Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development
New PolyVice ransomware is likely in use by multiple threat actors building re-branded payloads with the same custom encryption scheme.
Read More
New PolyVice ransomware is likely in use by multiple threat actors building re-branded payloads with the same custom encryption scheme.
SocGholish operators continue to infect websites at a massive scale, and the threat actor is ramping up its infrastructure to match.
Black Basta operational TTPs are described here in full detail, revealing previously unknown tools and techniques and a link to FIN7.
Partially encrypting victims' files improves ransomware speed and aids evasion. First seen in LockFile, the technique is now being widely adopted.
A new threat actor is spreading infostealer malware through targeted attacks on developers and fraudulent cryptotrading applications.
Crimeware vendors say 'macros are dead', but they have a new weapon to help threat actors successfully deploy malware.
The self-proclaimed 'oldest ransomware affiliate on the planet' has new tricks and new features and continues to beat enterprise defenses.
Software developers using GitLab CI are being targeted with malware through a typosquatting attack, putting downstream users at risk.
Long-running LockBit ransomware attempts to evade Windows ETW, AMSI and EDR by leveraging legitimate VMware logging command line utility.
Nemty developers have created a new, flawed update to the Karma ransomware variant in a bid to avoid detection and mislead attribution.