Ransomware remains the most financially damaging category of cyber threat, with attackers encrypting critical data and demanding payment for its release. Modern ransomware operations function as organized businesses, often using double-extortion tactics that combine encryption with data theft. defend.network tracks ransomware campaigns daily, monitoring which groups are active, which sectors they target, and which vulnerabilities they exploit for initial access.
Critical vulnerabilities in Palo Alto Networks and Ivanti EPMM under active exploitation. PCPJack credential stealer worm targeting cloud infrastructure. Russian state actors harvesting Office tokens via router compromise.
Critical Linux root access vulnerability added to CISA KEV with active exploitation confirmed. Multiple critical threats including cPanel mass-exploitation, source code breaches, and state-sponsored APT campaigns.
Critical cPanel RCE exploited for ransomware; Russian military harvesting Office tokens; 30K Facebook accounts compromised; Trellix source code breached; automated Azure OAuth attacks.
Critical RCE vulnerabilities in GitHub and Hugging Face, destructive VECT 2.0 ransomware, Russian token harvesting, and BlueNoroff deepfake attacks demand immediate defensive action.
Critical supply chain attacks via malicious Docker images and npm worms, state-sponsored credential theft campaigns targeting Microsoft Office, and destructive Lotus Wiper malware deployed against Venezuelan energy infrastructure require immediate response across all organizations.
Russian state-backed APT harvesting Microsoft tokens, 1,570+ Gentlemen ransomware victims, critical SD-WAN and RMM exploits, Windows Defender flaws—urgent patching required across infrastructure.
Critical RCE vulnerabilities in AI infrastructure (SGLang, Anthropic MCP) combined with state-sponsored APT campaigns targeting authentication systems and OT/healthcare infrastructure demand immediate patching and access controls.
Critical Microsoft Defender zero-days under active exploitation, 68% of cloud breaches from unmanaged service accounts, and Russian state-sponsored token harvesting campaigns demand immediate action.
Critical zero-day exploits in Microsoft Defender and Apache ActiveMQ, Russian state-sponsored token harvesting, and sophisticated ransomware evasion techniques pose immediate threats requiring emergency patching and threat hunting.
Apache ActiveMQ actively exploited; Microsoft Defender zero-day disclosed; Russian state actors harvesting Office 365 tokens; ZionSiphon targets water infrastructure.
APT28 deploys PRISMEX malware targeting NATO allies; 13-year-old ActiveMQ RCE and Russian router-based token theft critical; new botnets and healthcare ransomware disruptions.
Russian APT28 conducting large-scale DNS hijacking via compromised routers for token theft; Iranian hackers targeting U.S. critical infrastructure PLCs; critical Docker and Flowise vulnerabilities under active exploitation.
State-sponsored APT campaigns targeting Microsoft 365 and supply chains escalate with GitHub C2 usage and zero-day exploits deployed within 24 hours of breach.
Critical zero-day exploits in TrueConf and North Korean Axios compromise, plus wiper attacks and AI platform over-privilege vulnerabilities demand immediate response across cloud, government, and healthcare sectors.
FBI Director's email breached by Iran-linked hackers; critical Citrix and F5 vulnerabilities under active exploitation; wiper attacks target Stryker; nation-state exploit kits leaked publicly.
Iran-linked actors breached FBI Director Kash Patel's email and launched wiper attacks on Stryker. Critical Citrix and F5 vulnerabilities under active exploitation with no patches available.
State-sponsored Chinese APT embedded in telecom backbone, critical Langflow AI vulnerability actively exploited, wiper malware targeting Iran systems, and zero-click AI assistant vulnerabilities require immediate response.
AI-powered autonomous cyber espionage, device code phishing at 340+ organizations, and critical infrastructure vulnerabilities require immediate defensive action across all sectors.
Critical supply chain attacks on LiteLLM and development tools, wiper attacks on medical device manufacturer, and RCE vulnerabilities in manufacturing systems demand immediate response.
Critical supply chain attacks on Trivy scanner and VS Code, destructive Iran-linked wipers targeting Kubernetes, and phishing-as-a-service platforms resurging with 29K IRS victims. Initial access now occurs in 22 seconds.
Critical Oracle RCE, Russian state-sponsored phishing, Trivy supply-chain worm, and Iran-backed healthcare wiper attacks demand immediate emergency response and patching across enterprise infrastructure.
Critical VMware ESXi vulnerability actively exploited by ransomware operators. BlackSuit group claims major U.S. healthcare breach. CISA adds 3 new CVEs. Microsoft patches Windows kernel zero-day. New PhishRelay kit enables real-time MFA bypass.
Subscribe free and never miss a threat briefing.