AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack
Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent
Patches Issued for MongoBleed as Ransomware Groups Target Flaw to Steal DataTens of thousands of internet-exposed MongoDB databases are at risk as attackers actively target a critical vulnerability in the software to steal sensitive data, with ransomware groups having joined the fray, researchers warn. MongoDB has issued patches and mitigation advice.
Signs Point to Multiple Exploit Chains, One Including a Zero-Day, Being EmployedData-stealing attacks targeting Oracle E-Business Suite, for which an affiliate of Russian-speaking Clop ransomware group is claiming credit, appear to have begun by August and involved multiple attack chains, of which one targeted a zero-day vulnerability, report Google threat researchers.
Researchers say exploitation of CVE-2025-10035 requires a private key, and it's unclear how Storm-1175 threat actors pulled this off.
Cybersecurity researchers have discovered a new ransomware strain dubbed HybridPetya that resembles the notorious Petya/NotPetya malware, while also incorporating the ability to bypass the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems using a now-patched vulnerability disclosed earlier this year
Researchers See 'Acceleration' in Existing Threats, Ongoing Criminal SuccessCybercrime so far this year can be summarized as featuring "more of everything," with researchers tracking increases in the number of ransomware and data breach victims, credentials stolen by infostealers, and new vulnerability disclosures with exploits coming to light.
Also, Researchers Exploit Tesla Wall Connector Via Charging CableThis week: Chinese Salt Typhoon hackers hit Viasat, researchers hacked a Tesla charger, Sitecore CMS flaws, Krispy Kreme disclosed hacking damage, Archetyp Market taken down. Episource disclosed a ransomware hack and Spain ruled out cyberattack for the April Iberian blackout.
In what's an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial information about their modus operandi in the process. Resecurity said it identified a security vulnerability in the data leak site (DLS) operated by the e-crime group that made it possible to extract
Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware throughout the target network
Attackers Target Managed File Transfer Software VulnerabilitiesFile transfer software made by Cleo Communications is under active attack and a patch meant to stymie hackers doesn't fix the flaw, say security researchers from Huntress. Hackers exploit an arbitrary file-write vulnerability along with a feature that automatically executes files.
Attackers Target Managed File Transfer Software VulnerabilitiesFile transfer software made by Cleo Communications is under active attack and a patch meant to stymie hackers doesn't fix the flaw, say security researchers from Huntress. Hackers exploit an arbitrary file-write vulnerability along with a feature that automatically executes files.
Firewall Vendor Warns Attackers Using Valid Credentials They Previously StoleAttackers wielding an emerging strain of ransomware called Helldown have been gaining a foothold in victims' networks by exploiting a previously unknown flaw in their Zyxel firewalls, security researchers warn. Zyxel has warned attackers may be using valid credentials they previously stole.
Cybersecurity researchers have flagged a new ransomware family called Ymir that was deployed in an attack two days after systems were compromised by a stealer malware called RustyStealer
Cybersecurity researchers have unpacked the inner workings of a new ransomware variant called Cicada3301 that shares similarities with the now-defunct BlackCat (aka ALPHV) operation
More than 1,000 servers remain unpatched and vulnerable Security researchers are increasingly seeing active exploit attempts using the latest vulnerabilities in JetBrains' TeamCity that in some cases are leading to ransomware deployment.…
Ransomware, Info Stealers, Backdoors and CryptojackingHackers are on a tear to exploit unpatched ConnectWise ScreenConnect remote connection software to infect systems with ransomware, info stealers and persistent backdoors. The attacks observed by researchers include ransomware deployments tied to the now-defunct LockBit ransomware operation.
South Korean researchers have publicly disclosed an encryption flaw in the Rhysida ransomware encryptor, allowing the creation of a Windows decryptor to recover files for free. [...]
Evidence mounts of an exploit gatekept within Russia's borders Security researchers believe the Akira ransomware group could be exploiting a nearly four-year-old Cisco vulnerability and using it as an entry point into organizations' systems.…
Researchers have created a decryptor that exploits a flaw in Black Basta ransomware, allowing victims to recover their files for free. [...]
Exploits come with caveats, but Google says no fixes as user security should do the heavy lifting here Novel weaknesses in Google Workspace have been exposed by researchers, with exploits potentially leading to ransomware attacks, data exfiltration, and password decryption.…