ransomware
Aflac discloses breach amidst Scattered Spider insurance attacks
On Friday, American insurance giant Aflac disclosed that its systems were breached in a broader campaign targeting insurance companies across the United States by attackers who may have stolen personal and health information. Aflac (short for American Family Life Assurance Company) is the largest supplemental insurance provider in the U.S. and a Fortune 500 company […]
Krispy Kreme says November data breach impacts over 160,000 people
U.S. doughnut chain Krispy Kreme confirmed that attackers stole the personal information of over 160,000 individuals in a November 2024 cyberattack. The American multinational coffeehouse chain employed 22,800 people in 40 countries as of December 2023 and operates 1,521 shops and 15,800 points of access. It also manages four “Doughnut Factories” in the United States and 37 […]
Ryuk ransomware’s initial access expert extradited to the U.S.
A member of the notorious Ryuk ransomware operation who specialized in gaining initial access to corporate networks has been extradited to the United States. The suspect is a 33-year-old foreign man who was arrested in April 2025 in his home in Kyiv at the request of the FBI. He was extradited to the United States […]
Anubis ransomware adds wiper to destroy files beyond recovery
The Anubis ransomware-as-a-service (RaaS) operation has added to its file-encryptimg malware a wiper module that destroys targeted files, making recovery impossible even if the ransom is paid. Anubis (not to be confused with the same-name Android malware with a ransomware module) is a relatively new RaaS first observed in December 2024 but became more active at the beginning of the year. On February […]
Fog ransomware attack uses unusual mix of legitimate and open-source tools
Fog ransomware hackers are using an uncommon toolset, which includes open-source pentesting utilities and a legitimate employee monitoring software called Syteca. The Fog ransomware operation was first observed last year in May leveraging compromised VPN credentials to access victims’ networks. Post-compromise, they used “pass-the-hash” attacks to gain admin privileges, disabled Windows Defender, and encrypted all files, including virtual machine storage. […]
FIN6 hackers pose as job seekers to backdoor recruiters devices
In a twist on typical hiring-related social engineering attacks, the FIN6 hacking group impersonates job seekers to target recruiters, using convincing resumes and phishing sites to deliver malware. FIN6 (aka “Skeleton Spider”) is a hacking group that was initially known for conducting financial fraud, including compromising point-of-sale (PoS) systems to steal credit cards. However, in 2019, the […]
Sensata Technologies says personal data stolen by ransomware gang
Sensata Technologies is warning former and current employees it suffered a data breach after concluding an investigation into an April ransomware attack. Sensata is a global industrial tech firm specializing in mission‑critical sensors, controls, and electrical protection systems. It serves the automotive, aerospace, and defense industries, among others, and has an annual revenue of over $4 billion. […]
Tax resolution firm Optima Tax Relief hit by ransomware, data leaked
U.S. tax resolution firm Optima Tax Relief suffered a Chaos ransomware attack, with the threat actors now leaking data stolen from the company. Optima Tax Relief is a well-known U.S. tax resolution and settlement firm that helps individuals and businesses in addressing and fixing federal and state tax issues. The company claims to be the […]
Kettering Health confirms Interlock ransomware behind cyberattack
Healthcare giant Kettering Health, which manages 14 medical centers in Ohio, confirmed that the Interlock ransomware group breached its network and stole data in a May cyberattack. Kettering Health operates over 120 outpatient facilities and employs over 15,000 people, including over 1,800 physicians. The healthcare network noted in a Thursday statement that its network devices have been […]
Critical Fortinet flaws now exploited in Qilin ransomware attacks
The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely. Qilin (also tracked as Phantom Mantis) surfaced in August 2022 as a Ransomware-as-a-Service (RaaS) operation under the “Agenda” name and has since claimed responsibility for over 310 victims on its dark […]