Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems
The group is using zero-days, quickly weaponizes fresh bugs, and exfiltrates and encrypts data within days of initial access. The post Medusa Ransomware Fast...
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1041 — Exfiltration Over C2 Channel (Exfiltration)
Clear filter88 articles found
Microsoft says Medusa-linked Storm-1175 is speeding ransomware attacks
Microsoft has warned that Storm-1175, a cybercrime group linked to Medusa ransomware, is exploiting vulnerable web-facing systems in fast-moving attacks, at ...
Medusa ransomware group using zero-days to launch attacks within 24 hours of breach, Microsoft says
Microsoft said it has been alarmed to see how effective Medusa actors are, citing multiple cases where the group can move from initial access to data exfiltr...
Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations
The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize recently disclosed vulnerabilities...
Trojanized PyPI AI Proxy Steals Claude Prompt, Exfiltrates Data
A malicious PyPI package, hermes-px, that masquerades as a “Secure AI Inference Proxy” while secretly stealing user prompts and abusing a private university ...
Critical Claude Code Flaw Silently Bypasses User-Configured Security Rules
Anthropic’s flagship AI coding agent, Claude Code, was recently discovered to contain a critical security flaw that silently bypasses developer-configured sa...
Die Linke German political party confirms data stolen by Qilin ransomware
The Qilin ransomware group has claimed responsibility for an attack against Die Linke ('The Left'), forcing an IT systems outage at the political party, and ...
ShinyHunters issues final warning to Cisco over alleged data theft
ShinyHunters alleges access to data from three breach paths: UNC6040, Salesforce Aura, and compromised AWS accounts, claiming over three million Salesforce r...
Progress ShareFile vulnerabilities allow unauthenticated file exfiltration
Researchers at watchTowr identified an authentication bypass (CVE-2026-2699) and a remote code execution flaw (CVE-2026-2701) within the Storage Zones Contro...
Evolution of Ransomware: Multi-Extortion Ransomware Attacks
Multi-extortion ransomware relies on stolen data to pressure victims with public leaks. Penta Security explains how its D.
CrystalX RAT: new MaaS malware combines spyware, stealer, and remote access
CrystalX RAT, a new sophisticated MaaS malware, combines spyware, data theft, and remote access, allowing attackers to monitor victims. In March 2026, Kasper...
Hackers Weaponize Venom Stealer via ClickFix Lures for Massive Data Exfiltration
Hackers are increasingly turning simple social engineering tricks into full-scale data theft operations, and a newly identified malware platform called Venom...
Software supply chain hacks trigger wave of intrusions, data theft
After linking the Axios npm supply chain attack to North Korean hackers, Google researchers warned that “hundreds of thousands of stolen secrets could potent...
New Progress ShareFile flaws can be chained in pre-auth RCE attacks
Two vulnerabilities in Progress ShareFile, an enterprise-grade secure file transfer solution, can be chained to enable unauthenticated file exfiltration from...
GitHub Used as Covert Channel in Multi-Stage Malware Campaign
LNK files use GitHub C2, embedded decoders and PowerShell for persistence and data exfiltration
New CrystalRAT malware adds RAT, stealer and prankware features
A new malware-as-a-service called CrystalRAT is being promoted on Telegram, offering remote access, data theft, keylogging, and clipboard hijacking capabilit...
Monetization of ransomware-stolen data touted by new cybercrime service
Affiliates and customers are being sought by the new Leak Bazaar cybercrime service, which was reported by Flare researchers to be promoted across the dark w...
Bogus LinkedIn message alerts enable credential siphoning
Malicious actors have been distributing fraudulent LinkedIn alert messages for potential job opportunities to facilitate credential exfiltration in a new phi...
AWS environments targeted by TeamPCP
Threat operation TeamPCP, also known as PCPcat, DeadCatx3, and ShellForce, has tapped credentials siphoned from its sweeping supply chain attacks against Tri...
New Venom Stealer MaaS Platform Automates Continuous Data Theft
Venom Stealer malware-as-a-service automates ClickFix social engineering, credential and crypto exfiltration