CYBERSECURITY NEWS
Latest ransomware and cybersecurity news from trusted sourcesCognizant TriZetto breach exposes health data of 3.4 million patients
TriZetto Provider Solutions, a healthcare IT company that develops software and services used by health insurers and healthcare providers, has suffered a data breach that exposed the sensitive informa...
In Other News: FBI Hacked, US Security Pro Killed in Iran War, Hijacked Cameras Used in Khamenei Strike
<p>Other noteworthy stories that might have slipped under the radar: Avira antivirus vulnerabilities, Transport for London data breach affects 10 million, Gaming cheat exposes North Korean hacker.</p>...
Phobos ransomware leader facing 20 years in prison after pleading guilty to hacking charges
Ptitsyn and several others began using the Phobos ransomware in November 2020, attacking more than 1,000 organizations around the world. He was arrested in South Korea and extradited in November 2024.
Russian Ransomware Operator Pleads Guilty in US
<p>Evgenii Ptitsyn was extradited to the United States from South Korea in November 2024.</p> <p>The post <a href="https://www.securityweek.com/russian-ransomware-operator-pleads-guilty-in-us/">Russia...
Phobos ransomware admin pleads guilty to wire fraud conspiracy
A Russian national pleaded guilty to a wire fraud conspiracy charge related to his role in administering the Phobos ransomware operation, which breached hundreds of victims worldwide. [...]
Hacker mass-mails HungerRush extortion emails to restaurant patrons
Customers of restaurants using the HungerRush point-of-sale (POS) platform say they received emails from a threat actor attempting to extort the company, warning that restaurant and customer data coul...
New LexisNexis Data Breach Confirmed After Hackers Leak Files
<p>The hackers claim to have stolen 2GB of files, including 400,000 personal information records. </p> <p>The post <a href="https://www.securityweek.com/new-lexisnexis-data-breach-confirmed-after-hack...
Mississippi medical center reopens clinics hit by ransomware attack
The University of Mississippi Medical Center (UMMC) says it has resumed normal operations, nine days after a ransomware attack blocked access to electronic medical records and took down many of its IT...
Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations
Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control (C2) framework as a precursor to data exfiltr...
Law enforcement disrupts tomb ransomware infrastructure
International law enforcement operation seizes servers and domains used by tomb ransomware group.
hurricanegroup leaks 100GB of data from Acme Corp
The hurricanegroup ransomware group has published 2000GB of stolen data from Acme Corp after ransom negotiations failed.
Life Mirrors Art: Ransomware Hits Hospitals on TV & IRL
HBO's "The Pitt" is showing audiences what a real Mississippi healthcare system is going through this week, thanks to a ransomware attack.
The Case for Why Better Breach Transparency Matters
It's become a standard practice for organizations to disclose the bare minimum about a data breach, or worse — not disclose the incident at all.
ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories
Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an ad, a meeting invite, or a software update. Behind the scenes, the tac...
Expert Recommends: Prepare for PQC Right Now
Introduction: Steal It Today, Break It in a Decade Digital evolution is unstoppable, and though the pace may vary, things tend to fall into place sooner rather than later. That, of course, applies to ...
RAMP Forum Seizure Fractures Ransomware Ecosystem
Researchers suggest defenders monitor how these malicious groups re-form and leverage the useful threat intel to guide their next moves.
Lazarus Group Picks a New Poison: Medusa Ransomware
The North Korean threat group also leveraged Comebacker backdoor, Blindingcan RAT, and info stealer Infohook in its recent attacks.
Major healthcare company Samsung Electronics hit by ransomware attack
Samsung Electronics confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
600+ FortiGate Devices Hacked by AI-Armed Amateur
A Russian-speaking hacker used generative AI to compromise the FortiGate firewalls, targeting credentials and backups for possible follow-on ransomware attacks.
