Mastodawn

Weaponizing #ClaudeSkills with #MedusaLocker: An AI tool that Claude uses to automate tasks can be easily weaponized to execute #ransomware, #CatoNetworks found in new research.

🔗 https://www.catonetworks.com/blog/cato-ctrl-weaponizing-claude-skills-with-medusalocker
1/6

Cato CTRL™ Threat Research: From Productivity Boost to Ransomware Nightmare – Weaponizing Claude Skills with MedusaLocker

Have you recently used Claude Skills? You could be a target for a ransomware attack. Cato CTRL proved how MedusaLocker ransomware could encrypt an entire company.

Cato Networks

RedPacket Security Nov 19

[MEDUSALOCKER] - Ransomware Victim: dulay[.]ca - https://www.redpacketsecurity.com/medusalocker-ransomware-victim-dulay-ca/

#medusalocker #dark_web #data_breach #OSINT #ransomware #threatintel #tor

[MEDUSALOCKER] - Ransomware Victim: dulay[.]ca - RedPacket Security

NOTE: No files or stolen information are exfiltrated, downloaded, taken, hosted, seen, reposted, or disclosed by RedPacket Security. Any legal issues relating

RedPacket Security

ITSEC News Aug 13, 2025

The MedusaLocker ransomware gang is hiring penetration testers - MedusaLocker, the ransomware-as-a-service group that has been active since 2019 is openly... https://www.fortra.com/blog/medusalocker-ransomware-gang-hiring-penetration-testers #penetrationtesting #vulnerability #medusalocker #ransomware #guestblog

The MedusaLocker ransomware gang is hiring penetration testers

MedusaLocker, the RaaS group, is openly recruiting for penetration testers to help it compromise more businesses.

securityaffairs Aug 11, 2025

#MedusaLocker #ransomware group is looking for pentesters
https://securityaffairs.com/181033/hacking/medusalocker-ransomware-group-is-looking-for-pentesters.html
#securityaffairs #hacking

MedusaLocker ransomware group is looking for pentesters

MedusaLocker ransomware gang announced on its Tor data leak site that it is looking for new pentesters.

Security Affairs

TechNadu Aug 7, 2025

⚠️ AV Killer malware disables most antivirus tools using BYOVD attack via ThrottleStop.sys (TechPowerUp driver)
- Exploits CVE-2025-7771
- Kills AVs: CrowdStrike, BitDefender, Defender, Kaspersky
- Enables ransomware like MedusaLocker
- Active in Russia, Brazil, and Ukraine

🧩 SecureList | Full write-up: ⬇️
https://www.technadu.com/novel-av-killer-malware-exploits-legitimate-driver-throttlestop-sys-targets-all-major-antivirus-solutions/605482/

#BYOVD #CVE20257771 #AVKiller #Malware #MedusaLocker #Infosec #ThreatIntel

RedPacket Security Mar 1, 2025

[MEDUSALOCKER] - Ransomware Victim: Inversiones Clinica Del Meta SA - https://www.redpacketsecurity.com/medusalocker-ransomware-victim-inversiones-clinica-del-meta-sa/

#medusalocker #dark_web #data_breach #OSINT #ransomware #threatintel #tor

[MEDUSALOCKER] - Ransomware Victim: Inversiones Clinica Del Meta SA - RedPacket Security

NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers

RedPacket Security

RedPacket Security Jan 9, 2025

[MEDUSALOCKER] - Ransomware Victim: bendixengineering - https://www.redpacketsecurity.com/medusalocker-ransomware-victim-bendixengineering/

#medusalocker #dark_web #data_breach #OSINT #ransomware #threatintel #tor

[MEDUSALOCKER] - Ransomware Victim: bendixengineering - RedPacket Security

NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers

RedPacket Security

RedPacket Security Nov 26, 2024

[MEDUSALOCKER] - Ransomware Victim: SILKNET COMPANY - https://www.redpacketsecurity.com/medusalocker-ransomware-victim-silknet-company/

#medusalocker #dark_web #data_breach #OSINT #ransomware #threatintel #tor

[MEDUSALOCKER] - Ransomware Victim: SILKNET COMPANY - RedPacket Security

NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers

RedPacket Security

Cisco Talos Oct 3, 2024

A new variant of the #MedusaLocker #ransomware has been in circulation since 2022. Find out what's distinct, and not, about "BabyLockerKZ" https://blog.talosintelligence.com/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/

Threat actor believed to be spreading new MedusaLocker variant since 2022

* Cisco Talos has discovered a financially motivated threat actor, active since 2022, recently observed delivering a MedusaLocker ransomware variant. * Intelligence collected by Talos on tools regularly employed by the threat actor allows us to see an estimate of the amount and countries of origin of this group’s victims. This

Cisco Talos Blog

RedPacket Security Feb 28, 2024

Medusa Locker Ransomware Victim: Southwest Industrial Sales - https://www.redpacketsecurity.com/medusalocker-ransomware-victim-southwest-industrial-sales/

#MedusaLocker #Ransomware #OSINT #ThreatIntel #darkweb #TOR

Medusa Locker Ransomware Victim: Southwest Industrial Sales - RedPacket Security

NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers

RedPacket Security