Ransomware remains the most financially damaging category of cyber threat, with attackers encrypting critical data and demanding payment for its release. Modern ransomware operations function as organized businesses, often using double-extortion tactics that combine encryption with data theft. defend.network tracks ransomware campaigns daily, monitoring which groups are active, which sectors they target, and which vulnerabilities they exploit for initial access.
Apple A12/A13 SecureROM exploited with unpatchable code execution; Gentlemen RaaS expands EDR-evasion toolkit targeting 400 processes; Fortinet FortiBleed now hits 86,644 devices. Klue OAuth breach spreads Salesforce credential theft to cybersecurity vendors.
F5 patched critical NGINX RCE (CVE-2026-42530). Microsoft disclosed active Windows clipboard-stealing malware spreading via USB worms since Feb 2026. INC ransomware claims 830+ victims; Salesforce data stolen through Klue OAuth breach by Icarus group.
Oracle PeopleSoft CVE-2026-35273 actively exploited by ShinyHunters targeting universities; Windows BitLocker bypassed via XML files; The Gentlemen ransomware claims 478 victims with worm-like spreading capability.
Critical supply-chain attacks via compromised npm/PyPI packages, Canvas ransomware disrupting education nationwide, and massive vulnerability patches (Microsoft 137, Adobe 52, Exim critical) require immediate response.
Canvas ransomware disrupts universities nationwide; Ollama zero-day affects 300k+ servers; TCLBANKER targets financial platforms; critical infrastructure breached; supply-chain compromises detected.
Canvas learning platform compromised in extortion attack affecting hundreds of schools; supply-chain attacks hit JDownloader, Hugging Face, and Trellix; banking trojan TCLBANKER targets 59 financial platforms; critical ICS/OT breaches at water treatment plants.
Critical threats including TCLBANKER banking trojan, Canvas platform breach disrupting nationwide education, and active Ivanti zero-day exploitation require immediate response across financial, education, and government sectors.
Critical cPanel RCE exploited for ransomware; Russian military harvesting Office tokens; 30K Facebook accounts compromised; Trellix source code breached; automated Azure OAuth attacks.
Critical supply chain attacks on LiteLLM and development tools, wiper attacks on medical device manufacturer, and RCE vulnerabilities in manufacturing systems demand immediate response.
Critical VMware ESXi vulnerability actively exploited by ransomware operators. BlackSuit group claims major U.S. healthcare breach. CISA adds 3 new CVEs. Microsoft patches Windows kernel zero-day. New PhishRelay kit enables real-time MFA bypass.
Subscribe free and never miss a threat briefing.