Ransomware in April 2025—RansomHub is gone
While DaVita and Marks & Spencer reel from devastating attacks, the most dominant ransomware group of the last year has…
1 minute
Threat Intelligence
Ransomware in March 2025
March 2025 saw a huge number of ransomware attacks, and the Pennsylvania State Education Association quietly notify over 500,000 current…
1 minute
Has AI changed malicious script obfuscation techniques?
Obfuscation techniques have changing since generative AI became widely available.
3 minutes
Fake Booking.com emails target hotels
A new phishing campaign is using a famous brand to compromise hotels.
1 minute
Ransomware in February 2025—Cl0p and RansomHub run riot
The Cl0p ransomware group posted data on 335 victims in February 2025, by far the largest one month total any…
2 minutes
Phishers go “interplanetary” to get company login credentials
An ongoing campaign to harvest company login credentials is using IPFS to host its phishing pages.
1 minute
“Enhanced Bonus” QR code phish steals Microsoft credentials
A personalized phishing attack could lead to a catastrophic loss of credentials.
2 minutes
USB worms: Still wriggling on to under-protected computers after all these years
Malware doesn't care if it's being talked about or not.
2 minutes
ThreatDown State of Malware report 2025
The ThreatDown State of Malware report focuses on a few key developments that we witnessed in 2024.
2 minutes
Ransomware in December 2024—Cl0p returns
December 2024 saw the unwelcome return of the notorious Cl0p ransomware gang.
1 minute
Clipboard hijacker tries to install a Trojan
Criminals are attempting to get users to install malware from the clipboard.
2 minutes
Sysrv cryptomining botnet is still alive (and kicking out the competition)
Sysrv cryptomining botnets are still active, and analysis shows they are actively kicking out other malware.
4 minutes
Beluga phishing campaign targets OneDrive credentials
The Beluga phishing campaign uses .htm files to capture your company OneDrive credentials.
2 minutes
How the Black Basta ransomware gang hides Cobalt Strike beacons with PowerShell
Ransomware gangs love PowerShell.
4 minutes
A visit to a print shop put a password stealer on a co-worker’s laptop
Old-school malware distribution methods have a habit of hanging around long after people stop talking about them.
2 minutes
Watch out! Mobidash Android adware spread through phishing and online links
ThreatDown has uncovered a new campaign spreading the MobiDash adware for Android.
1 minute
Ransomware review: September 2024
In August, we recorded a total of 442 ransomware victims, the second-most all year.
2 minutes
New RansomHub attack uses TDSSKiller and LaZagne, disables EDR
The attack signals a new shift in RansomHub's arsenal of tools.
3 minutes
Lowe’s employees targeted in new malvertising campaign
In August, Lowe's employees were the subject of a targeted campaign using fake ads and websites.
1 minute
Rise of Atomic Stealer signals a sea change in macOS malware
Atomic Stealer is the most popular malware-as-a-service on macOS because of highly active affiliate-driven distribution campaigns and constant feature upgrades.
4 minutes
