FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data
The FBI has issued an alert warning of Silent Ransom Group attacks targeting law firms. The post FBI: Hackers Sending Operatives in Person to Insert USB Driv...
NSO
Unknown
auto-detected
AI Intelligence Brief cached
Edit Profile
Entity Relationships
Related YARA Rules View all on YARA Rules page →
90-Day Activity
All Articles (166)
Last 90 Days
All Time
Microsoft Defender Gains Auto-Isolation Feature to Block Ransomware Spread
Microsoft Defender XDR has introduced automatic attack disruption capabilities that autonomously contain ransomware and sophisticated cyberattacks in real-ti...
When ransomware shutters the ER, cyber resilience can help teams mitigate the damage
Here’s five ways to implement a cyber resilience plan well before a medical facility experiences a crisis.
The Hidden Ransomware Economy Running on Exposed Databases
A 5-year study on the Ransomware Economy found that 30,515 exposed databases were hit by ransom attacks, causing massive damage despite victims never paying....
NightSpire Ransomware Abuses RDP for Stealthy Persistence
NightSpire has quickly emerged as a significant ransomware threat since its discovery in early 2025, combining classic double-extortion tactics with stealthy...
Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning
The Iranian state-sponsored threat actor known as Nimbus Manticore (aka Screening Serpens and UNC1549) has been attributed to a fresh campaign using lures im...
Product showcase: F-Secure Internet Security blocks phishing sites, fake stores, and SMS scams
F-Secure Internet Security protects against viruses, ransomware, spyware, infected email attachments, and other cyber threats. It focuses on securing devices...
Ransomware Uses ChaCha20 and Curve25519 to Encrypt Windows Files
Payload ransomware is a new Windows ransomware family that combines ChaCha20 stream encryption with per-file Curve25519 ECDH key exchange, making victim data...
To pay, or not to pay: 58% of CISOs say they would pay the ransom for their data
If you were hit by ransomware tomorrow, would you pay to get your data back? That’s what more than half of CISOs in a recent survey said their organization w...
Kazuar Malware Becomes Modular Spyware for Secret Blizzard Ops
A major evolution in the Kazuar malware family, a long-standing cyber espionage tool linked to the Russian state-sponsored threat group Secret Blizzard, also...
Why pure extortion is replacing traditional ransomware
Ransomware gangs are shifting from encryption to pure extortion, focusing on stolen data, reputational pressure, and stealthier attacks. Ransomware groups ar...
First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups
Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure...
Russian Hackers Exploit RDP, VPNs, Supply Chains for Initial Access
Russian state-sponsored and aligned threat groups are increasingly combining Remote Desktop Protocol (RDP), Virtual Private Networks (VPNs), supply chain com...
‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested
The FBI says First VPN has been used by dozens of ransomware groups for network reconnaissance and intrusions. The post ‘First VPN’ Cybercrime Service Disrup...
Authorities Take Down “First VPN” Service Used in Ransomware Attacks
Authorities in Europe have dismantled a major criminal VPN service known as “First VPN,” which was widely used by ransomware operators and cybercriminal grou...
Deleted Google API keys remain active for up to 23 minutes, study finds
While the Google Cloud Platform console indicates immediate deletion, researchers found that keys take an average of 16 minutes to become fully inactive, wit...
Global law enforcement operation takes First VPN offline
Police seized First VPN in a global crackdown, exposed its cybercrime users, and shut down infrastructure tied to ransomware and data theft. A major internat...
Cybercriminal VPN Dismantled in Europol Crackdown
First VPN, a service used by ransomware actors and fraudsters, was dismantled by Europol
GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension
A threat actor compromised an Nx developer and posed as a legitimate maintainer to publish a malicious extension on Visual Studio Marketplace
Authorities dismantle First VPN, used by ransomware actors
First VPN, a virtual private network service marketed to cybercriminals, promising anonymity for its users, was taken offline on May 19 and 20 as part of Ope...