-->
#1 Trusted Cybersecurity News Platform
Followed by 5.40+ million
The Hacker News Logo
Subscribe – Get Latest News

ransomware | Breaking Cybersecurity News | The Hacker News

Category — ransomware
SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation

SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation

Apr 21, 2026 Botnet / Endpoint Security
Threat actors associated with The Gentlemen ransomware‑as‑a‑service (RaaS) operation have been observed attempting to deploy a known proxy malware called SystemBC . According to new research published by Check Point, the command-and-control (C2 or C&C) server linked to SystemBC has led to the discovery of a botnet of more than 1,570 victims. "SystemBC establishes SOCKS5 network tunnels within the victim’s environment and connects to its C&C server using a custom RC4‑encrypted protocol," Check Point said. "It can also download and execute additional malware, with payloads either written to disk or injected directly into memory." Since its emergence in July 2025, The Gentlemen has quickly established itself as one of the most prolific ransomware groups, claiming more than 320 victims on its data leak site. Operating under a classic double-extortion model, the group is versatile as it's sophisticated, exhibiting capabilities to target Windows, Linux, N...
Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023

Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023

Apr 21, 2026 Insider Threat / Cybercrime
A third individual who was employed as a ransomware negotiator has pleaded guilty to conducting ransomware attacks against U.S. companies in 2023. Angelo Martino , 41, of Land O'Lakes, Florida, teamed up with the operators of the BlackCat ransomware starting in April 2023 to assist the e-crime gang in extracting higher amounts as ransoms. "Working as a negotiator on behalf of five different ransomware victims, Martino provided BlackCat attackers with confidential information about the negotiating position and strategy of his company's clients without the clients' or his employer’s knowledge or permission," the U.S. Department of Justice (DoJ) said in a Monday announcement. The information, which included the victims' insurance policy limits and internal negotiation positions, maximized the ransoms they were required to pay. Martino was financially compensated in exchange for providing the details. Martino, who was charged last month, also admitted to co...
No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

Apr 21, 2026 Incident Response / Artificial Intelligence
The cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, the most reliable entry point for attackers still hasn't changed: stolen credentials. Identity-based attacks remain a dominant initial access vector in breaches today. Attackers obtain valid credentials through credential stuffing from prior breach databases, password spraying against exposed services, or phishing campaigns — and use them to walk through the front door. No exploits needed. Just a valid username and password. What makes this difficult to defend against is how unremarkable the initial access looks. A successful login from a legitimate credential doesn't trigger the same alarms as a port scan or a malware callback. The attacker looks like an employee. Once inside, they dump and crack additional passwords, reuse those credentials to move laterally, and expand their foothold across the environment....
cyber security

2026 Annual Threat Report: A Defender's Playbook From the Front Lines

websiteSentinelOneEnterprise Security / Cybersecurity
Learn how modern attackers bypass MFA, exploit gaps, weaponize automation, run 8-phase intrusions, and more.
cyber security

Anthropic Won't Release Mythos. But Claude Is Already in Your Salesforce

websiteRecoSaaS Security /AI Security
The real enterprise AI risk isn't the model they locked away. It's the one already inside.
CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

Apr 21, 2026 Network Security / Threat Intelligence
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities ( KEV ) catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2023-27351 (CVSS score: 8.2) - An improper authentication vulnerability in PaperCut NG/MF that could allow an attacker to bypass authentication on affected installations via the SecurityRequestFilter class. CVE-2024-27199 (CVSS score: 7.3) - A relative path traversal vulnerability in JetBrains TeamCity that could allow an attacker to perform limited admin actions. CVE-2025-2749 (CVSS score: 7.2) - A path traversal vulnerability in Kentico Xperience that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations. CVE-2025-32975 (CVSS score: 10.0) - An improper authentication vulnerability in Quest KACE Systems Ma...
$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims

$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims

Apr 18, 2026 Money Laundering / Regulatory Compliance
Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it's suspending operations after it blamed Western intelligence agencies for a $13.74 million hack. The exchange said it fell victim to what it described as a large-scale cyber attack that bore hallmarks of foreign intelligence agency involvement. This attack led to the theft of over 1 billion rubles in user funds. "Digital forensic evidence and the nature of the attack point to an unprecedented level of resources and technological sophistication – capabilities typically available exclusively to the agencies of hostile states," the company said in a statement posted on its website. "Preliminary findings suggest the attack was coordinated with the specific objective of inflicting direct damage upon Russia's financial sovereignty." A spokesperson for the company went on to state that the exchange's infrastructure had been under attack since ...
Expert Insights Articles Videos
Cybersecurity Resources