New Spirals ransomware encrypts victim network in under 24 hours
A new ransomware actor called Spirals completed a corporate intrusion, from initial access to data theft and encryption, in less than 24 hours. [...]
Initial Access covers phishing, exploits, and stolen credentials used to enter systems; MFA, patching, and segmentation reduce the resulting foothold.
Search across headline titles and summaries.
Background for this topic.
Initial access is the attacker’s first successful entry into an organization’s systems, accounts, or network. In threat-model terms, it covers paths such as phishing, exploitation of internet-facing applications or devices, use of valid stolen credentials, and compromise of a supplier or trusted service. The objective is to obtain a foothold that can support later actions, including privilege escalation, internal movement, or data access; initial access does not necessarily mean the attacker has administrative control.
The main security concern is reducing the number and reliability of these entry paths. Priorities include promptly fixing vulnerabilities in externally exposed systems, enforcing phishing-resistant multifactor authentication for sensitive access, limiting exposed services and unnecessary privileges, and using email, endpoint, and authentication telemetry to detect suspicious entry. Security teams should preserve relevant logs and investigate unusual logins or newly created access promptly, because the time between initial compromise and follow-on activity may be short.
Weekly headline count for the current query.
A new ransomware actor called Spirals completed a corporate intrusion, from initial access to data theft and encryption, in less than 24 hours. [...]
Threat actors are abusing Microsoft Teams voice calls by impersonating corporate IT support staff to trick employees into installing the EtherRAT malware, giving attackers initial access to corporate networks. [...]
Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access
A new, stealthy backdoor named Mistic has been deployed as part of suspected financially motivated attacks aimed at multiple organizations spanning insurance, education, IT, and professional services sectors since April 2026
A Russian-speaking initial access broker (IAB) driven by financial gain is assessed to be behind a large-scale credential-harvesting operation known as FortiBleed that has targeted over 430,000 FortiGate firewalls globally
SocGholish uses traffic distribution systems (TDSs) to provide initial access into victims' networks for cybercrime groups such as the notorious Evil Corp.
Gamaredon exploits a WinRAR flaw to drop modular, nearly fileless malware on Ukrainian targets, hiding payloads in Windows streams and resolving C2s via Telegram. Sekoia’s Threat Detection & Research team dropped a YARA rule in late December 2025 to hunt for new initial access vectors, and by January 2026 it had already generated a dozen […]
An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability
Verizon's 2026 Data Breach Investigations Report (DBIR) finds that exploits are now involved in 31% of initial access for breaches, while patching lags too far behind the bad guys.
Patch Rollout Slows and Ransomware Incident Volume Rises, Finds Latest Verizon DBIRThe frequency of hackers exploiting vulnerabilities in hardware and software to gain initial access to a victim's environment continues to surge, and half of all successful breaches also now involve some type of "ransomware action," according Verizon's 2026 Data Breach Investigations Report.
Initial access broker KongTuke has moved to Microsoft Teams for social engineering attacks, taking as little as five minutes to gain persistent access to corporate networks. [...]
TrendAI™ Research has identified two emerging threat campaigns—SHADOW-AETHER-040 and SHADOW-AETHER-064—that use agentic AI to drive intrusion operations against government and financial organizations in Latin America, marking these among the first cases we have observed of AI agents executing attacks from initial access to data exfiltration.
Lazarus continues leveraging ClickFix for initial access and data theft: in this case, against Mac-centric organizations and their high-value leaders.
The cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, the most reliable entry point for attackers still hasn't changed: stolen credentials
A "novel" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financial and cryptocurrency sectors
Malware-as-a-Service Operations Favors Russian-Speaking CustomersAn emerging remote access Trojan targeting Android devices in Spanish-speaking nations is propagating fraudulent advertisements as an initial access point on Meta-owned applications.
A new report from Halcyon finds that the group also puts more effort than usual into developing working decryptors, likely to incentivize businesses to pay up. The post Akira ransomware group can achieve initial access to data encryption in less than an hour appeared first on CyberScoop.
A federal court in Indiana sentenced a Russian cybercriminal to 81 months in prison on charges related to his role as an initial access broker for ransomware groups. Aleksei Volkov, 26, of St. Petersburg, Russia, pleaded guilty in November 2025 to six federal charges stemming from his work with the Yanluowang ransomware group and other […] The post Russian access broker sentenced to over 6 years in prison for ransomware schemes appeared first on CyberScoop.
A Russian national was sentenced to nearly 7 years in prison after pleading guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks. [...]
Aleksei Volkov sentenced after enabling attacks that cost victims millions A Russian national who sold the keys to corporate networks faces nearly seven years in a US prison after prosecutors tied his handiwork to a string of ransomware attacks costing victims millions of dollars.…