Ransomware in April 2025—RansomHub is gone
While DaVita and Marks & Spencer reel from devastating attacks, the most dominant ransomware group of the last year has…
1 minute
Threats
Ransomware in March 2025
March 2025 saw a huge number of ransomware attacks, and the Pennsylvania State Education Association quietly notify over 500,000 current…
1 minute
Why YOUR software is the new malware
Cybercriminals are increasingly turning away from malware and shifting to a stealthier approach known as Living Off the Land (LOTL).
1 minute
Ransomware in February 2025—Cl0p and RansomHub run riot
The Cl0p ransomware group posted data on 335 victims in February 2025, by far the largest one month total any…
2 minutes
Phishing, now available on your favorite app store!
Although we tend to associate phishing attacks with emails, on Android they often come from innocent-looking apps.
1 minute
AI as you know it is dead, and cybersecurity will never be the same
The arrival of autonomous “agentic” AIs could finally deliver the profound cybersecurity disruption many expected from ChatGPT in 2022.
2 minutes
Ransomware in January 2024—bad news for US healthcare
January 2025 saw some high profile attacks and no shortage of bad news for the US healthcare sector.
0 minutes
How a clipboard hijacker delivers Lumma Stealer
The use of fake Captcha websites has doubled in only a few months.
3 minutes
Ransomware in December 2024—Cl0p returns
December 2024 saw the unwelcome return of the notorious Cl0p ransomware gang.
1 minute
Clipboard hijacker tries to install a Trojan
Criminals are attempting to get users to install malware from the clipboard.
2 minutes
Sysrv cryptomining botnet is still alive (and kicking out the competition)
Sysrv cryptomining botnets are still active, and analysis shows they are actively kicking out other malware.
4 minutes
Why ransomware gangs want you to keep using that GPON router
A vulnerability found in 2018 is ranked #6 on the list of most attacked vulnerabilities.
2 minutes
Ransomware gangs target SonicWall vulnerability
SonicWall is urging customers affected by CVE-2024-40766 to "please apply the patch as soon as possible."
2 minutes
At last! Microsoft calls time on ActiveX in Office 2024
When Office 2024 is released next month, ActiveX controls will be off by default in client apps like Word, Excel,…
2 minutes
You have one minute to save your leaked AWS credentials
New research suggests that cyber-thieves can discover and use leaked credentials in a matter of seconds.
3 minutes
Rise of Atomic Stealer signals a sea change in macOS malware
Atomic Stealer is the most popular malware-as-a-service on macOS because of highly active affiliate-driven distribution campaigns and constant feature upgrades.
4 minutes
Rhysida using Oyster Backdoor to deliver ransomware
In a recent attack, Rhysida used a new variant of the Oyster backdoor, also known as Broomstick.
3 minutes
Fake CrowdStrike hot fix leads to Remcos Trojan
To nobody's surprise, cybercriminals are abusing the CrowdStrike outage.
2 minutes
Why Microsoft? Why?
A vulnerability in IE (yes! IE!) has been used for over a year as a zero-day to plant infostealers on…
3 minutes
