Published on: 2025-06-05 20:07:13
A ransomware gang claimed responsibility for the hack on Kettering Health, a network of hospitals, clinics, and medical centers in Ohio. The healthcare system is still recovering two weeks after the ransomware attack forced it to shut down all its computer systems. Interlock, a relatively new ransomware group that has targeted healthcare organizations in the U.S. since September 2024, published a post on its official dark web site, claiming to have stolen more than 940 gigabytes of data from Ke
Keywords: data health interlock kettering ransomware
Find related items on AmazonPublished on: 2025-06-06 12:55:04
In Brief Lee Enterprises, the newspaper publishing giant that was hit by a ransomware attack in February, causing widespread disruption to dozens of U.S. media outlets, has confirmed the cyberattack resulted in the theft of employees’ personal data. The company confirmed in a letter filed with Maine’s attorney general that the personal information of 39,779 people was stolen in the cyberattack, including Social Security numbers. The data breach mostly affects former and current employees at th
Keywords: breach data lee newspaper ransomware
Find related items on AmazonPublished on: 2025-06-06 16:30:14
Publishing giant Lee Enterprises is notifying over 39,000 people whose personal information was stolen in a February 2025 ransomware attack. As one of the largest newspaper groups in the United States, Lee Enterprises publishes 77 daily newspapers and 350 weekly and specialty publications across 26 states. The local news provider's newspapers have a daily circulation of over 1.2 million, and a digital audience reaching tens of millions each month. In a filing with the Office of Maine's Attorne
Keywords: company enterprises february lee ransomware
Find related items on AmazonPublished on: 2025-06-09 04:25:14
Kettering Health, a network with dozens of medical and emergency centers in Ohio, is still working to recover and return to normal operations two weeks after a ransomware attack prompted “a system-wide technology outage.” On Monday, Kettering Health said in an update that it had restored “core components” of its electronic health record system provided by Epic, which re-established the company’s “ability to update and access electronic health records, facilitate communication across care teams,
Keywords: health healthcare kettering ransomware said
Find related items on AmazonPublished on: 2025-06-15 16:25:52
Threat actors linked to lesser-known ransomware and malware projects now use AI tools as lures to infect unsuspecting victims with malicious payloads. This development follows a trend that has been growing since last year, starting with advanced threat actors using deepfake content generators to infect victims with malware. These lures have become widely adopted by info-stealer malware operators and ransomware operations attempting to breach corporate networks. Cisco Talos researchers have di
Keywords: ai cisco cyberlock malware ransomware
Find related items on AmazonPublished on: 2025-06-19 04:44:15
The DragonForce ransomware operation successfully breached a managed service provider and used its SimpleHelp remote monitoring and management (RMM) platform to steal data and deploy encryptors on downstream customers' systems. Sophos was brought in to investigate the attack and believe the threat actors exploited a chain of older SimpleHelp vulnerabilities tracked as CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726 to breach the system. SimpleHelp is a commercial remote support and access t
Keywords: actors attacks dragonforce ransomware simplehelp
Find related items on AmazonPublished on: 2025-06-19 12:14:56
An Iranian national has pleaded guilty to participating in the Robbinhood ransomware operation, which was used to breach the networks, steal data, and encrypt devices of U.S. cities and organizations in an attempt to extort millions of dollars over a five-year span. According to a U.S. Department of Justice and an unsealed indictment, 39-year-old man named Sina Gholinejad, also known as "Sina Ghaaf," and his conspirators deployed the Robbinhood ransomware on breached networks from at least Janu
Keywords: data gholinejad networks ransomware robbinhood
Find related items on AmazonPublished on: 2025-06-20 12:37:25
