UNC3753 Targets US Law Firms with Vishing, RMM Tools, and Physical Break-Ins
Threat cluster UNC3753, widely tracked as Silent Ransom Group or Luna Moth, is actively targeting professional, legal, and financial services in the United S...
NSO
Unknown
auto-detected
AI Intelligence Brief cached
Edit Profile
Entity Relationships
Related YARA Rules View all on YARA Rules page →
90-Day Activity
All Articles (166)
Last 90 Days
All Time
Silent Ransom Group (SRG): Switching To DNS Fast Flux Infrastructure
Researchers exposed the Silent Ransom Group ‘s Fast Flux infrastructure as the FBI warns of ongoing attacks targeting U.S.
In Other News: Anthropic Maps AI Threats, Unpatched Comodo Flaw, Palantir Chief Eyed for CISA
Other noteworthy stories that might have slipped under the radar: Ultrahuman data leak, The Gentlemen ransomware analysis, Hola Browser bundles miner. The po...
AI tools becoming hot commodities on ransomware marketplaces
Sales of AI-based tools is accelerating within underground ransomware marketplaces, lowering the barrier to entry for new actors in the process. An analysis ...
VECT 2.0 Ransomware Breaks Files Beyond Its Own Recovery
VECT 2.0 ransomware can leave victims with files that even the attacker’s own decryptor cannot reliably restore.
Malicious ChatGPT Download Website Tricks Users via Sponsored Search Listings
Threat actors are abusing paid search ads to push a fake ChatGPT download site, underscoring how malvertising is increasingly used to target users who trust ...
Payouts King Ransomware Bypasses EDR via Obfuscation and Direct Syscalls
Payouts King ransomware has emerged as a notable post-BlackBasta threat, leveraging advanced obfuscation and direct system calls to evade endpoint detection ...
The U.S. sanctions Nobitex crypto exchange used by ransomware
The U.S.
AI accelerates development of ransomware toolkit with EDR evasion capabilities
The toolkit, discovered by Sophos, includes features such as Cobalt Strike profiles to disguise beacon traffic, a Telegram bot API for command and control, P...
Gentlemen Ransomware Exploits Fortinet Flaws, AI, and Custom C2 Tools
A newly analyzed leak tied to The Gentlemen ransomware group reveals how modern ransomware operations are evolving in structure and tooling while relying on ...
AI may finally unlock the cyber budgets CISOs have wanted for years
For nearly two decades, cybersecurity leaders have faced the same reality: No matter how catastrophic the latest breach, ransomware attack, or nation-state i...
A small Slovenian team handles 6,000 cyber incidents a year
Online fraud complaints, ransomware cases, and phishing tips reach Slovenia’s national cyber response center in steady volume, and a team of around a dozen a...
North Korean APT Targets macOS to Steal Crypto Wallets and SSH Keys
A newly uncovered macOS intrusion campaign attributed to the North Korean state-sponsored threat group Sapphire Sleet, also known as BlueNoroff or UNC1069, i...
AI-built ransomware toolkit automates EDR evasion, AD discovery
A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR)...
Ransomware leak posts show weekday peak, October spikes
The data analyzed by the Ransomnews Research Team indicates that ransomware operations largely follow a business week, with significantly fewer posts on Sund...
Digital Intelligence Lab launches observatory to connect cyber events with geopolitical context
The DIL Observatory maps cyber incidents, including ransomware attacks, data breaches, and cyber militia activity, alongside their geopolitical and social co...
Ransomware Operators Keep Business Hours. The Data Proves It
16,699 ransomware leak posts over 2 years show 84% drop Monday–Friday, peak at European afternoon hours. October spikes yearly.
Ransomware Operators Keep Business Hours. The Data Proves It
16,699 ransomware leak posts over 2 years show 84% drop Monday–Friday, peak at European afternoon hours. October spikes yearly.
CISA adds Daemon Tools, TanStack, and Nx Console compromised versions to KEV catalog
The vulnerabilities include compromised versions of Daemon Tools Lite (CVE-2026-8398), TanStack npm packages (CVE-2026-45321), and the Nx Console extension (...
Ransomware Abuses SYSTEM Task to Encrypt Drives with Elevated Privileges
A newly analyzed ransomware strain, “The Gentlemen,” is raising concern among security researchers due to its ability to combine strong encryption with aggre...