Ransomware gangs just got a speed boost – and it’s bad news for your SOC.

HeartCrypt’s “Packer-as-a-Service” is basically DoorDash for malware: pay the fee, get your payloads wrapped in next-gen obfuscation that laughs at static/dynamic analysis…

RomCom’s idea of a meet-cute? Sneaking a malware-stuffed RAR into your Startup folder

Russian-linked RomCom is abusing a critical WinRAR bug to quietly persist in networks, move laterally, and siphon data over encrypted channels — hitting government, finance, and telecom sectors hard. Patch lag is keeping doors wide open.

Storm-2603: Hybrid Espionage and Ransomware Operations Exploiting SharePoint ToolShell Vulnerabilities

Akira Ransomware: Conti Lineage, VPN Exploitation, and Double Extortion at Scale

Hypervisor Ransomware: CVE-2024–37085, AD Abuse, and the Escalating Threat to VMware ESXi Environments

Storm-2603: SharePoint Zero-Day Exploitation and Warlock Ransomware — A Hybrid Financial and Espionage Threat

DarkWatchMan and Hive0117: Fileless Malware Evolution Targeting Russian Critical Infrastructure

DarkWatchMan is a fileless, modular malware family first observed in late 2021 and attributed to the financially motivated Hive0117 group. The malware is primarily delivered via spear-phishing emails containing password-protected archives, targeting Russian critical infrastructure (energy, etc).

Newer Older