Digital Shadows

FEBRUARY 17, 2025

Key Findings First observed in March 2024, BlackLock (aka El Dorado or Eldorado) has rapidly emerged as a major player in the ransomware-as-a-service (RaaS) ecosystem. By Q4 2024, it ranked as the 7th most prolific ransomware group on data-leak sites, fueled by a staggering 1,425% increase in activity from Q3.

Ransomware 83

Ransomware Malware Risk Accountability 83

Security Affairs

MAY 27, 2025

Sophos warns that a DragonForce ransomware operator chained three vulnerabilities in SimpleHelp to target a managed service provider. Sophos researchers reported that a DragonForce ransomware operator exploited three chained vulnerabilities in SimpleHelp software to attack a managed service provider.

Ransomware 106

Ransomware Software Retail Data breaches 106

Security Affairs

APRIL 30, 2025

The RAT supports advanced evasion techniques, including living-off-the-land ( LOTL ) tactics and encrypted command and control (C2) communications. ” Nebulous Mantis imitates trusted services like OneDrive to trick victims into downloading infected files, often hosted on Mediafire. . ” continues the report.

Encryption 103

Encryption Ransomware Malware Phishing 103

SecureList

OCTOBER 21, 2024

Kral In mid-2023, we discovered the Kral downloader which, back then, downloaded the notorious Aurora stealer. This changed in February this year when we discovered a new Kral stealer, which we believe is part of the same malware family as the downloader due to certain code similarities. That file is the Kral downloader.

Passwords 123

Passwords Malware Encryption Cryptocurrency 123

SecureList

NOVEMBER 29, 2024

The malware, which received commands via the Dropbox cloud service, was used to download additional payloads. The threat actor specializes in encrypting and then deleting its targets’ data, which suggests that the group’s primary objective is to cause as much damage as possible.

Energy and Utilities 99

Energy and Utilities Ransomware Malware Government 99

SecureWorld News

JANUARY 16, 2025

A report from 2023 revealed that 67% of energy and utility companies faced ransomware attacks, with many incidents exploiting unpatched vulnerabilities. Conducting regular training sessions on recognizing phishing emails, avoiding suspicious downloads, and following cybersecurity protocols can build a resilient workforce.

Energy and Utilities 109

Energy and Utilities IoT Backups Threat Detection 109

Security Affairs

APRIL 5, 2025

Port of Seattle is notifying 90,000 people of a data breach after personal data was stolen in a ransomware attack in August 2024. In September 2024, Port of Seattle confirmed that the Rhysida ransomware group was behind the cyberattack. The Rhysida ransomware group has been active since May 2023. ” concludes the notice.

Data breaches 98

Data breaches Ransomware Cyber Attacks Manufacturing 98

Thales Cloud Protection & Licensing

OCTOBER 24, 2024

Encrypt "non-public" data both at rest and in motion or use effective alternative compensating controls for information at rest if approved by the CISO in writing. The feasibility of encryption and effectiveness of the compensating controls shall be reviewed by the CISO at least annually.

Financial Services 62

Financial Services Cybersecurity CISO Backups 62

Malwarebytes

MAY 1, 2025

Whereas early phishing scams arrived almost entirely through emails, modern phishing scams can reach victims through malicious websites, text messages, social media, and even mobile app downloads. LockBit, which was once the most active ransomware gang in history, had at least 194 affiliates doing its dirty work.

Small Business 82

Small Business Cybersecurity Scams Passwords 82

SecureList

DECEMBER 18, 2024

3:8092/sdc.exe In some reverse shell incidents, we also found traces of Revenge RAT ( 48210CA2408DC76815AD1B7C01C1A21A ) being run through the PowerShell process: powershell.exe -WindowStyle Hidden -NoExit -Command [System.Reflection.Assembly]::LoadFile('C:Users<username>Downloads <exe_name> exe').EntryPoint.Invoke($null,

Encryption 84

Encryption Passwords Accountability Ransomware 84

IT Security Guru

JANUARY 30, 2025

Malware Infections Malware is simply dangerous programs installed on devices through suspicious downloads or links. Ransomware This is malware that locks a platforms systems or personal files until a ransom is paid to regain access. Advanced Encryption Protocols Encryptions are really powerful.

Cyber Risk 95

Cyber Risk Risk Penetration Testing Accountability 95

eSecurity Planet

APRIL 21, 2025

Researchers at Trustwave SpiderLabs have linked the provider to a surge in dangerous activities from credential brute-forcing and mass vulnerability scanning to the delivery of ransomware, infostealers, and Android-targeted phishing campaigns. Once inside, they deploy a ransomware strain named SuperBlack, similar to LockBit 3.0,

Malware 70

Malware Phishing Ransomware VPN 70

SecureList

NOVEMBER 28, 2024

Except for the first-stage loader and the PipeShell plugin, all plugins are downloaded from the C2 and then loaded into memory, leaving no trace on disk. However, P8 contains many built-in functions and redesigns of the communication protocol and encryption algorithm, making it a well-designed and powerful espionage platform.