Law enforcement disrupts hornetlock ransomware infrastructure
International law enforcement operation seizes servers and domains used by hornetlock ransomware group.
manufacturing sector targeted in new ra_world campaign
Multiple manufacturing organizations across Japan report being targeted by ra_world ransomware in coordinated attacks.
Law enforcement disrupts cicada3301 ransomware infrastructure
International law enforcement operation seizes servers and domains used by cicada3301 ransomware group.
hunters_v2 exploits zero-day vulnerability in PaperCut MF
Security researchers confirm hunters_v2 is actively exploiting a critical vulnerability in Progress WS_FTP to deploy ransomware.
Latin America's Cyber Maturity Lags Threat Landscape
The slower pace of upgrades has the unintended impact of creating a haven for attackers, especially for initial access brokers and ransomware gangs.
Law enforcement disrupts wastedlocker ransomware infrastructure
International law enforcement operation seizes servers and domains used by wastedlocker ransomware group.
hammer ransomware group claims attack on Samsung Electronics in Canada
The hammer ransomware gang has claimed responsibility for an attack on Samsung Electronics, a major technology organization in Canada. The group threatens to publish stolen data.
healthcare sector targeted in new daransom campaign
Multiple healthcare organizations across Australia report being targeted by daransom ransomware in coordinated attacks.
typhon ransomware group claims attack on Acme Corp in Netherlands
The typhon ransomware gang has claimed responsibility for an attack on Acme Corp, a major telecommunications organization in Netherlands. The group threatens to publish stolen data.
arcusmedia ransomware group claims attack on Southwest Airlines in Brazil
The arcusmedia ransomware gang has claimed responsibility for an attack on Southwest Airlines, a major retail organization in Brazil. The group threatens to publish stolen data.
Major retail company Southwest Airlines hit by ransomware attack
Southwest Airlines confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
Please Don’t Feed the Scattered Lapsus ShinyHunters
A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swattin...
technology sector targeted in new thanatos campaign
Multiple technology organizations across Germany report being targeted by thanatos ransomware in coordinated attacks.
thanatos exploits zero-day vulnerability in Cisco ASA
Security researchers confirm thanatos is actively exploiting a critical vulnerability in SonicWall SMA to deploy ransomware.
kappa exploits zero-day vulnerability in Cisco ASA
Security researchers confirm kappa is actively exploiting a critical vulnerability in Cisco ASA to deploy ransomware.
castorbreach exploits zero-day vulnerability in Atlassian Confluence
Security researchers confirm castorbreach is actively exploiting a critical vulnerability in Progress WS_FTP to deploy ransomware.
siren ransomware: New variant uses safe mode encryption to evade detection
Researchers at BleepingComputer have identified a new siren variant that employs living-off-the-land binaries to bypass security controls.
telecommunications sector targeted in new tsunami campaign
Multiple telecommunications organizations across Netherlands report being targeted by tsunami ransomware in coordinated attacks.
transportation sector targeted in new daransom campaign
Multiple transportation organizations across Canada report being targeted by daransom ransomware in coordinated attacks.
Ransomware attacks surge 60% in Q1 2024
New report shows ransomware attacks increased 60% compared to the previous quarter. thorstrike remains the most active group.
Nestle SA pays $10M ransom to titanium
Nestle SA reportedly paid $1.5 million to titanium ransomware operators. The attack affected operations for 9 days.
Major technology company Samsung Electronics hit by ransomware attack
Samsung Electronics confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
cicada3301 ransomware: New variant uses API unhooking to evade detection
Researchers at Dark Reading have identified a new cicada3301 variant that employs double encryption to bypass security controls.
lichdark exploits zero-day vulnerability in Cisco ASA
Security researchers confirm lichdark is actively exploiting a critical vulnerability in MOVEit Transfer to deploy ransomware.
