New Spirals ransomware encrypts victim network in under 24 hours
A new ransomware actor called Spirals completed a corporate intrusion, from initial access to data theft and encryption, in less than 24 hours. [...]
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A new ransomware actor called Spirals completed a corporate intrusion, from initial access to data theft and encryption, in less than 24 hours. [...]
A Russian national was sentenced to nearly 7 years in prison after pleading guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks. [...]
The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a malware loader based on the open-source Deno runtime for JavaScript and TypeScript. [...]
A routine RDP brute-force alert led to unusual credential hunting and a geo-distributed VPN-linked infrastructure. Huntress Labs explains how one compromised login unraveled a suspected ransomware-as-a-service ecosystem tied to initial access brokers. [...]
A prolific initial access broker tracked as TA584 has been observed using the Tsundere Bot alongside XWorm remote access trojan to gain network access that could lead to ransomware attacks. [...]
A ransomware gang exploited the critical React2Shell vulnerability (CVE-2025-55182) to gain initial access to corporate networks and deployed the file-encrypting malware less than a minute later. [...]
An initial access broker tracked as Storm-0249 is abusing endpoint detection and response solutions and trusted Microsoft Windows utilities to load malware, establish communication, and persistence in preparation for ransomware attacks. [...]
DragonForce expanded its ransomware operation in 2025 by working with English-speaking hackers known for advanced social engineering and initial access. Acronis explains how the "Scattered Spider" collaboration enables coordinated, multistage intrusions across major environments. [...]
A Russian national will plead guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks that targeted at least eight U.S. companies between July 2021 and November 2022. [...]
A Russian national will plead guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks that targeted at least eight U.S. companies between July 2021 and November 2022. [...]
A member of the notorious Ryuk ransomware operation who specialized in gaining initial access to corporate networks has been extradited to the United States. [...]
Ransomware actors are again using TeamViewer to gain initial access to organization endpoints and attempt to deploy encryptors based on the leaked LockBit ransomware builder. [...]
Cactus ransomware has been exploiting critical vulnerabilities in the Qlik Sense data analytics solution to get initial access on corporate networks. [...]
Ransomware incidents continue to grow at an alarming pace, targeting the enterprise and governments worldwide. Learn more from Specops Software on how ransomware gangs gain initial access to networks and how to protect against attacks. [...]
Microsoft says an initial access broker known for working with ransomware groups has recently switched to Microsoft Teams phishing attacks to breach corporate networks. [...]
Cisco is warning of a zero-day vulnerability in its Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) that is actively exploited by ransomware operations to gain initial access to corporate networks. [...]
A new 'Nitrogen' initial access malware campaign uses Google and Bing search ads to promote fake software sites that infect unsuspecting users with Cobalt Strike and ransomware payloads. [...]
In recent years a complex cybercrime ecosystem has emerged across Tor and illicit channels on Telegram. In this article, Flare explains how ransomware gangs and initial access brokers utilize this ecosystem. [...]
The FBI and CISA issued a joint advisory to warn that the Bl00dy Ransomware gang is now also actively exploiting a PaperCut remote-code execution vulnerability to gain initial access to networks. [...]
A new ransomware operation called Cactus has been exploiting vulnerabilities in VPN appliances for initial access to networks of "large commercial entities." [...]