MathWorks, a leading developer of mathematical computing and simulation software, has revealed that a recent ransomware attack is behind an ongoing service outage. Headquartered in Natick, Massachusetts, and founded in 1984, MathWorks now has over 6,500 employees in 34 offices worldwide. MathWorks develops the MATLAB numeric computing platform and the Simulink simulation, which are used by over 100,000 organizations and over 5 million customers. "MathWorks experienced a ransomware attack. We h
Keywords: attack incident mathworks online ransomware
Find related items on AmazonPublished on: 2025-06-24 12:26:44
The FBI warned that an extortion gang known as the Silent Ransom Group has been targeting U.S. law firms over the last two years in callback phishing and social engineering attacks. Also known as Luna Moth, Chatty Spider, and UNC3753, this threat group has been active since 2022 and was also behind BazarCall campaigns that provided initial access to corporate networks for Ryuk and Conti ransomware attacks. In March 2022, following Conti's shutdown, the threat actors separated from the cybercri
Keywords: access attacks group ransom srg
Find related items on AmazonPublished on: 2025-06-25 09:58:13
In the latest phase of Operation Endgame, an international law enforcement operation, national authorities from seven countries seized 300 servers and 650 domains used to launch ransomware attacks. "From 19 to 22 May, authorities took down some 300 servers worldwide, neutralised 650 domains, and issued international arrest warrants against 20 targets, dealing a direct blow to the ransomware kill chain," according to the joint action's official website. "In addition, EUR 3.5 million in cryptocu
Keywords: danabot malware operation ransomware used
Find related items on AmazonPublished on: 2025-06-26 00:16:25
The U.S. government has indicted Russian national Rustam Rafailevich Gallyamov, the leader of the Qakbot botnet malware operation that compromised over 700,000 computers and enabled ransomware attacks. As per court documents, Gallyamov started to develop Qakbot (also known as Qbot and Pinkslipbot) in 2008 and deployed it to create a network of thousands of infected computers. Over time, a team of developers was formed around Qakbot but the indictment notes that other malware was also created u
Keywords: gallyamov malware million qakbot ransomware
Find related items on AmazonPublished on: 2025-06-28 20:27:21
A 3AM ransomware affiliate is conducting highly targeted attacks using email bombing and spoofed IT support calls to socially engineer employees into giving credentials for remote access to corporate systems. This tactic was previously linked to the Black Basta ransomware gang and later observed in FIN7 attacks, but its effectiveness has driven a wider adoption. Sophos reports seeing at least 55 attacks leveraging this technique between November 2024 and January 2025, linked to two distinct th
Keywords: 3am attacks email ransomware sophos
Find related items on AmazonPublished on: 2025-06-30 01:45:08
Kettering Health, a healthcare network that operates 14 medical centers in Ohio, was forced to cancel inpatient and outpatient procedures following a cyberattack that caused a system-wide technology outage. The nonprofit organization also manages emergency centers and over 120 outpatient facilities across western Ohio, and it employs over 15,000 people, including more than 1,800 physicians. In a statement published on its website, Kettering Health confirmed that a cybersecurity attack is behin
Keywords: attack health kettering outage ransomware
Find related items on AmazonPublished on: 2025-07-02 20:17:33
Threat actors have been distributing trojanized versions of the KeePass password manager for at least eight months to install Cobalt Strike beacons, steal credentials, and ultimately, deploy ransomware on the breached network. WithSecure's Threat Intelligence team discovered the campaign after they were brought in to investigate a ransomware attack. The researchers found that the attack started with a malicious KeePass installer promoted through Bing advertisements that promoted fake software s
Keywords: keepass password ransomware threat withsecure
Find related items on AmazonPublished on: 2025-07-08 13:25:06
'They yanked their own plug': How Co-op averted an even worse cyber attack 13 hours ago Share Save Joe Tidy Cyber correspondent, BBC World Service Share Save EPA Co-op narrowly averted being locked out of its computer systems during the cyber attack that saw customer data stolen and store shelves left bare, the hackers who claim responsibility have told the BBC. The revelation could help explain why Co-op has started to recover more quickly than fellow retailer M&S, which had its systems more
