#ransomware
56 stories taggedransomware · page 4 of 4.

Veeam Patches 9.4-Severity RCE in Backup & Replication; Domain Auth Required
CVE-2026-44963 lets any authenticated domain user run code on the backup server. Veeam shipped fixes Tuesday.

Check Point Issues Emergency Patches After IKEv1 Auth Bypass Draws Qilin Affiliate
Two certificate-validation flaws in Check Point's VPN stack — one already exploited, one caught during the ensuing review — have prompted hotfixes across nine Quantum software versions.

Ultrahuman Data Leak, Ransomware Tradecraft, and a Browser That Mines Your CPU: The Week's Overlooked Stories
Three stories that didn't dominate the feed — a wearable-tech data exposure, a dissection of The Gentlemen ransomware, and Hola Browser quietly bundling a cryptominer.

AI Tools Surge in Ransomware Markets, Lowering Entry Barriers
Underground markets see a boom in AI-driven tools, making ransomware more accessible and profitable.

Seven Ways Tabletop Exercises Lie to You About Your Incident Response
Cybersecurity drills that feel productive can quietly manufacture false confidence. Here's where they go wrong — and what to do instead.

Gentlemen Ransomware Spreads Before It Encrypts — That's the Whole Point
Microsoft's analysis of the Go-based Gentlemen encryptor shows why lateral movement, not file-locking, is now the primary design goal of serious ransomware operations.

Authorities Shut Down First VPN Over Criminal Ties
A European crackdown takes out a VPN aiding crime, but raises wider privacy concerns.

More Than Half of CISOs Would Pay a Ransomware Demand. The Maths Are Not Flattering.
A survey of 750 CISOs in the US and UK finds 58% would hand over money to ransomware operators — despite law enforcement advice, incomplete decryption rates, and the lingering question of whether the data stays exclusive.

Unpatched Flaws Now Outpace Stolen Credentials as the Leading Breach Entry Point
Verizon's 2025 DBIR puts vulnerability exploitation at 31% of breach root causes. Median patch time has climbed to 43 days, and only 26% of CISA KEVs were fully remediated — a gap attackers are sprinting through.

Twenty Years of Cyber Lessons and We're Still Losing on the Basics
The industry spent two decades reinventing its philosophy — perimeter defense to assume-breach — yet the attacks that still hit hardest exploit the same unpatched, misconfigured, un-MFA'd mistakes we should have buried years ago.

Operation Saffron Yanks the Plug on First VPN, the Getaway Car of at Least 25 Ransomware Crews
French and Dutch police led the takedown of a bulletproof VPN service that prosecutors say routed traffic for Conti, LockBit affiliates, and roughly two dozen other ransomware brands.