A sophisticated cyberattack campaign came to light in July 2025, that weaponizes Microsoft Teams calls to deploy the latest iteration of Matanbuchus ransomware. The attack begins with adversaries impersonating IT helpdesk personnel through external Teams calls, leveraging tactics related to social engineering to convince employees to execute malicious scripts. In ongoing support sessions, attackers activate…
The sixth edition of the annual Sophos State of Ransomware report which reveals the reality of ransomware in 2025.This year’s report details how organizations’ experiences of ransomware— both cause and consequences — have evolved over the last 12 months. It also shines light into previously unexplored areas, including the operational factors that left organizations exposed…
The U.S. Department of Justice on Thursday unsealed charges against a Russian national accused of leading the development and deployment of malicious software that infected thousands of computers over more than a decade. Rustam Rafailevich Gallyamov, 48, of Moscow, led a group of cybercriminals who developed and deployed Qakbot, a name for software that could…
The vulnerability in question is tracked as CVE-2025-29824 and it was patched by Microsoft with its April 2025 Patch Tuesday updates. The flaw impacts the Windows Common Log File System (CLFS) and it can be exploited by an attacker to escalate privileges. On the day it released the patches, Microsoft revealed that CVE-2025-29824 had been exploited by…
Ascension, one of the largest private healthcare systems in the United States, is notifying patients that their personal and health information was stolen in a December 2024 data theft attack, which affected a former business partner. The health network operates 142 hospitals nationwide, has over 142,000 employees, and has reported a total revenue of $28.3 billion in…
UnitedHealth Group is demanding that healthcare providers repay the loans they received from the company after a cyberattack at its tech unit Change Healthcare last year, according to two providers on Friday. The largest U.S. health insurance company loaned out $9 billion to providers who had been struggling after the massive ransomware attack in February…
In an incident response in Q4 of 2024, GuidePoint Security identified evidence of a threat actor utilizing a Python-based backdoor to maintain access to compromised endpoints. The threat actor later leveraged this access to deploy RansomHub encryptors throughout the entire impacted network. ReliaQuest documented an earlier version of this malware on their website in February 2024….
Deepfakes are poised to be the biggest AI-related threat because of the vast potential for misuse. Criminals have yet to plumb their full potential, and we predict they will use deepfakes in new scams and criminal schemes in 2025. Popular or common social engineering scams will become even more believable with the use of deepfakes,…
Kaspersky has reported that over 57,000 ransomware attacks were detected in Southeast Asia during the first half of 2024, with Indonesia accounting for the highest number of incidents. In addition to Indonesia, where 32,803 incidents were blocked, the Philippines experienced 15,208 ransomware attacks, and Thailand saw 4,841 cases. In Malaysia, 3,920 attacks were recorded, followed…
Star Health India’s biggest health insurer, on Saturday said it had received a ransom demand of $68,000 from a cyberhacker in connection with a leak of customer data and medical records. Star, which has a roughly $4 billion market cap, is battling a reputational and business crisis since Reuters reported on Sept. 20 that a…
