Hackers Use Vulnerable Windows Drivers to Kill EDR in Ransomware Attacks
Hackers increasingly rely on vulnerable, legitimately signed Windows drivers to neutralize endpoint defenses, turning defense evasion into a decisive phase o...
Hackers increasingly rely on vulnerable, legitimately signed Windows drivers to neutralize endpoint defenses, turning defense evasion into a decisive phase o...
Police arrested the alleged admin of XSS.is, a major cybercrime forum whose trusted escrow service helped power the underground economy.
The Microsoft Defender vulnerability CVE-2026-33825 was exploited in the wild as a zero-day before patches were released. The post BlueHammer Vulnerability E...
BumbleBee and AdaptixC2 are being used in a highly efficient intrusion chain that starts with Bing SEO poisoning and ends with Akira ransomware deployment, s...
SystemBC (also tracked as Coroxy) remains a versatile and persistent Windows malware family that operators routinely deploy to convert compromised hosts into...
The Blackfield ransomware gang is asking for a $2 million ransom from Nidec Corporation, a large Japanese manufacturer of electronic components for automotiv...
From outsourced labor to tiered pricing models, an inside look at how today's top ransomware threats operate less like rogue hackers and more like Fortune 50...
CISA confirmed on Monday that ransomware gangs are now exploiting a Microsoft Defender privilege escalation vulnerability, dubbed BlueHammer, that has previo...
Report Fraud data reveals that more than half of 323 UK ransomware victims last year were SMEs
Kaspersky researchers analyze incidents related to The Gentlemen RaaS group, disclose their tools and TTPs, and find a new ransomware variant.
Experts warn the Jaguar Land Rover breach bears hallmarks of Kremlin-backed hackers, citing novel ransomware, strategic timing and efforts to obscure attribu...
Woodgnat Hackers use Backdoor.Mistic, a stealthy RAT, to let brokers compromise networks and sell entry points to ransomware groups, putting firms at risk.
Australia’s Security Intelligence Organization (ASIO) has uncovered an attack on a critical infrastructure operator’s network. State-sponsored actors had com...
Apple removed VK's flagship social network VKontakte, often described as Russia's equivalent of Facebook, along with VK Music, VK Messenger, VK Video, Odnokl...
Ransomware attacks against European organizations increased during the first months of 2026, with third-party suppliers becoming a major entry point for atta...
The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called STOCKSTAY that has been deploye...
The Edgecution malware exploits the Chrome Native Messaging protocol to enable communication between browser extensions and native desktop applications.
Upwind’s AI Sensor links endpoint activity with cloud context, helping teams track MCP connections, AI actions, identities and developer risk in one view today.
Mistic is a stealthy backdoor used by KongTuke-linked actors to keep long-term access in ransomware-targeted networks. Mistic is the kind of backdoor that te...
Analysis of ransomware incidents by researchers at Black Kite found that attacks have risen by over 50% in the last year, with supply chain attacks increasing