An August ransomware attack against the state of Nevada has been traced to a May intrusion, when a state employee mistakenly downloaded a malware-laced tool from a spoofed website, according to a forensic report the state released Wednesday. State officials refused to submit to a ransom demand and recovered 90% of the impacted data after...Read More

Comparitech reported that in 2025, there were 7,419 ransomware attacks worldwide, representing a 32% increase over the 5,631 attacks recorded in 2024. Of the 7,419 attacks noted in 2025, 1,173 were confirmed by the targeted organizations. Ransomware groups claimed the remaining incidents on their data leak sites, but have not been publicly acknowledged by the...Read More

I was fortunate enough to spend several days last week at the Aspen Institute’s Crosscurrent summit on AI and national security in San Francisco. My first takeaway: I very much recommend being in sunny (at the moment, at least) San Francisco rather than slushy, raw New York in early March. The second took a little...Read More

Spanish analysts traced a stealthy Edge based backdoor that records cameras, microphones and files, revealing novel use of DevTools protocol and Pastefy for remote control. In February 2026, specialists from the Spanish company S2 Grupo LAB52 detected a new cyberattack against Ukrainian institutions. According to experts, Russian hackers are behind it, using the Edge browser...Read More

Arctic Wolf’s The State of Cybersecurity: 2025 Trends Report revealed that 23% of organizations experienced at least one significant ransomware attack in 2024. And these attacks remain difficult for organizations to remediate without succumbing to threat actor demands, with the same report finding 76% of victim organizations are electing to pay the ransom to regain...Read More

Federal cyber authorities shared new details Thursday about the Akira ransomware group’s techniques, the tools it uses and vulnerabilities it exploits for initial access alongside the release of a joint cybersecurity advisory. Members of the financially motivated group, which initially appeared in March 2023, are associated with other threat groups, including Storm-1567, Howling Scorpius, Punk...Read More

Flashpoint has announced the release of its 2026 Global Threat Intelligence Report (GTIR), providing security leaders from threat intelligence and vulnerability management teams to physical security professionals and the CISO’s office with a proprietary data-driven, ground-truth view of the converging threats defining today’s hybrid risk environment. Powered by Flashpoint’s Primary Source Collection (PSC), the 2026...Read More

Key Findings Record fragmentation and decentralization: The number of active extortion groups in Q3 2025 rose to a record of 85 groups, the highest number observed to date. The top 10 groups accounted only for 56% of all published victims, down from 71% in Q1. Stable high activity: Ransomware victim postings stabilized at an average...Read More

Potential cloud ransomware targets Ransomware actors increasingly focus on cloud-native assets that hold or enable quick recovery of critical business data and infrastructure. The following Amazon Web Services (AWS) resources are prime targets due to their high value and potential to disrupt operations: Compute snapshots Compute snapshots – point-in-time copies of virtual machine disks or...Read More

Cambodian authorities said last week that they had cut activity in scam compounds by half since the start of this year, as the government in Phnom Penh responds to international pressure to clamp down on digital criminal networks. The Southeast Asian country has grown into a global hub for digital scammers in recent years. Experts estimate...Read More