A Russian national was sentenced to nearly 7 years in prison after pleading guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks. As 26-year-old Aleksey Olegovich Volkov (also known online as “chubaka.kor” and “nets”) admitted in his November guilty plea, he targeted at least eight companies across the United States between...Read More

As the geopolitical landscape continues to evolve, Morphisec Threat Labs is bringing technical focus to threats that have gone under-analyzed. Pay2Key, an Iranian-attributed ransomware group, has not been prominently active in recent campaigns, but their Linux variant offers a valuable lens into techniques that are shared across multiple active ransomware families today.    Introduction  Linux ransomware remains one of the...Read More

The overall maturity, level of organization, and specialization within the ransomware economy means we are dealing with an adversary whose tactics, techniques, and procedures (TTPs) are approaching the sophistication of some nation-state-sponsored attackers.  In many cases, there has been documented overlap between nation-state attack elements and those of cybercriminal ransomware gangs. Today’s ransomware attacks are more...Read More

A United States federal court has sentenced Aleksei Volkov, a 26-year-old Russian national, to 81 months in prison for operating as an initial access broker. Volkov played a critical part in enabling major cybercrime syndicates, including the Yanluowang ransomware group, to breach corporate networks across the country. His illicit activities resulted in more than $9...Read More

Exploitation timelines continued to compress in enterprise environments, with newly disclosed flaws reaching active use almost immediately and older weaknesses remaining active years after disclosure. (Source: Cisco Talos) Findings from Cisco Talos’ 2025 Year in Review show how attackers combined rapid weaponization with long-term exposure spanning infrastructure, identity systems, and user workflows. Top-targeted vulnerabilities show...Read More

The city of Los Angeles, in the USA, has been affected by a cyberattack that has paralyzed part of its services. The incident has been perpetrated by the group WorldLeaks, which has compromised internal systems of the city and the transportation agency responsible for the metro in the Californian city. The incident was detected last...Read More

Cyber-criminals are shifting their priorities, as the high tech sector emerges as the most targeted industry of 2025, knocking finance out of the top spot, according to research from Mandiant. The Google Cloud Threat researchers released their latest cyber trends report, based on 500,000 hours of incident investigations, looking at the tactics, techniques, and procedure...Read More

The Big Tech Show How did the world’s first ransomware attack begin? and why are we still falling for the same tricks today? Cybersecurity expert Eddy Willems joins Adrian Weckler on The Big Tech Show to revisit the origins of ransomware, tracing it back to a mysterious floppy disk in 1989 that locked users out...Read More

Maritime cybersecurity firm CYTUR has followed up its February “2026 Maritime Cyber Threat White Paper” with a sector-tailored threat brief series and a practical response guide, as cyber attacks hit shipping lines, shipyards, and OEMs harder. The “CYTUR Maritime Cyber Threat Brief Series” breaks down key threats and countermeasures for three groups. Shipping lines’ brief...Read More

T1189 – Drive-by CompromiseThe Agenda ransomware has been observed being delivered using various methods such as drive-by downloads, cloned sites, hosted files, and scripted web delivery or via compromised systems. T1091 – Replication Through Removable MediaIt has the capability to generate payloads that autoplay via removable media such as USB drives and CDs. T1078 –...Read More