Major telecommunications company BMW AG hit by ransomware attack
BMW AG confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
Major healthcare company Metro Systems hit by ransomware attack
Metro Systems confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
monti ransomware: New variant uses double encryption to evade detection
Researchers at BleepingComputer have identified a new monti variant that employs DLL sideloading to bypass security controls.
unsafe ransomware group claims attack on Nestle SA in Canada
The unsafe ransomware gang has claimed responsibility for an attack on Nestle SA, a major retail organization in Canada. The group threatens to publish stolen data.
Ransomware attacks surge 15% in Q2 2024
New report shows ransomware attacks increased 45% compared to the previous quarter. cicada3301 remains the most active group.
Ransomware attacks surge 60% in Q2 2026
New report shows ransomware attacks increased 45% compared to the previous quarter. electra remains the most active group.
retail sector targeted in new castorbreach campaign
Multiple retail organizations across United Kingdom report being targeted by castorbreach ransomware in coordinated attacks.
fog_v2 leaks 1000GB of data from Toyota Motor
The fog_v2 ransomware group has published 500GB of stolen data from Toyota Motor after ransom negotiations failed.
Metro Systems pays $3.5M ransom to paradoxgroup
Metro Systems reportedly paid $10 million to paradoxgroup ransomware operators. The attack affected operations for 7 days.
sexi ransomware group claims attack on European Logistics in Brazil
The sexi ransomware gang has claimed responsibility for an attack on European Logistics, a major financial organization in Brazil. The group threatens to publish stolen data.
transportation sector targeted in new sect campaign
Multiple transportation organizations across Germany report being targeted by sect ransomware in coordinated attacks.
Law enforcement disrupts sexi ransomware infrastructure
International law enforcement operation seizes servers and domains used by sexi ransomware group.
Major telecommunications company British Steel hit by ransomware attack
British Steel confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
scriptleak ransomware: New variant uses fileless execution to evade detection
Researchers at Dark Reading have identified a new scriptleak variant that employs process hollowing to bypass security controls.
Deutsche Bank AG pays $1.5M ransom to siren
Deutsche Bank AG reportedly paid $15 million to siren ransomware operators. The attack affected operations for 21 days.
Major education company American Water hit by ransomware attack
American Water confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
everest ransomware group claims attack on Roche Holding in Germany
The everest ransomware gang has claimed responsibility for an attack on Roche Holding, a major financial organization in Germany. The group threatens to publish stolen data.
ransomhouse leaks 1000GB of data from Deutsche Bank AG
The ransomhouse ransomware group has published 500GB of stolen data from Deutsche Bank AG after ransom negotiations failed.
government sector targeted in new electra campaign
Multiple government organizations across Canada report being targeted by electra ransomware in coordinated attacks.
Law enforcement disrupts hornetlock ransomware infrastructure
International law enforcement operation seizes servers and domains used by hornetlock ransomware group.
hunters_v2 leaks 200GB of data from European Logistics
The hunters_v2 ransomware group has published 200GB of stolen data from European Logistics after ransom negotiations failed.
CISA warns of active exploitation by inc_lynx ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the inc_lynx ransomware group.
Nordic Telecom pays $10M ransom to donut_leaks
Nordic Telecom reportedly paid $10 million to donut_leaks ransomware operators. The attack affected operations for 11 days.
Major education company BMW AG hit by ransomware attack
BMW AG confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
Law enforcement disrupts daransom ransomware infrastructure
International law enforcement operation seizes servers and domains used by daransom ransomware group.
Major financial company Central Hospital Network hit by ransomware attack
Central Hospital Network confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
Ransomware attacks surge 15% in Q4 2025
New report shows ransomware attacks increased 45% compared to the previous quarter. scriptleak remains the most active group.
Law enforcement disrupts 8base ransomware infrastructure
International law enforcement operation seizes servers and domains used by 8base ransomware group.
Law enforcement disrupts scriptleak ransomware infrastructure
International law enforcement operation seizes servers and domains used by scriptleak ransomware group.
CISA warns of active exploitation by hunters_v2 ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the hunters_v2 ransomware group.
