Identity Attacks Overtake Exploits as Top Ransomware Cause
Email attacks overtook exploits as the top ransomware root cause last year. Multifactor authentication (MFA) was deployed in 97% of credential-based attacks but failed to prevent compromise.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Email attacks overtook exploits as the top ransomware root cause last year. Multifactor authentication (MFA) was deployed in 97% of credential-based attacks but failed to prevent compromise.
Threat actors brute-forced VPN credentials and bypassed multi-factor authentication (MFA) on SonicWall Gen6 SSL-VPN appliances to deploy tools used in ransomware attacks. [...]
Lawsuit Claims SonicWall Cloud Backup Flaw Led to Ransomware Attack Against MarquisMarquis Software Solutions has sued SonicWall alleging a cloud backup data breach exposed firewall configuration files, including credentials and multifactor authentication scratch codes. The firm says the breach enabled an August 2025 ransomware attack and triggered dozens of class action lawsuits.
Ransomware defense requires focusing on business resilience. This means patching issues promptly, improving user education, and deploying multi-factor authentication.
Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware
'Opportunistic, Mass Exploitation' Campaign Surging, Say Cybersecurity ResearchersAttackers wielding Akira ransomware appear to be engaged in an "opportunistic, mass exploitation" of SonicWall SSL VPN servers, even when they're using the latest firmware and configured to require multifactor authentication one-time passwords, warn cybersecurity researchers.
When ransomware hits hospitals, neighbors absorb patient overflow. Key defenses include backup recovery and multifactor authentication implementation.
The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely. [...]
UK ICO Says Advanced's Security Measures 'Fell Seriously Short'A British IT service company must pay a 3.07 million pound fine for a 2022 ransomware hack that exposed medical records of tens of thousands of National Health Service patients. Hackers breached the Advanced system through a user account that did not have multifactor authentication in place.
CISA this week added CVE-2025-24472 to its catalog of known exploited vulnerabilities, citing ransomware activity targeting the authentication bypass flaw.
In this blog, we discuss about how Shadowpad is being used to deploy a new undetected ransomware family. They deploy the malware exploiting weak passwords and bypassing multi-factor authentication
Roses are red, violets are blue, CVE-2024-53704 is perfect for a ransomware crew Miscreants are actively abusing a high-severity authentication bypass bug in unpatched internet-facing SonicWall firewalls following the public release of proof-of-concept exploit code.…
CISA has ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their servers against a VMware ESXi authentication bypass vulnerability exploited in ransomware attacks. [...]
A recently patched security flaw impacting VMware ESXi hypervisors has been actively exploited by "several" ransomware groups to gain elevated permissions and deploy file-encrypting malware
Testifies that Citrix authentication snafu has cost the health giant dearly UnitedHealth CEO Andrew Witty will tell US lawmakers Wednesday the cyber-criminals who hit Change Healthcare with ransomware used stolen credentials to remotely access a Citrix portal that didn't have multi-factor authentication enabled.…
UnitedHealth confirms that Change Healthcare's network was breached by the BlackCat ransomware gang, who used stolen credentials to log into the company's Citrix remote access service, which did not have multi-factor authentication enabled. [...]
Multiple threat actors are exploiting the recently disclosed security flaws in JetBrains TeamCity software to deploy ransomware, cryptocurrency miners, Cobalt Strike beacons, and a Golang-based remote access trojan called Spark RAT
The Black Basta and Bl00dy ransomware gangs have joined widespread attacks targeting ScreenConnect servers unpatched against a maximum severity authentication bypass vulnerability. [...]
Hundreds of initial access brokers and cybercrime gangs are jumping on the max-critical CVE-2024-1709 authentication bypass, threatening orgs and downstream customers.
Attackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks. [...]