Malware 115

Malware Government Software Spyware 115

Thales Cloud Protection & Licensing

MAY 27, 2025

63% cited future encryption compromise 61% said key distribution, and 58% are concerned about the future decryption of todays data, including the harvest now, decrypt later threat. 48% of the respondents said they are assessing their current encryption strategies. This concern is amplified given the high reported number of APIs in use.

Threat Reports 62

Threat Reports Data breaches Encryption Phishing 62

SecureList

MARCH 13, 2025

The attackers used ProxyLogon to execute a command to download and launch CobInt on the server. Log } The ransomware executable also cleared system logs, as evidenced by a flag in the configuration of the samples that we have analyzed. r Download and extract archive remotely. -p An example download link is: hxxp://45[.]156[.]21[.]148:8443/winuac.exe

Energy and Utilities 74

Energy and Utilities Software Accountability Phishing 74

Webroot

FEBRUARY 21, 2025

Cybercriminals are constantly developing new malware , ransomware , and phishing attacks that can steal identities, encrypt memorable family photos and documents for ransom, and turn home computers into devices that criminals take over to send spam or steal data. This is where data encryption and automated backups come in.

Identity Theft 70

Identity Theft Backups Antivirus Encryption 70

Thales Cloud Protection & Licensing

OCTOBER 14, 2024

Looking at FinServ firms’ top threats, ransomware attacks against this sector continue to grow, with 18% saying they had suffered an attack. To address these, they must implement proactive measures, from formal ransomware response strategies to successful compliance audits, to enable them to remain in control of their security.

Financial Services 62

Financial Services Threat Reports Authentication Banking 62

Thales Cloud Protection & Licensing

MAY 7, 2025

Attackers can leverage these stolen credentials to slip through perimeter defenses, compromise cloud environments, and carry out ransomware attacks. Download our Phishing-Resistant MFA eBook and Passwordless 360 Report to learn more. High-profile breaches illustrate the devastating impact of credential-based attacks.

Phishing 71

Phishing Authentication Passwords Social Engineering 71

SecureList

APRIL 21, 2025

txt file contains aBase64-encoded PowerShell script that then downloads and runs theLumma Stealer. txt The script performs the following actions: Downloads the malware. It downloads the win15.zip The encrypted payload To decrypt the payload independently, we wrote a custom Python script that you can see in the screenshot below.

Malware 79

Malware Cryptocurrency Software Antivirus 79

Hacker's King

MAY 24, 2025

The aim here is malicious and weaker than what appears to achieve: make the user reveal intensely guarded secrets, login information, alongside financial details, and in some cases, download harmful software. Different types of malware include viruses, worms, spyware, ransomware, and trojans.

Cyber Attacks 59

Cyber Attacks Passwords Phishing Education 59

Thales Cloud Protection & Licensing

MAY 26, 2025

63% cited future encryption compromise 61% said key distribution, and 58% are concerned about the future decryption of todays data, including the harvest now, decrypt later threat. 48% of the respondents said they are assessing their current encryption strategies. This concern is amplified given the high reported number of APIs in use.

Threat Reports 62

Threat Reports Data breaches Encryption Phishing 62

Security Affairs

DECEMBER 20, 2024

The malware stole data and encrypted files to block remediation attempts. It was designed to download payloads intended to exfiltrate XG Firewall-resident data. The hackers exploited the SQL injection flaw to download malicious code on the device that was designed to steal files from the XG Firewall.

Firewall 64

Firewall Authentication Passwords Accountability 64

Digital Shadows

NOVEMBER 26, 2024

Despite a slowdown in “LockBit” ransomware activity due to law enforcement actions and a loss of affiliate trust, it remains a key player. Meanwhile, “RansomHub” is rising rapidly due to its attractive ransomware-as-a-service (RaaS) model. Despite the importance of employee training, sometimes it just isn’t enough.

Cyber Attacks 59

Cyber Attacks Phishing Ransomware Cyber Insurance 59

Security Boulevard

MARCH 21, 2025

In other scheme variations, the tools may offer to combine files into a single one such as by consolidating multiple photos into one PDF file or they may claim to be an MP3 or MP4 downloader.

