Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials
Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access
Police arrested the alleged admin of XSS.is, a major cybercrime forum whose trusted escrow service helped power the underground economy. On 22 July 2025, French and Ukrainian police arrested a 38-year-old man in Kyiv and shut down XSS.is, the most influential Russian-language cybercrime forum of the past decade. Europol, which coordinated the operation under the […]
Analysis of ransomware incidents by researchers at Black Kite found that attacks have risen by over 50% in the last year, with supply chain attacks increasing
Also, Arch Linux Attack, Estonia Quarantines Russian Emails, Joomla FlawThis week, ShinyHunters leaked alleged Madison Square Garden data, a U.S. senator pressed CISA on regional staffing cuts, an Arch Linux supply-chain attack, Mackay Sugar began recovery from a ransomware attack, Novo Nordisk faced dueling breach claims - and more compelling cybersecurity news.
The emerging ransomware has been deployed against victims of the TeamPCP supply chain attacks, but organizations should think twice before paying for a decryptor.
'Full recovery is impossible for anyone, including the attacker' Organizations hit by the wave of Trivy and LiteLLM supply-chain compromises that paid Vect in hopes of recovering their data likely did not get much back, according to Check Point Research. That's because the ransomware Vect uses isn't actually ransomware at all, but a wiper that destroys any file larger than 128KB.…
The critical remote code execution flaw (CVE-2026-1731) in the remote monitoring and management tool can be exploited to spread ransomware and compromise supply chains.
TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ and Vect ransomware gangs
UK NCSC's Richard Horne on Strengthening Cyber Defense and Incident ResponseCyber risk is rising as digital dependence grows and threat actors expand. NCSC CEO Richard Horne outlines why leaders must treat cybersecurity as mission-critical, strengthen their resilience, and align defense efforts to counter ransomware, AI-driven threats, and supply chain attacks.
UK NCSC's Richard Horne on Strengthening Cyber Defense and Incident ResponseCyber risk is rising as digital dependence grows and threat actors expand. NCSC CEO Richard Horne outlines why leaders must treat cybersecurity as mission-critical, strengthen their resilience, and align defense efforts to counter ransomware, AI-driven threats, and supply chain attacks.
ENISA's de Vries on DDoS, Security Training and Road to Single Reporting PlatformEurope's cybersecurity posture is hardening, but the threat landscape is evolving faster, says Hans de Vries, chief cybersecurity and operations officer at ENISA. From supply chain disruptions to ransomware legislation, the pressure to build genuinely resilient societies has never been greater.
For the U.S. healthcare ecosystem, the 2024 ransomware attack on Change Healthcare proved to be a supply-chain earthquake in showcasing critical third-party risk that entities now must carefully and urgently consider, said Erik Decker, CISO of Intermountain Health and a federal cyber adviser.
ManuSec Canada Speakers From Subaru and Toronto Transit Discuss Cyber ResilienceCanadian manufacturers face rising cyber risk as IT and OT systems converge. Leaders from Subaru Canada and the Toronto Transit Commission outline how ransomware, supply chain exposure and legacy OT vulnerabilities demand stronger resilience, segmentation and incident response readiness.
Researchers say breaches link identity abuse, SaaS compromise, and ransomware into a cascading cycle Cybercriminals are turning supply chain attacks into an industrial-scale operation, linking breaches, credential theft, and ransomware into a "self-reinforcing" ecosystem, researchers say.…
Revenue From Supply-Chain Attacks by Clop Group Sharply Fell, Report InvestigatorsOnce lucrative steal-and-leak campaigns pioneered by Russian ransomware group Clop look set to go the way of the dinosaurs. While an estimated 25% of victims paid a ransom in the inaugural campaign five years ago, the number of victims that paid fell to zero by 2023, report ransomware responders.
While ‘traditional’ ransomware attacks remain stable, some gangs are shifting towards exploiting zero-days and supply chains to go straight to stealing data
Full Scope of Clop Ransomware Group's Oracle E-Business Suite Hits Still EmergingThe University of Phoenix is notifying 3.5 million individuals that their personal information was compromised in a data breach. The theft traces to the Clop ransomware group's supply-chain campaign against users of Oracle E-Business Suite, in which it wield two zero-day vulnerabilities.
Innovation Continues, Although Sloppy Coding Can Still Leave Data UnrecoverableRansomware groups continue to display more innovation, persistence and planning in their quest to amass ransom-paying victims and maximize profits. This has included repeat supply-chain attacks, harvesting credentials to use in later campaigns, as well as launching their own affiliate programs.
South Korea's financial sector has been targeted by what has been described as a sophisticated supply chain attack that led to the deployment of Qilin ransomware
Amazon spilled the TEA Yet another supply chain attack has hit the npm registry in what Amazon describes as "one of the largest package flooding incidents in open source registry history" - but with a twist. Instead of injecting credential-stealing code or ransomware into the packages, this one is a token farming campaign.…