Keywords: attack bbc cyber op ransomware
Find related items on AmazonPublished on: 2025-07-08 23:25:06
Co-op narrowly avoided an even worse cyber attack, BBC learns 5 hours ago Share Save Joe Tidy Cyber reporter Share Save Getty Images Co-op narrowly averted being locked out of its computer systems during the cyber attack that saw customer data stolen and store shelves left bare, the hackers who claim responsibility have told the BBC. The revelation could help explain why Co-op has started to recover more quickly than fellow retailer M&S, which had its systems more comprehensively compromised,
Keywords: attack bbc cyber op ransomware
Find related items on AmazonPublished on: 2025-07-10 04:39:41
Ransomware gangs have joined ongoing SAP NetWeaver attacks, exploiting a maximum-severity vulnerability that allows threat actors to gain remote code execution on vulnerable servers. SAP released emergency patches on April 24 to address this NetWeaver Visual Composer unauthenticated file upload security flaw (CVE-2025-31324), days after it was first tagged by cybersecurity company ReliaQuest as targeted in the wild. Successful exploitation lets threat actors upload malicious files without requ
Keywords: netweaver ransomware sap servers threat
Find related items on AmazonPublished on: 2025-07-15 00:14:00
Bottom line: Chipmakers typically use microcode updates to fix bugs and improve CPU reliability. However, this low-level layer between hardware and machine code can also serve as a stealthy attack vector – capable of hiding malicious payloads from all software-based defenses. As threats evolve, even the deepest layers of a system can no longer be assumed safe. A security researcher designed a way to "weaponize" microcode updates to install ransomware directly onto the CPU. Rapid7 analyst Christ
Keywords: beek cpu microcode ransomware security
Find related items on AmazonPublished on: 2025-07-15 04:18:57
Moldovan authorities have detained a 45-year-old suspect linked to DoppelPaymer ransomware attacks targeting Dutch organizations in 2021. Police officers searched the suspect's home and car on May 6, seizing an electronic wallet, €84,800, two laptops, a mobile phone, a tablet, six bank cards, and multiple data storage devices. The suspect remains in custody, while Moldovan prosecutors have initiated legal procedures to extradite him to the Netherlands. The arrest resulted from a joint action
Keywords: doppelpaymer nwo ransomware suspect victims
Find related items on AmazonPublished on: 2025-07-19 04:52:04
Months after the hacked education software maker PowerSchool paid a hacker’s ransom to delete the company’s banks of stolen student data, at least one school district says it is now being extorted by someone who said the data was not destroyed. PowerSchool, which provides its K-12 software to thousands of schools to support 60 million students across North America, was hacked in December 2024 using a single stolen credential, which allowed a hacker broad access to PowerSchool’s stores of person
Keywords: data powerschool ransom said stolen
Find related items on AmazonPublished on: 2025-07-19 08:05:18
Ransomware operations are using legitimate Kickidler employee monitoring software for reconnaissance, tracking their victims' activity, and harvesting credentials after breaching their networks. In attacks observed by cybersecurity companies Varonis and Synacktiv, Qilin and Hunters International ransomware affiliates installed Kickidler, an employee monitoring tool that can capture keystrokes, take screenshots, and create videos of the screen. Kickidler's developer says the tool is used by ove
Keywords: access monitoring ransomware rmm software
Find related items on AmazonPublished on: 2025-07-20 08:06:32
The LockBit ransomware gang has suffered a data breach after its dark web affiliate panels were defaced and replaced with a message linking to a MySQL database dump. All of the ransomware gang's admin panels now state. "Don't do crime CRIME IS BAD xoxo from Prague," with a link to download a "paneldb_dump.zip." LockBit dark web site defaced with link to database As first spotted by the threat actor, Rey, this archive contains a SQL file dumped from the site affiliate panel's MySQL database.