Risk 67

Risk IoT Cybersecurity Manufacturing 67

BH Consulting

JUNE 30, 2025

Stolen data fuels the digital underworld, powering a criminal ecosystem that spans from online fraud and ransomware to child exploitation and extortion,” the agency said. The full 76-page report is available to download. MORE A fascinating look at the chaotic operations of a ransomware gang.

DNS 59

DNS Scams Accountability Marketing 59

Jane Frankland

JANUARY 12, 2025

Ransomware remains a prominent threat, but the methods have evolved. Double extortion ransomware is now a preferred techniquea devastating one-two punch where attackers not only encrypt a companys data but also steal sensitive information.

Cybersecurity 130

Cybersecurity CISO Insurance IoT 130

Security Affairs

DECEMBER 11, 2024

The malware stole data and encrypted files to block remediation attempts. “The malware that exploited the vulnerability discovered by Guan was designed to steal information from infected computers and to encrypt files on them if a victim attempted to remediate the infection. ” reads the press release published by DoJ.

Firewall 78

Firewall Hacking Malware Passwords 78

GlobalSign

JULY 16, 2025

User Authentication Mobile Device Authentication Machine and Server Authentication Client Certificates Digitally sign documents and encrypt sensitive emails. The NHS ransomware scare remains a sobering example of how cyber incidents can endanger lives through system paralysis. But what’s often overlooked is the reputational cost.

IoT 52

IoT Identity Theft Computers and Electronics Authentication 52

GlobalSign

JULY 14, 2025

User Authentication Mobile Device Authentication Machine and Server Authentication Client Certificates Digitally sign documents and encrypt sensitive emails. Microsoft’s 2023 Digital Defense Report shows that SMEs now account for 90% of all ransomware attacks. X Your file has been downloaded, click here to view your file.

Insurance 52

Insurance IoT Authentication Computers and Electronics 52

Penetration Testing

JUNE 9, 2025

Fortinet, Check Point, CrushFTP) ShadowPad samples used malicious implants like AppSov.exe, downloaded via PowerShell and curl from compromised internal infrastructure. These implants exfiltrated sensitive files such as certificates and cryptocurrency keys via a custom PowerShell exfiltration script.

Penetration Testing 90

Penetration Testing Advertising DNS Cybersecurity 90

Webroot

OCTOBER 31, 2024

This year has seen ransomware groups adapt and innovate, pushing the boundaries of their malicious capabilities and evasiveness from law enforcement. The ransomware sector, in particular, has witnessed the emergence of “business models,” with ransomware-as-a-service (RaaS) dominating the scene.

Malware 117

Malware Ransomware Healthcare Passwords 117

Security Boulevard

JUNE 26, 2025

Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On Subscribe to our Newsletters Most Read on the Boulevard 16 Billion Leaked Records May Not Be a New Breach, But They’re a Threat Scattered Spider Targets Aflac, Other Insurance Companies WhatsApp BANNED by House Security Goons — But Why?

Social Engineering 52

Social Engineering Data privacy Security Awareness Mobile 52

Security Boulevard

JANUARY 22, 2025

More than half (62.2%) of threat actor movements once they gained access involved attempting lateral movement within an environment and downloading tools designed for this purpose. that encrypt only was easier on-prem, whole encrypt+steal and post works in thecloud] Now, go and read the THR 11report! you go PRIVATE KEY SEARCH!!!]

Passwords 67

Passwords Social Engineering Accountability Encryption 67

Zero Day

JULY 17, 2025

Here's what's new Many of these organizations have begun using AI tools to enhance their digital security in conjunction with more traditional methods, like two-factor authentication and end-to-end encryption, according to a report of the survey findings published last month.

Artificial Intelligence 66

Artificial Intelligence Financial Services Digital transformation Software 66

Zero Day

JUNE 20, 2025

Before anyone views a camera or downloads or shares that camera's content, Wyze runs an instant check verification process to make sure the user ID on the content matches the one on the account trying to see it. How it works When you set up a Wyze camera , your user ID will be digitally stamped onto the camera's firmware.

Password Management 52

Password Management Small Business Artificial Intelligence Digital transformation 52

Zero Day

JULY 22, 2025

For starters, you can use a VPN on your phone that encrypts your phone's data. Also: The best power banks you can buy: Expert tested and reviewed How to safely use Wi-Fi at an airport There are a few ways to use public Wi-Fi safely.

Artificial Intelligence 55

Artificial Intelligence Digital transformation Banking Software 55

Zero Day

JUNE 27, 2025

Best-in-class features for secure online browsing The IVPN app uses the best encryption standards currently (AES 256-bit with perfect forward secrecy and ChaCha20-Poly 1305), as well as post-quantum cryptography. For example, you can connect to a US server via a UK server, thereby masking your IP address and getting double encryption.

VPN 59

VPN Password Management Small Business DNS 59