ransomware | Breaking Cybersecurity News | The Hacker News

Bitdefender has once again been recognized as a Representative Vendor in the Gartner® Market Guide for Managed Detection and Response (MDR) — marking the fourth consecutive year of inclusion. According to Gartner, more than 600 providers globally claim to deliver MDR services, yet only a select few meet the criteria to appear in the Market Guide. While inclusion is not a ranking or comparative assessment, we believe it underscores Bitdefender's human-driven approach to MDR and our continued alignment with Gartner's rigorous inclusion standards. To be included, must demonstrate consistent visibility through Gartner client inquiries or Peer Insights reviews, focus on delivering end-user–oriented services rather than purely technological solutions, and represent a variety of company sizes and geographies. We believe independent analyst research like the Gartner Market Guide for Managed Detection and Response is a valuable resource for organizations assessing MDR providers. The rep...

SonicWall has formally implicated state-sponsored threat actors as behind the September security breach that led to the unauthorized exposure of firewall configuration backup files. "The malicious activity – carried out by a state-sponsored threat actor - was isolated to the unauthorized access of cloud backup files from a specific cloud environment using an API call," the company said in a statement released this week. "The incident is unrelated to ongoing global Akira ransomware attacks on firewalls and other edge devices." The disclosure comes nearly a month after the company said an unauthorized party accessed firewall configuration backup files for all customers who have used the cloud backup service. In September, it claimed that the threat actors accessed the backup files stored in the cloud for less than 5% of its customers. SonicWall, which engaged the services of Google-owned Mandiant to investigate the breach, said it did not affect its products o...

The U.S. Treasury Department on Tuesday imposed sanctions against eight individuals and two entities within North Korea's global financial network for laundering money for various illicit schemes , including cybercrime and information technology (IT) worker fraud . "North Korean state-sponsored hackers steal and launder money to fund the regime's nuclear weapons program," said Under Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley. "By generating revenue for Pyongyang's weapons development, these actors directly threaten U.S. and global security. The Treasury will continue to pursue the facilitators and enablers behind these schemes to cut off the DPRK's illicit revenue streams." The names of sanctioned individuals and entities are listed below - Jang Kuk Chol (Jang) and Ho Jong Son , who are said to have helped manage funds, including $5.3 million in cryptocurrency, on behalf of First Credit Bank (aka Cheil ...

The nascent collective that combines three prominent cybercrime groups, Scattered Spider, LAPSUS$, and ShinyHunters, has created no less than 16 Telegram channels since August 8, 2025. "Since its debut, the group's Telegram channels have been removed and recreated at least 16 times under varying iterations of the original name – a recurring cycle reflecting platform moderation and the operators' determination to sustain this specific type of public presence despite disruption," Trustwave SpiderLabs, a LevelBlue company, said in a report shared with The Hacker News. Scattered LAPSUS$ Hunters (SLH) emerged in early August, launching data extortion attacks against organizations, including those using Salesforce in recent months. Chief among its offerings is an extortion-as-a-service (EaaS) that other affiliates can join to demand a payment from targets in exchange for using the "brand" and notoriety of the consolidated entity. All three groups are assesse...

Ransomware is malicious software designed to block access to a computer system or encrypt data until a ransom is paid. This cyberattack is one of the most prevalent and damaging threats in the digital landscape, affecting individuals, businesses, and critical infrastructure worldwide. A ransomware attack typically begins when the malware infiltrates a system through various vectors such as phishing emails, malicious downloads, or exploiting software vulnerabilities. Once activated, the malware encrypts files using strong cryptographic algorithms, rendering them inaccessible to the legitimate owner. The attackers then demand payment, usually in cryptocurrency like Bitcoin, in exchange for the decryption key. Modern ransomware variants have evolved beyond simple file encryption. Some employ double extortion tactics, where attackers encrypt data, exfiltrate sensitive information, and threaten to publish it publicly if the ransom is not paid. This puts pressure on victims, particularly...