Siemens AG pays $5M ransom to rhysida_apt
Siemens AG reportedly paid $2 million to rhysida_apt ransomware operators. The attack affected operations for 8 days.
Law enforcement disrupts titanium ransomware infrastructure
International law enforcement operation seizes servers and domains used by titanium ransomware group.
ra_world leaks 1000GB of data from Nordic Telecom
The ra_world ransomware group has published 500GB of stolen data from Nordic Telecom after ransom negotiations failed.
Major energy company Atlantic Financial Group hit by ransomware attack
Atlantic Financial Group confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
Major education company Samsung Electronics hit by ransomware attack
Samsung Electronics confirms systems encrypted in sophisticated ransomware attack. Recovery operations underway.
Law enforcement disrupts jupiterlock ransomware infrastructure
International law enforcement operation seizes servers and domains used by jupiterlock ransomware group.
government sector targeted in new hammer campaign
Multiple government organizations across Germany report being targeted by hammer ransomware in coordinated attacks.
CISA warns of active exploitation by everest ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the everest ransomware group.
CISA warns of active exploitation by siren ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the siren ransomware group.
Ransomware attacks surge 60% in Q4 2025
New report shows ransomware attacks increased 25% compared to the previous quarter. hex remains the most active group.
rhysida_apt exploits zero-day vulnerability in Fortinet FortiGate
Security researchers confirm rhysida_apt is actively exploiting a critical vulnerability in Ivanti Connect Secure to deploy ransomware.
blackhunt leaks 200GB of data from BMW AG
The blackhunt ransomware group has published 500GB of stolen data from BMW AG after ransom negotiations failed.
rhysida_apt exploits zero-day vulnerability in Cisco ASA
Security researchers confirm rhysida_apt is actively exploiting a critical vulnerability in Cisco ASA to deploy ransomware.
Law enforcement disrupts electra ransomware infrastructure
International law enforcement operation seizes servers and domains used by electra ransomware group.
CISA warns of active exploitation by jupiterlock ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the jupiterlock ransomware group.
typhon ransomware group claims attack on National Health Services in Brazil
The typhon ransomware gang has claimed responsibility for an attack on National Health Services, a major retail organization in Brazil. The group threatens to publish stolen data.
retail sector targeted in new typhon campaign
Multiple retail organizations across Australia report being targeted by typhon ransomware in coordinated attacks.
Global Industries pays $3.5M ransom to tsunami
Global Industries reportedly paid $15 million to tsunami ransomware operators. The attack affected operations for 6 days.
sexi leaks 2000GB of data from BMW AG
The sexi ransomware group has published 1000GB of stolen data from BMW AG after ransom negotiations failed.
inc_lynx leaks 500GB of data from Siemens AG
The inc_lynx ransomware group has published 500GB of stolen data from Siemens AG after ransom negotiations failed.
arcusmedia exploits zero-day vulnerability in Citrix NetScaler
Security researchers confirm arcusmedia is actively exploiting a critical vulnerability in SonicWall SMA to deploy ransomware.
Ransomware attacks surge 60% in Q4 2026
New report shows ransomware attacks increased 35% compared to the previous quarter. vanir remains the most active group.
Deutsche Bank AG pays $2M ransom to rhysida_v2
Deutsche Bank AG reportedly paid $10 million to rhysida_v2 ransomware operators. The attack affected operations for 10 days.
Roche Holding pays $15M ransom to daransom
Roche Holding reportedly paid $3.5 million to daransom ransomware operators. The attack affected operations for 10 days.
financial sector targeted in new scriptleak campaign
Multiple financial organizations across Japan report being targeted by scriptleak ransomware in coordinated attacks.
Ransomware attacks surge 25% in Q1 2026
New report shows ransomware attacks increased 25% compared to the previous quarter. storm0501 remains the most active group.
CISA warns of active exploitation by trinity ransomware
CISA has issued an advisory warning organizations about active exploitation campaigns by the trinity ransomware group.