Arctic Wolf says Anubis ransomware affiliates are exploiting Citrix Bleed 2 (CVE-2025-5777) and abusing legitimate RMM tools to breach networks, then deploying an irreversible data wiper.
Ransomnews Research Team
A US government entity paid Kairos about $1 million to keep stolen files offline, a Ransom-ISAC case study shows. Kairos never encrypted a machine, it just threatened to publish.
Confirmed ransomware attack statistics, updated monthly: attacks per year, month, country, industry and group, from a human-verified dataset going back to 2018.
Inside XSS.is, the Russian cybercrime forum seized in 2025. A data-led profile from 123,241 leaked messages: what it traded, who ran it, its place in the ransomware kill chain, and a searchable country IoC table.
ESXi ransomware encrypts every VM on a hypervisor at once. Here is why VMware ESXi became ransomware’s highest-value target in 2026, and how to defend it.
Inside the FortiBleed operation: 1.16 billion FortiGate brute-force attempts, a 45-GPU cracking cluster, and the full attack chain, mapped step by step.
We cross-checked 73,932 exposed FortiGate firewalls against stealer-log and ransomware-leak data. The overlap is a measurable early warning for breaches.
FortiBleed exposed cracked admin passwords for around 75,000 Fortinet firewalls across 194 countries, roughly half the internet-facing fleet. There is no new zero-day. It is config exports, weak hashing, and recycled credentials, packaged as a sales catalog.
FulcrumSec says it stole 1.3 TB from Novo Nordisk, including internal AI models and clinical-trial data, and wants $25M. We pulled the leak-site listing and the stealer logs. The credentials were leaking for months.
The Gentlemen RaaS has listed 483 victims across 66 countries since 2025. A leaked chat log, live tracker data, and infostealer records show how the crew scaled.