Keywords: contains database keys ransomware table
Find related items on AmazonPublished on: 2025-07-23 15:44:00
In brief: There has been a spate of kidnappings taking place across France and Western Europe in which victims are cryptocurrency investors. The most recent incident involved the owner of a crypto marketing firm having his finger cut off by attackers. Police say the man could have been mutilated further had he not been rescued. The unidentified 60-year-old man was abducted in broad daylight at 10.30am on Thursday morning while walking down Paris' 14th arrondissement, writes The Guardian. Four m
Keywords: balland crypto cryptocurrency man ransom
Find related items on AmazonPublished on: 2025-07-27 00:30:00
Researchers unveiled a cluster of vulnerabilities in Apple’s wireless media streaming platform AirPlay this week that leave millions of third-party devices like speakers and TVs vulnerable to takeover if an attacker is on the same Wi-Fi network as the victim gadget. These “AirBorne” vulnerabilities have all been patched—including some that potentially impacted Apple’s Mac computers—but, in practice, third-party devices may not all get fixes, and even if they do, patch adoption could be low. Rec
Keywords: end marks ransomware reported spencer
Find related items on AmazonPublished on: 2025-07-29 13:44:03
A Ukrainian national has been extradited from Spain to the United States to face charges over allegedly conducting Nefilim ransomware attacks against companies. The suspect, Artem Aleksandrovych Stryzhak, 35, was arrested in Spain in June 2024 and extradited to the U.S. on April 30, 2025. According to the U.S. Department of Justice, Stryzhak allegedly participated in ransomware attacks that targeted high-revenue companies, primarily in the United States, Norway, France, Switzerland, Germany, a
Keywords: attacks data nefilim ransomware stryzhak
Find related items on AmazonPublished on: 2025-08-06 04:39:09
Hitachi Vantara, a subsidiary of Japanese multinational conglomerate Hitachi, was forced to take servers offline over the weekend to contain an Akira ransomware attack. The company provides data storage, infrastructure systems, cloud management, and ransomware recovery services to government entities and some of the world's biggest brands, including BMW, Telefónica, T-Mobile, and China Telecom. In a statement shared with BleepingComputer, Hitachi Vantara confirmed the ransomware attack, saying
Keywords: bleepingcomputer hitachi ransomware systems vantara
Find related items on AmazonPublished on: 2025-08-06 07:23:56
The ransomware scene is re-organizing, with one gang known as DragonForce working to gather other operations under a cartel-like structure. DragonForce is now incentivizing ransomware actors with a distributed affiliate branding model, providing other ransomware-as-a-service (RaaS) operations a means to carry out their business without dealing with infrastructure maintenance cost and effort. A group's representative told BleepingComputer that they’re purely financially motivated but also follo
Keywords: affiliates dragonforce model ransomware threat
Find related items on AmazonPublished on: 2025-08-09 00:06:23
Baltimore City Public Schools notified tens of thousands of employees and students of a data breach following an incident in February when unknown attackers hacked into its network. Established in 1829, the public school district provides primary and secondary education to 76,841 enrolled students through 164 schools and programs. "On February 13, 2025, Baltimore City Public Schools experienced a cybersecurity incident affecting certain IT systems within our network. We promptly notified law
Keywords: baltimore breach city ransomware schools
Find related items on AmazonPublished on: 2025-08-19 20:44:40
The Interlock ransomware gang now uses ClickFix attacks that impersonate IT tools to breach corporate networks and deploy file-encrypting malware on devices. ClickFix is a social engineering tactic where victims are tricked into executing dangerous PowerShell commands on their systems to supposedly fix an error or verify themselves, resulting in the installation of malware. Though this isn't the first time ClickFix has been linked to ransomware infections, confirmation about Interlock shows an
Keywords: clickfix interlock malicious ransomware sekoia
Find related items on AmazonPublished on: 2025-08-22 16:49:09
Food retail giant Ahold Delhaize confirms that data was stolen from its U.S. business systems during a November 2024 cyberattack. "Based on our investigation to date, certain files were taken from some of our internal U.S. business systems," a spokesperson confirmed to BleepingComputer. "Since the incident was detected, our teams have been working diligently to determine what information may have been affected." Ahold Delhaize is a multinational retail and wholesale company that operates near
Keywords: ahold confirmed data delhaize ransom
Find related items on AmazonGo K’awiil is a project by nerdhub.co that curates technology news from a variety of trusted sources. We built this site because, although news aggregation is incredibly useful, many platforms are cluttered with intrusive ads and heavy JavaScript that can make mobile browsing a hassle. By hand-selecting our favorite tech news outlets, we’ve created a cleaner, more mobile-friendly experience.
Your privacy is important to us. Go K’awiil does not use analytics tools such as Facebook Pixel or Google Analytics. The only tracking occurs through affiliate links to amazon.com, which are tagged with our Amazon affiliate code, helping us earn a small commission.
We are not currently offering ad space. However, if you’re interested in advertising with us, please get in touch at [email protected] and we’ll be happy to review your submission.