PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware
Apr 09, 2025Ravie LakshmananVulnerability / Ransomware
Microsoft has revealed that a now-patched security flaw impacting the Windows Common Log File System (CLFS) was exploited as a zero-day in ransomware attacks...
FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites
Apr 02, 2025Ravie LakshmananRansomware / Email Security
The financially motivated threat actor known as FIN7 has been linked to a Python-based backdoor called Anubis (not to be confused with an...
⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More
Mar 31, 2025Ravie LakshmananThreat Intelligence / Cybersecurity
Every week, someone somewhere slips up—and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud tool becomes the...
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp.
The activity has...
BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability
Mar 29, 2025Ravie LakshmananCybercrime / Vulnerability
In what's an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock,...
Hackers Repurpose RansomHub’s EDRKillShifter in Medusa, BianLian, and Play Attacks
Mar 27, 2025Ravie LakshmananEndpoint Security / Ransomware
A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play.
The connection stems from the...
RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment
Mar 26, 2025The Hacker NewsRansomware / Endpoint Security
The Russian-speaking hacking group called RedCurl has been linked to a ransomware campaign for the first time, marking a departure in the...
VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware
Mar 24, 2025Ravie LakshmananMalware / Encryption
Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code (VSCode) Marketplace that are designed to deploy ransomware that's under development to...
⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More
Mar 24, 2025Ravie LakshmananWeekly Recap / Hacking
A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled,...
VanHelsing RaaS Launch: 3 Victims, $5K Entry Fee, Multi-OS, and Double Extortion Tactics
Mar 24, 2025Ravie LakshmananMalware / Ransomware
A ransomware-as-a-service (RaaS) operation called VanHelsing has already claimed three victims since it launched on March 7, 2025.
"The RaaS model allows a wide range...
