Cisco Talos uncovers CyberLock ransomware, Lucky_Gh0$t, and Numero malware masquerading as legitimate software and AI tool installers. Learn how these fake installers exploit businesses in sales, tech, and marketing. Cybersecurity researchers at Cisco Talos have revealed that the increasing presence of Artificial Intelligence (AI) in the business world has opened new opportunities for cybercriminals. Threat...Read More
Fake installers for popular artificial intelligence (AI) tools like OpenAI ChatGPT and InVideo AI are being used as lures to propagate various threats, such as the CyberLock and Lucky_Gh0$t ransomware families, and a new malware dubbed Numero. “CyberLock ransomware, developed using PowerShell, primarily focuses on encrypting specific files on the victim’s system,” Cisco Talos researcher...Read More
Threat actors linked to lesser-known ransomware and malware projects now use AI tools as lures to infect unsuspecting victims with malicious payloads. This development follows a trend that has been growing since last year, starting with advanced threat actors using deepfake content generators to infect victims with malware. These lures have become widely adopted by info-stealer malware...Read More
Iranian Man pleaded guilty to role in Robbinhood Ransomware attacks Pierluigi Paganini May 28, 2025 Iranian man pleads guilty to role in Baltimore ransomware attack tied to Robbinhood, admitting to computer and wire fraud conspiracy. Iranian national Sina Gholinejad pleaded guilty to his role in a Robbinhood ransomware scheme that hit U.S. cities, including Baltimore...Read More
Cybersecurity researchers warn the alleged breach could expose employees to identity theft and fraud. A ransomware group known as Everest has claimed responsibility for a cyberattack on Mediclinic, a private international hospital group with operations across multiple continents. The cartel alleges it has stolen personal data belonging to 1,000 employees, along with 4GB of confidential...Read More
Palo Alto Networks® recently released the Unit 42 Extortion and Ransomware Trends January-March 2025 report, which revealed that threat actors are evolving their tactics, collaborating with state-backed groups ,and using extortion scams to extract payments. The report reveals a surge in aggressive strategies, heightened collaboration among threat actors—including suspected state-backed groups—and sophisticated scams aimed at...Read More
DragonForce carried out a double attack by first targeting an MSP and then spreading ransomware via its management software. This was reported by The Register. The attack began when cybercriminals exploited security vulnerabilities in SimpleHelp, a popular remote management and monitoring tool. This allowed them to install DragonForce ransomware on multiple systems and steal confidential...Read More
MathWorks, the renowned developer of MATLAB and Simulink, has been grappling with the aftermath of a significant ransomware attack that began on Sunday, May 18, 2025. The incident, which affected both customer-facing and internal IT systems, prompted immediate notification to federal law enforcement and the mobilization of cybersecurity experts. As of May 27, many services...Read More