ShinyHunters, the data extortion group, is threatening to leak 8.8 terabytes of stolen patient data from One Medical, the Amazon-owned primary care provider. That’s not a small breach. That’s nearly nine terabytes of protected health information — patient names, diagnoses, treatment records, insurance details — sitting in the hands of scumbags who will sell it […]
The Problem: Ransomware Follows the Money Europe has become ransomware’s preferred hunting ground. After a global lull, gangs are targeting EU organizations and their suppliers with renewed intensity. The reasons are predictable: strong economies, strict data protection regulations that increase pressure to pay, and a dense network of supply chain relationships that amplify the impact […]
Law enforcement just disrupted infrastructure behind Amadey and StealC malware operations — 326 servers, 142 domains, and evidence of 140,000 infected devices in just the first two weeks of May 2026. Investigators recovered 27 million stolen credentials from over 385,000 compromised systems. Operation Endgame represents significant international coordination. It matters. It creates friction for the […]
Xsolis, a healthcare technology company serving over 600 hospitals, just disclosed that attackers accessed files containing PHI for 1.4 million people. The attack started with phishing on January 20, 2026. Two days later, someone noticed “unauthorized activity” on the network. By then, the damage was done. The attackers had already read files containing names, addresses, […]
What Happened Kaspersky reported an ongoing phishing campaign targeting WhatsApp users across Brazil, India, Mexico, Singapore, the UK, Spain, Taiwan, Australia, Russia, Vietnam, and Malaysia. The attackers compromised WhatsApp accounts and used them to send VBScript files disguised as business documents — invoices, billing statements, account notices — to contacts in the victim’s address book. […]
ESET researchers just disclosed Windows variants of SprySOCKS backdoor malware used against government organizations in Taiwan, Thailand, Pakistan, and Honduras. The malware includes kernel drivers for rootkit capabilities, hides files and registry keys, and exfiltrates data through SOCKS proxy channels. The technical details are impressive. The malware loads unsigned drivers using leaked certificates, manipulates Windows […]
What Happened A new ransomware operation called Prinz Eugen is targeting organizations through stolen RDP credentials. According to Malwarebytes’ Threatdown research team, attackers manually download a payload called servertool.exe onto compromised systems, then execute it to begin encryption. The ransomware is written in Go and employs a clever strategy: it prioritizes recently modified files for […]
The Attack: Disabling Defenses Before Deploying Ransomware The Gentlemen ransomware group has built something sophisticated: a suite of EDR killers designed to disable endpoint security products before ransomware deployment. Their primary tool, dubbed GentleKiller by ESET researchers, has at least eight variants that impersonate legitimate security products and target over 400 processes from 48 security […]
Microsoft disclosed a USB worm campaign in June 2026 that spreads clipboard-stealing malware through Windows shortcut (LNK) files. The malware monitors clipboard contents for cryptocurrency wallet addresses and seed phrases, replaces them with attacker-controlled addresses, and captures screenshots every ten seconds. It propagates by copying itself to every USB drive connected to infected machines and […]
The Attack: Sophisticated Evasion, Conventional Delivery DragonForce ransomware made headlines this week for using a custom backdoor called Backdoor.Turn that hides command-and-control traffic inside Microsoft Teams relay infrastructure. The technique abuses the TURN protocol that Teams uses to route messages when direct connections aren’t available — making malicious traffic look like legitimate Microsoft communications. That’s […]