct criminal organizations in 2025. The targets included a ransomware-as-a-service operation, an extremist group with international ties, and drug trafficking networks.

JadePuffer: The First Complete LLM-Driven Ransomware Attack
An "agentic threat actor" successfully exploited a Langflow flaw to steal data from a production database server and encrypt other systems.

⚡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More
A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces were ordinary. Home devices became a routing

U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case
A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and the blockchain trail the payment left. The odd p

New Avalon Malware Framework Packs CrownX Ransomware Capabilities
Cybersecurity researchers have discovered a previously undocumented modular malware framework codenamed Avalon that's distributed by means of a multi-stage phishing chain capable of bypassing traditional security controls. Avalon combines c

FortiBleed Actors Collaborating With Inc, Lynx Ransomware Gangs
After gaining a foothold in thousands of Fortinet firewalls, the attackers are starting to monetize that access, and are also piling on a Nextcloud zero-day bug.

Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials
Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access. "Although tactics differ between affiliates, common patterns emerged in t

Ransomware Thugs Masquerade as Interpol to Entice Small Biz
The ransomware campaign relies on basic social engineering and stretches across multiple regions, including the US, Europe, Middle East, and elsewhere.

The Gentlemen ransomware: what you need to know
Who Are The Gentlemen? Despite the impeccably polite name, there is nothing polite or refined about this particular gang of cybercriminals. Read more in my article on the Fortra blog.

ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories
This week’s security news is mostly about weak spots. Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a small gap and finds a way through. This

AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack
Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent. Its Threat Research Team calls the operator JADEPUFFER and says a large language model handled the whole job: br

FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations
The recently discovered financially-motivated FortiBleed campaign has been attributed to INC and Lynx ransomware operations, indicating that the verified, stolen credentials were intended for follow-on intrusions. "An operator tied to Forti

Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Risk
Rising threats from third-party actors are forcing institutions to play defense to protect student data from ransomware and other attacks.

Smashing Security podcast #473: How a hacker could have Rickrolled the entire World Cup
A polite caller from your bank says there is a problem with your account. Don't worry - they'll send someone round to help. They'll even take your cards away to keep them safe. The scam has run rampant, until Dutch police plastered blurred

Who Runs the Ransomware Group ‘The Gentlemen?’
A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of

Why schools remain one of cybercriminals’ favourite targets
Schools on both sides of the Atlantic have been revealed in recent days to have been hit by hackers, reminding all of us that ransomware gangs see educational instituions as targets all year round. Read more in my article on the Hot for Sec

MyPillow listed on ransomware gang’s leak site, but denies it has been breached
A notorious ransomware gang claims to have stolen MyPillow's private data, but CEO Mike Lindell calls it a politically motivated "hit job." With the countdown ticking toward a massive dark web leak, who is telling the truth? Read more in my