The Hacker News

Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks

AI-generated Slopoly malware used by Hive0163 in 2026 attacks maintained access for over a week, highlighting how AI ...

Termite ransomware breaches linked to ClickFix CastleRAT attacks

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor.
Hosted on MSN

Still using Windows 10? You're a prime target for ransomware now - unless you do this

Millions of computers globally are still running Windows 10. Attackers are ready, willing, and able to exploit unpatched PCs. Signing up for extended security updates is a crucial step. Hundreds of ...
The Hacker News

LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader

LeakNet uses ClickFix via compromised sites to gain access, enabling stealth attacks and scalable ransomware operations.
Dark Reading

Less Lucrative Ransomware Market Makes Attackers Alter Methods

Ransomware actors are ditching Cobalt Strike in favor of native Windows tools, as payment rates hit record lows and data theft surges.
Computerworld

Windows shortcut files targeted by ransomware gang Global Group

When Microsoft patched a vulnerability last summer that allowed threat actors to use Windows’ shortcut (.lnk) files in exploits, defenders might have hoped use of this tactic would decline. They were ...

AI-generated Slopoly malware used in Interlock ransomware attack

A new malware strain dubbed Slopoly, likely created using generative AI tools, allowed a threat actor to remain on a compromised server for more than a week and steal data in an Interlock ransomware ...
TechRepublic

Ransomware Groups Claimed 2,000 Attacks in Just Three Months

Ransomware may no longer dominate daily headlines, but it has hardly retreated. While public attention shifted to the rapid rise of artificial intelligence, ransomware groups accelerated their ...
Computer Weekly

Ransomware attack volumes up nearly three times on 2024

The number of ransomware attacks that were observed and tracked during the first six months of 2025 was up by 179% – almost three times – on the same period in 2024, according to statistics published ...
CSOonline

Akira affiliates abuse legitimate Windows drivers to evade detection in SonicWall attacks

Threat researchers at GuidePoint Security have uncovered Akira affiliates abusing legitimate Windows drivers in a previously unreported tactic, even as the ransomware strain intensifies its targeting ...
Infosecurity Magazine

Ransomware Affiliate Exposes Details of 'The Gentlemen' Operation

A ransomware affiliate known as 'hastalamuerte' has revealed operational details about a group called The Gentlemen , shedding light on its tactics, techniques and internal disputes.
Dark Reading

Cyber OpSec Fail: Beast Gang Exposes Ransomware Server

Files on a central cloud server used by the ransomware group highlight a systematic, aggressive attack on network backups as a key TTP.