BianLian ransomware
-
Interlock ransomware exploited Cisco FMC zero-day CVE-2026-20131
Amazon Threat Intelligence links Interlock ransomware to exploitation of Cisco Secure FMC CVE-2026-20131. The flaw allowed unauthenticated root code execution and was used as a zero-day from January 26, 2026. Apply patches and assess systems.
-
LeakNet adopts ClickFix via compromised websites and runs Deno in memory
ReliaQuest’s technical report says LeakNet now uses ClickFix fake CAPTCHA pages on compromised sites to trick users and a Deno-based in-memory loader. Post-compromise steps include DLL side-loading, PsExec lateral movement and S3 exfiltration.
-
INTERPOL operation dismantles 45,000 malicious IPs in 72-country cyber crackdown
INTERPOL announced the takedown of 45,000 malicious IPs and servers in a 72-country operation that led to 94 arrests and 212 devices seized. India’s CBI carried out searches in a related transnational online investment fraud probe.
-
U.S. charges former DigitalMint negotiator in scheme linked to BlackCat ransomware
The Department of Justice charged Angelo Martino, a former DigitalMint ransomware negotiator, with one count of conspiracy to interfere with interstate commerce by extortion after his March 10 surrender. Allegations include sharing negotiation details with BlackCat.
-
Ransomware attack on University of Hawaii Cancer Center exposed data for nearly 1.2 million people
A ransomware gang breached the University of Hawaii Cancer Center Epidemiology Division in August 2025 and stole data for nearly 1.2 million people, including Social Security and driver’s license numbers, the university said in a notice.
-
UFP Technologies discloses data stolen in February cyber incident
UFP Technologies detected suspicious activity on February 14 that resulted in data theft from its IT systems. The firm removed the threat, restored access and does not expect a material operational or financial impact.
-
Lazarus Group uses Medusa ransomware in Middle East attack
A technical report by Broadcom’s Symantec and Carbon Black Threat Hunter Team reported that the Lazarus Group used Medusa ransomware in a Middle East attack and attempted an unsuccessful strike against a U.S. healthcare organization.
-
Advantest hit by ransomware that may have exposed customer or employee data
A Tokyo-based test equipment company detected a ransomware intrusion on February 15 that may have exposed customer or employee data. The firm isolated affected systems and engaged third-party cyber specialists while an investigation continues.
-
Washington Hotel discloses ransomware infection that exposed business data
Washington Hotel disclosed a February 13, 2026 ransomware attack that compromised servers and exposed business data. IT staff disconnected affected servers and outside experts were engaged. Customer records appear unlikely to be exposed, investigation continues.
-
Crazy ransomware gang abuses employee monitoring and SimpleHelp to maintain access
A technical analysis by Huntress found Crazy gang operators abused Net Monitor and SimpleHelp to keep access, move files, execute commands, and prepare ransomware. Initial access used compromised SSL VPN credentials and defenders should enforce multifactor authentication.
