ransomware
Washington Hotel in Japan discloses ransomware infection incident
The Washington Hotel brand in Japan has announced that that its servers were compromised in a ransomware attack, exposing various business data. The hospitality group has established an internal task force and engaged external cybersecurity experts to assess the impact of the intrusion, determine whether customer data was compromised, and coordinate recovery efforts. Washington Hotel, […]
Romania’s oil pipeline operator Conpet confirms data stolen in attack
Romania’s national oil pipeline operator, Conpet S.A., confirmed that the Qilin ransomware gang stole company data in an attack last week. In a press release the day following the incident, the company said that the threat actor breached its corporate IT infrastructure, but operations remained unaffected. Conpet S.A. published an update today about the incident, saying that […]
Crazy ransomware gang abuses employee monitoring tool in attacks
A member of the Crazy ransomware gang is abusing legitimate employee monitoring software and the SimpleHelp remote support tool to maintain persistence in corporate networks, evade detection, and prepare for ransomware deployment. The breaches were observed by researchers at Huntress, who investigated multiple incidents where threat actors deployed Net Monitor for Employees Professional alongside SimpleHelp for remote […]
Hackers breach SmarterTools network using flaw in its own software
SmarterTools confirmed last week that the Warlock ransomware gang breached its network after compromising an email system, but it did not impact business applications or account data. The company’s Chief Commercial Officer, Derek Curtis, says that the intrusion occurred on January 29, via a single SmarterMail virtual machine (VM) set up by an employee. “Prior to […]
Payments platform BridgePay confirms ransomware attack behind outage
A major U.S. payment gateway and solutions provider says a ransomware attack has knocked key systems offline, triggering a widespread outage affecting multiple services. The incident began on Friday and quickly escalated into a nationwide disruption across BridgePay’s platform. Ransomware confirmed within hours of outage BridgePay Network Solutions confirmed late Friday that the incident disrupting […]
CISA warns of SmarterMail RCE flaw used in ransomware attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that ransomware actors are exploiting CVE-2026-24423, a critical vulnerability in SmarterMail that allows remote code execution without authentication. SmarterMail is a self-hosted, Windows-based email server and collaboration platform from SmarterTools. The product provides SMTP/IMAP/POP mail services along with webmail, calendars, contacts, and basic groupware functionality. It is commonly […]
Ransomware gang uses ISPsystem VMs for stealthy payload delivery
Ransomware operators are hosting and delivering malicious payloads at scale by abusing virtual machines (VMs) provisioned by ISPsystem, a legitimate virtual infrastructure management provider. Researchers at cybersecurity company Sophos observed the tactic while investigating recent ‘WantToCry’ ransomware incidents. They found the attackers used Windows VMs with identical hostnames, suggesting default templates generated by ISPsystem’s VMmanager. Diving deeper, […]
Italian university La Sapienza goes offline after cyberattack
Rome’s “La Sapienza” university has been targeted by a cyberattack that impacted its IT systems and caused widespread operational disruptions at the educational institute. The university first disclosed the incident in a social media post earlier this week, saying that its IT infrastructure “has been the target of a cyberattack.” “As a precautionary measure, and […]
Romanian oil pipeline operator Conpet discloses cyberattack
Conpet, Romania’s national oil pipeline operator, has disclosed that a cyberattack disrupted its business systems and took down the company’s website on Tuesday. Conpet operates nearly 4,000 kilometers of pipeline network, supplying domestic and imported crude oil and derivatives, including gasoline and liquid ethane, to refineries nationwide. In a Wednesday press release, the company said the […]
CISA: VMware ESXi flaw now exploited in ransomware attacks
CISA confirmed on Wednesday that ransomware gangs have begun exploiting a high-severity VMware ESXi sandbox escape vulnerability that was used in zero-day attacks since at least February 2024. Broadcom patched this ESXi arbitrary-write vulnerability (tracked as CVE-2025-22225) almost one year ago, in March 2025, alongside a memory leak (CVE-2025-22226) and a TOCTOU flaw (CVE-2025-22224), and tagged them all […]