In recent quarters, ransomware threat actors have faced a steep drop in profits as an increasing number of victims refuse to pay. This decline has prompted cybercriminals to reassess their tactics and explore alternative avenues to regain leverage. Ransomware payment rates have sunk to record
In 2025, cybersecurity researchers uncovered a new and unusual scam from a Russian hacking group known as ColdRiver. The group, also known as Star Blizzard or the Callisto Group, had discovered a way to exploit one of the Internet's most familiar security tools, the "I am not a robot" CAPTCHA, and t
A recent campaign demonstrates how modern malvertising, ads pointing to malicious websites, can use legitimate search channels to trick technically sophisticated users into installing powerful macOS information-stealing malware. Operators bought Google Ads that pointed to convincing fake download p
In October 2025, Microsoft revealed new research into a wave of cyberattacks it calls "Payroll Pirate", in an attack campaign targeting university employees across the United States. The attackers behind it are not after student data or research secrets. Instead, they aim to redirect staff paychecks
ClayRat, a newly discovered Android spyware family, has emerged as a sophisticated and rapidly proliferating threat that researchers say primarily targets Russian-speaking users. Security analysts at Zimperium first cataloged the campaign and published detailed technical notes and indicators of comp
In September 2025, security researchers disclosed a critical vulnerability in Fortra's GoAnywhere Managed File Transfer (MFT) platform. Tracked as CVE-2025-10035, the flaw has rapidly become a favored target for ransomware actors, particularly those deploying Medusa ransomware. The vulnerability an
In late September 2025, a wave of extortion emails began arriving at executives and IT leaders of organizations running Oracle's E-Business Suite (EBS). The messages claimed that attackers had stolen sensitive enterprise data and demanded payment to prevent public disclosure. The emails surfaced on
In recent months, cybersecurity researchers have raised concerns about a sophisticated and rapidly evolving Akira ransomware campaign targeting SonicWall SSL VPN appliances. The attackers have demonstrated an unsettling ability to bypass one-time password multifactor authentication (MFA), move later
Cybercriminals have increasingly weaponized trust: instead of exploiting zero-day flaws, they trick users into installing malicious software that impersonates legitimate apps. In a large-scale campaign observed by Malwarebytes in 2025, threat actors published convincing GitHub pages that posed as do
FileFix's latest evolutions show how a clever user-interaction trick plus a dusting of steganography can turn familiar OS features into a stealthy malware-delivery pipeline. Security researchers observed an active campaign that hides a second-stage PowerShell script and encrypted payloads inside see