The Threat CodexMar 17
Ransomware Under Pressure: Tactics, Techniques, and Procedures in a Shifting Threat Landscape
#CVE_2024_21762 #CVE_2021_27877 #CVE_2021_27878 #CVE_2021_40539 #CVE_2024_55591 #CVE_2019_6693 #CVE_2024_40766 #CVE_2023_4966 #CVE_2025_53771 #CVE_2025_53770 #CVE_2025_31324 #CVE_2024_3400 #CVE_2025_31161 #QilinGroup #QilinRansomware #Akira #REDBIKE #Cl0p #PLAY #SafePay #INCRansomware #RansomHub #DragonForce #UNC6016 #UNC2465
https://cloud.google.com/blog/topics/threat-intelligence/ransomware-ttps-shifting-threat-landscape/
Ransomware Tactics, Techniques, and Procedures in a Shifting Threat Landscape | Google Cloud Blog

An overview of the ransomware landscape and common TTPs directly observed in 2025 ransomware incidents.

Google Cloud Blog
Scienza et MagiaFeb 15

Report Attacchi Hacker Inizio 2026. L’Evoluzione Predatoria e il Nuovo Volto del Crimine Informatico. Il panorama della sicurezza digitale nei primi mesi del 2026 conferma una transizione definitiva: siamo passati dall'epoca dei malware generici a quella delle operazioni

https://scienzamagia.eu/misteri-ed-ufo/report-attacchi-hacker-inizio-2026/

#crimineinformatico #cybersecurity #databreach #deepfake #Hacker2026 #intelligenzaartificiale #LockBit #Nike #phishing #privacy #Qilin #RansomHub #Ransomware #sicurezzainformatica #SoundCloud #ZeroDay

Show threadFrancis Mangion (M)Jan 27

TT @applebulteni : "RansomHub announced Luxshare, one of Apple's suppliers, as a victim of ransomware."
#RansomHub #ransomware #apple #ransomware

https://applebulteni.com/2026/01/22/ra…nsomhub-applein-tedarikcilerinden-luxsharei-fidye-yazilim-kurbani-olarak-duyurdu/

AppleBülteniJan 27

RansomHub, Apple’ın tedarikçilerinden Luxshare’i fidye yazılım kurbanı olarak duyurdu
#RansomHub #ransomware #apple #fidyeyazılım

https://applebulteni.com/2026/01/22/ransomhub-applein-tedarikcilerinden-luxsharei-fidye-yazilim-kurbani-olarak-duyurdu/

CyberVeille.chSep 16, 2025
📢 Lovesac signale une violation de données; le gang RansomHub revendique l’attaque
📝 Source: BleepingComputer (Bill Toulas), 8 septembre 2025.
📖 cyberveille : https://cyberveille.ch/posts/2025-09-15-lovesac-signale-une-violation-de-donnees-le-gang-ransomhub-revendique-lattaque/
🌐 source : https://www.bleepingcomputer.com/news/security/lovesac-confirms-data-breach-after-ransomware-attack-claims/
#RansomHub #commerce_de_détail #Cyberveille
Lovesac signale une violation de données; le gang RansomHub revendique l’attaque

Source: BleepingComputer (Bill Toulas), 8 septembre 2025. Le fabricant et détaillant américain de meubles Lovesac avertit par courriel d’une violation de données ayant exposé des informations personnelles, à la suite d’un accès non autorisé à ses systèmes internes. https://ago.vermont.gov/sites/ago/files/documents/2025-09-04%20The%20LoveSac%20Company%20Data%20Breach%20Notice%20to%20Consumers.pdf – Chronologie et faits clés: • 📅 Accès malveillant: du 12 février au 3 mars 2025. • 📍 Découverte: 28 février 2025; remédiation en 3 jours pour bloquer l’accès de l’attaquant. • 🧾 Données compromises: noms complets et autres informations personnelles (détails non communiqués). • 👥 Population touchée: nombre d’individus non divulgué; Lovesac n’a pas précisé s’il s’agit de clients, employés ou sous‑traitants. • 🛡️ Mesures offertes: surveillance de crédit 24 mois via Experian (inscription jusqu’au 28 novembre 2025). • 🔎 État d’usage: la société indique n’avoir aucune indication d’un usage abusif et appelle à la vigilance face au phishing.

