Tag

Ransomware

All articles tagged with #ransomware

technology2 hours ago•14 min saved

GTA 6 Studio Hit by Cloud Breach, Hackers Warn of Data Leak Over Ransom

Hackers ShinyHunters claim Rockstar Games’ cloud environment was breached and threaten to leak a data cache unless a ransom is paid by April 14; Rockstar later confirmed a data breach but said only a limited amount of non-material company information was accessed via a third-party service, with no impact on players or operations. The attackers are believed to have targeted corporate data (contracts, financials, marketing), not user passwords or personal gamer data.

via Kotaku|

#data-breach #gta-6 #ransomware

technology14 days ago•8 min saved

AI-Driven Cyber Threats Push Defenders Into a Two-Year Sprint

At RSA Conference, security leaders warn AI is accelerating vulnerability discovery and enabling autonomous, scalable cyber offenses, creating a two-year window of upheaval where defenders struggle to patch faster than attackers weaponize. They foresee AI-driven exploits, faster patch cycles, and a need to rethink defense—potentially with machine-speed autonomous responses and a reimagined cyber defense ecosystem—while noting national-security implications. Optimism rests on rapid, defensible AI advances, but the timeline remains tight: two years, maybe longer, to harden defenses.

via cyberscoop.com|

#artificial-intelligence #cybersecurity #defense-in-depth

security22 days ago•4 min saved

BYOVD Enables 54 EDR Killers to Undermine Defenses Ahead of Ransomware

An ESET study finds 54 EDR killer tools abuse Bring-Your-Own-Vulnerable-Driver (BYOVD) tactics across 34 signed drivers to gain kernel privileges, disable security tools, and pave the way for ransomware encryptors; actors range from closed ransomware groups and PoC tweakers to underground marketplace vendors, with some variants using scripting or driverless approaches. The report emphasizes the need for layered defenses and tighter monitoring of driver loading to disrupt attacks at multiple stages.

via The Hacker News|

#byovd #edr-killers #kernel-mode

technology28 days ago•8 min saved

Ransomware Reality: Hospitals Under Siege in Real Life and On Screen

Politico argues HBO’s The Pitt spotlights a growing real‑world threat: ransomware attacks crippling hospital networks, forcing downtime, paper-based care, and patient diversions. Real incidents like the Stryker outage and Mississippi’s medical center disruptions show outages can last weeks and jeopardize care, prompting calls for federal funding, improved agency collaboration, and stronger policy—while some polls suggest such attacks could be viewed as acts of war.

via Politico|

#cybersecurity #healthcare #hospitals

technology1 month ago•12 min saved

AI-Driven Threats Blur the Line Between Daily Activity and Breach

ThreatsDay flags AI-enhanced threats accelerating breaches and blurring into everyday activity: Kali Linux now integrates Claude via MCP for natural-language command execution; campaigns include Bitpanda phishing, four-minute lateral movement, and Mac/WinRAR exploits, aided by ad cloaking, typosquatting, and social engineering, as threat actors fragment post-RAMP and increasingly use AI-driven tactics.

via The Hacker News|

#ai #cybersecurity #phishing

security1 month ago•2 min saved

BeyondTrust Flaw Sparks Global Web Shell Campaigns and Data Theft

Threat actors are exploiting CVE-2026-1731 in BeyondTrust RS/PRA to run OS commands, deploy web shells and backdoors, establish C2, and exfiltrate data across sectors worldwide. Unit 42 reports use of a thin-scc-wrapper via WebSocket to execute commands in the site user context, effectively taking control of appliances and traffic. Campaigns include PHP backdoors, VShell, a bash dropper, and Spark RAT, with staged exfiltration of config files, internal databases, and PostgreSQL dumps. The activity aligns with prior CVE-2024-12356 issues, and CISA KEV confirms exploitation in ransomware operations.

via The Hacker News|

#beyondtrust #cve-2026-1731 #data-exfiltration

technology2 months ago•3 min saved

BridgePay ransomware outage cripples payment gateway; no card data exposed

BridgePay Network Solutions suffered a ransomware attack that disabled its payment gateway in a nationwide outage; officials say no payment card data was compromised and any accessed files were encrypted, with the FBI and U.S. Secret Service assisting in the investigation as recovery continues, while some merchants report cash-only transactions amid the disruption.

via BleepingComputer|

#cybersecurity #law-enforcement #outage

cybersecurity2 months ago•27 min saved

Week in Cybersecurity: Proxy Botnet Disrupted, Office Zero-Day Patched, MongoDB Extortion Surges

