storm-2603
Storm-2603 is a China-based, financially motivated threat actor first identified in early 2025, responsible for a global campaign exploiting critical Microsoft SharePoint zero-day vulnerabilities (CVE-2025-53770, CVE-2025-49706, CVE-2025-49704).
dragonforce
DragonForce has rapidly evolved into a major RaaS operation, distinguished by its sophisticated use of BYOVD techniques to bypass EDR and escalate privileges. The group’s modular ransomware builder allows affiliates to select vulnerable drivers (notably TrueSight.sys, RentDrv.sys) for process ter...
gunra
Gunra ransomware is a newly emerged, highly sophisticated double-extortion threat, first detected in April 2025 and attributed to a financially motivated group leveraging the Conti ransomware codebase. It targets Windows environments...
storm-2460
Storm-2460, a cyber threat group, is actively exploiting a zero-day vulnerability (CVE-2025-29824) in the Windows Common Log File System (CLFS), primarily targeting the finance sector and other high-value industries.
oracle
The threat actor "rose87168" has emerged as a player in the cybercriminal landscape, claiming responsibility for a major breach involving Oracle Cloud. This actor allegedly exploited vulnerabilities in Oracle's federated single sign-on (SSO) and LDAP systems...
ragnar
Ragnar Loader, a sophisticated malware toolkit, is primarily associated with ransomware groups such as FIN7, FIN8, and Ragnar Locker. It has evolved significantly since its emergence in 2020, integrating advanced capabilities to enhance its stealth and operational effectiveness.
encrypthub
EncryptHub, also known as Larva-208, is a sophisticated cybercriminal group that has recently breached 618 organizations worldwide. Their primary method of attack is spear-phishing, utilizing social engineering to deploy infostealers and ransomware.
ransomware
Interlock Ransomware is an emerging and sophisticated threat that has been increasingly targeting healthcare organizations. This ransomware employs advanced techniques such as phishing, fake software updates, and malicious websites to gain initial access.
ransomware
The 'Space Bears' threat actor is a relatively new ransomware group that emerged in April 2024. They are known for their corporate-themed data leak site and strategic affiliations, particularly with the Phobos ransomware-as-a-service group.
hellcat
The Hellcat ransomware group, which emerged in late 2024, has rapidly become a significant player in the global cyber threat landscape. Known for its aggressive targeting, double-extortion tactics, and unique communication style, Hellcat has already...
threat-actors
Threat actors increasingly leveraged advanced technologies such as artificial intelligence (AI) and machine learning to enhance their attacks.
ransomware
The threat actors "Lynx" and "Cicada3301" have been active in recent cyber campaigns, employing sophisticated tactics, techniques, and procedures (TTPs) to target various sectors. Lynx, a rebranding of the INC ransomware, has been particularly active in ..