CyberVeille
ITSEC NewsSep 10, 2025
Lovesac warns customers their data was breached after suspected RansomHub attack six months ago - American furniture maker Lovesac, known for its modular couches and comfy beanbags, has w... https://www.bitdefender.com/en-us/blog/hotforsecurity/lovesac-warns-customers-their-data-was-breached-after-suspected-ransomhub-attack-six-months-ago #ransomware #databreach #guestblog #ransomhub #dataloss
Lovesac warns customers their data was breached after suspected RansomHub attack six months ago

American furniture maker Lovesac, known for its modular couches and comfy beanbags, has warned customers that their data was breached by hackers earlier this year, and that they should remain vigilant to the threat of identity theft.

Hot for Security
TechNaduAug 13, 2025

🚨 Manpower confirms Dec–Jan breach after RansomHub’s claim.

📊 144K+ victims across the U.S., data stolen includes SSNs, IDs, and medical info.
https://www.technadu.com/six-months-on-manpower-confirms-data-breach-after-ransomhubs-december-january-access/605907/

#Manpower #RansomHub #DataBreach #Cybersecurity #InfoSec

Prof. Dr. Dennis-Kenji KipkerJul 9, 2025

Immer wieder hört man von Geschäftsleitern, dass #Cyberrisiken vernachlässigbar seien, weil man im unwahrscheinlichen Zweifelsfall einfach ein #Lösegeld zahlen kann und der Fall damit erledigt ist.

Doch nicht umsonst gibt es den Spruch "Wer einmal zahlt, zahlt auch zweimal." Am Beispiel der der rivalisierenden #Cybercrime-Gruppierungen "#DragonForce" und "#RansomHub" wird deutlich, dass "Ehre" unter Cyberkriminellen ein sehr zweifelhafter Begriff ist:

https://www.heise.de/news/Doppelte-Erpressung-moeglich-Cyberkriminelle-im-Clinch-10477705.html #cybersecurity

Doppelte Erpressung möglich: Cyberkriminelle im Clinch

Zwischen zwei rivalisierenden kriminellen Ransomware-Gruppen ist Streit ausgebrochen. Cyberexperten warnen, dass Unternehmen doppelt erpresst werden könnten.

heise online
Marcel SIneM(S)USJul 8, 2025
Doppelte Erpressung möglich: Cyberkriminelle im Clinch | heise online https://www.heise.de/news/Doppelte-Erpressung-moeglich-Cyberkriminelle-im-Clinch-10477705.html #CyberCrime #Ransomware #Malware #DragonForce #RansomHub
Doppelte Erpressung möglich: Cyberkriminelle im Clinch

Zwischen zwei rivalisierenden kriminellen Ransomware-Gruppen ist Streit ausgebrochen. Cyberexperten warnen, dass Unternehmen doppelt erpresst werden könnten.

heise online
Just Another Blue TeamerJun 30, 2025

Happy Monday everyone and what a way to start it!

I encourage you to read the latest report from The DFIR Report where they document an attack that started with a "password spray attack against an exposed RDP server" and ended in the #RansomHub ransomware strain being deployed in the victim's environment and spread over SMB.

I am going to forgo the brief summary because I truly believe these reports need to be read by you! But a bunch of LOLBINs were leveraged, including PowerShell and Windows Command Shell, of course RDP connections, MimiKatz, the Advanced IP Scanner, and many more! One behavior I will point out is that Persistence was gained by the actors deploying the legitimate RMM tools AteraAgent and Splashtop and then created services to run them!

This is another great example of an extremely thorough report and I hope you enjoy it as much as I do! Enjoy and Happy Hunting!

Hide Your RDP: Password Spray Leads to RansomHub Deployment
https://thedfirreport.com/2025/06/30/hide-your-rdp-password-spray-leads-to-ransomhub-deployment/

Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

Hide Your RDP: Password Spray Leads to RansomHub Deployment

Key Takeaways Initial access was via a password spray attack against an exposed RDP server, targeting numerous accounts over a four-hour period. Mimikatz and Nirsoft were used to harvest credential…

The DFIR Report