-->
#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
Security Service Edge

ransomware | Breaking Cybersecurity News | The Hacker News

Category — ransomware
Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms

Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms

Feb 27, 2026 Endpoint Security / Windows Security
Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a remote access trojan (RAT). "A malicious downloader staged a portable Java runtime and executed a malicious Java archive (JAR) file named jd-gui.jar," the Microsoft Threat Intelligence team said in a post on X. "This downloader used PowerShell and living-off-the-land binaries (LOLBins) like cmstp.exe for stealthy execution." The attack chain is also designed to evade detection by deleting the initial downloader and by configuring Microsoft Defender exclusions for the RAT components. Persistence is achieved by means of a scheduled task and Windows startup script named "world.vbs," before the final payload is deployed on the compromised host. The malware, per Microsoft, is a "multi-purpose malware" that acts as a loader, runner, downloader, and RAT. Once launched, it connects to an external ...
ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories

ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories

Feb 26, 2026 Cybersecurity / Hacking News
Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an ad, a meeting invite, or a software update. Behind the scenes, the tactics are sharper. Access happens faster. Control is established sooner. Cleanup becomes harder. Here is a quick look at the signals worth paying attention to. AI-powered command execution Kali Linux Integrates Claude AI Assistant via MCP Kali Linux, an advanced penetration testing Linux distribution used for ethical hacking and network security assessments, has added an integration with Anthropic's Claude large language model through the Model Context Protocol (MCP) to issue commands in natural language and translate them into technical commands. Belarus-linked Android spyware ResidentBat Infrastructure Analyzed ResidentBat is an Android spyware implant used by Belarusian autho...
SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks

SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks

Feb 25, 2026 Social Engineering / Cloud Security
The notorious cybercrime collective known as Scattered LAPSUS$ Hunters (SLH) has been observed offering financial incentives to recruit women to pull off social engineering attacks. The idea is to hire them for voice phishing campaigns targeting IT help desks, Dataminr said in a new threat brief. The group is said to be offering anywhere between $500 and $1,000 upfront per call, in addition to providing them with the necessary pre-written scripts to carry out the attack. "SLH is diversifying its social engineering pool by specifically recruiting women to conduct vishing attacks, likely to increase the success rate of help desk impersonation," the threat intelligence firm said . A high-profile cybercrime supergroup comprising LAPSUS$, Scattered Spider, and ShinyHunters, SLH has a record of engaging in advanced social engineering attacks to sidestep multi-factor authentication (MFA) through techniques like MFA prompt bombing and SIM swapping.  The group's modus ope...
cyber security

How to Discover Shadow AI [Free Guide]

websiteNudge SecuritySaaS Security / Shadow AI
The first step in mitigating AI risks is to uncover where AI is being used. Get a head start with this guide.
cyber security

OpenClaw: RCE, Leaked Tokens, and 21K Exposed Instances in 2 Weeks

websiteReco AIAttack Surface / AI Agents
The viral AI agent connects to Slack, Gmail, and Drive—and most security teams have zero visibility into it.
Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks

Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks

Feb 24, 2026 Threat Intelligence / Healthcare
The North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team. Broadcom's threat intelligence division said it also identified the same threat actors mounting an unsuccessful attack against a healthcare organization in the U.S. Medusa is a ransomware-as-a-service (RaaS) operation launched by a cybercrime group known as Spearwing in 2023. The group has claimed more than 366 attacks to date. "Analysis of the Medusa leak site reveals attacks against four healthcare and non-profit organizations in the U.S. since the beginning of November 2025," the company said in a report shared with The Hacker News. "Victims included a non-profit in the mental health sector and an educational facility for autistic children. It is unknown if all these victims were targeted by North Korean opera...
AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries

AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries

Feb 21, 2026 Threat Intelligence / Artificial Intelligence
A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located in 55 countries. That's according to new findings from Amazon Threat Intelligence, which said it observed the activity between January 11 and February 18, 2026. "No exploitation of FortiGate vulnerabilities was observed—instead, this campaign succeeded by exploiting exposed management ports and weak credentials with single-factor authentication, fundamental security gaps that AI helped an unsophisticated actor exploit at scale," CJ Moses, Chief Information Security Officer (CISO) of Amazon Integrated Security, said in a report. The tech giant described the threat actor as having limited technical capabilities, a constraint they overcame by relying on multiple commercial generative AI tools to implement various phases of the attack cycle, such as tool development, attac...
Expert Insights Articles Videos
Cybersecurity Resources