This weekly cybersecurity digest flags a busy threat landscape: Google disrupted the IPIDEA residential proxy network, shrinking attackers’ exit nodes; Microsoft patched a critical Office zero-day (CVE-2026-21509) and Ivanti fixed EPMM flaws (CVE-2026-1281/1340); CERT Polska linked destructive attacks on wind/solar facilities to Static Tundra; new campaigns include Operation Bizarre Bazaar targeting exposed AI endpoints and a surge of MongoDB extortion against over 1,400 exposed databases; other notes cover Exfil Out&Look via Outlook add-ins, PyRAT’s cross‑platform capabilities, TA584’s evolving attack chain with Tsundere Bot and XWorm, and related cybercrime trends.

via The Hacker News|

#artificial-intelligence #cybersecurity #ransomware

technology2 months ago•3 min saved

WinRAR CVE-2025-8088 Seized by State and Criminal Actors After Patch

Google’s Threat Intelligence Group reports active exploitation of WinRAR CVE-2025-8088 by both state-backed and financially motivated actors, even after a patch (WinRAR 7.13, July 30, 2025). The flaw is used for initial access via a path-traversal method that drops a malicious LNK in the Windows Startup folder/ADS, with campaigns tied to RomCom/UNC4895, UNC2596 (Cuba ransomware), Sandworm, Gamaredon, Turla, and a China-based actor delivering Poison Ivy, deploying payloads such as SnipBot, AsyncRAT, and XWorm and even browser extensions for Brazilian banking sites. The widespread activity underscores an active underground market for exploits and persistent defense gaps, with a separate flaw CVE-2025-6218 also being exploited by multiple groups.

via The Hacker News|

#cve-2025-8088 #malware #ransomware

technology2 months ago•31 min saved

AI-Driven Threats Set to Redefine Cybercrime in 2026

ZDNET reports that 2026 could see AI weaponization reach a new level, with threat actors deploying AI-enabled malware and agentic AI to automate reconnaissance, phishing, lateral movement, and data theft at machine speed, while prompt injection and misconfigurations expand attack surfaces via APIs and AI-enabled browsers. Attacks will target IT and OT, with ransomware evolving into data extortion across supply chains, insiders and North Korean operators widening campaigns, and nation-states pursuing longer-term strategic objectives. CISOs will be held more accountable and cyber-resilience will become a competitive differentiator, driving upskilling and greater use of managed security services.

via ZDNET|

#ai #cybersecurity #identity-management

crime3 months ago•2 min saved

US Cybersecurity Experts Admit to Ransomware Crimes and Face Prison

Two cybersecurity professionals pleaded guilty to running ransomware attacks using their skills to extort victims, including a medical device company that paid $1.2 million, with plans for sentencing in March. They were involved with the ALPHV BlackCat ransomware group, known for major attacks like on Change Healthcare, and face potential 20-year sentences.

via theregister.com|

#alphv #crime #cryptocurrency

technology3 months ago•2 min saved

US Cyber Experts Admit to Ransomware Ties, Impacting Market

Two U.S. cybersecurity professionals, Ryan Goldberg and Kevin Martin, pleaded guilty to conspiring with the ransomware gang ALPHV Blackcat to extort American companies, facing up to 20 years in prison, highlighting concerns about insider threats in the digital protection industry.

via Reuters|

#alphv-blackcat #cybersecurity #extortion

technology3 months ago•2 min saved

Holiday Cybersecurity Risks: Protecting Travelers and Shoppers from Cyberattacks

Hackers exploit the holiday season when security teams are reduced and companies are less vigilant, leading to a spike in cyberattacks like ransomware and phishing, with many high-profile incidents occurring during this period. Security teams prepare months in advance, and AI tools are suggested to help mitigate burnout and improve defenses during this vulnerable time.

via Axios|

#cybersecurity #hackers #holidays

world3 months ago•3 min saved

Interpol Arrests Nearly 600 Cybercriminals Across Africa in Major Operation

INTERPOL's Operation Sentinel led to the arrest of 574 suspects across 19 African countries, recovering $3 million and dismantling cybercrime networks involved in BEC, digital extortion, and ransomware, with estimated losses over $21 million. Additionally, a Ukrainian national pleaded guilty in the U.S. for Nefilim ransomware activities, highlighting ongoing international cybercrime efforts.

via The Hacker News|

#africa #arrests #cybercrime

cybersecurity5 months ago•3 min saved

Security Risks in VS Code Extensions: Ransomware, Cryptomining, and Supply Chain Threats

Cybersecurity researchers discovered a vibe-coded malicious VS Code extension with built-in ransomware capabilities, which exfiltrates and encrypts files, and uses GitHub as a command-and-control server. Additionally, 17 npm packages disguised as SDKs were found to stealthily deploy Vidar Stealer, highlighting ongoing supply chain threats in open-source ecosystems. Microsoft has removed the malicious extension from the marketplace, emphasizing the importance of vigilance in software development.

via The Hacker News|

#ai-generated-malware #cybersecurity #malicious-vs-code-extension