Close Menu
  • Home
  • News
  • Security
  • Privacy
  • Cybercrime
    • Threat Groups
    • Ransomware
    • Explainers
    • Stealer Logs
  • AI
  • OSINT
  • Tools
    • Ransomtracker
    • Stealercheck
    • FortiBleed Checker
  • About Us
Facebook X (Twitter) Instagram Threads
Ransomnews
  • Home
  • News
  • Security
  • Privacy
  • Cybercrime
    • Threat Groups
    • Ransomware
    • Explainers
    • Stealer Logs
  • AI
  • OSINT
  • Tools
    • Ransomtracker
    • Stealercheck
    • FortiBleed Checker
  • About Us
Facebook X (Twitter) LinkedIn
Ransomnews

How to investigate a phishing kit: tutorial with urlscan.io, PhishTank, and Sublime Security

Jesse William McGrawMay 7, 20260

A practitioner’s tutorial for investigating a suspicious URL safely — fingerprinting the kit, attributing it to a campaign, and reporting it to takedown services. Real tools, step-by-step, no enterprise budget required.

Tracing crypto laundering: tutorial with Chainabuse, OXT, Walletexplorer, and Etherscan

Ransomnews Research TeamMay 7, 20260

A 2026 tutorial for following ransomware and fraud proceeds across the blockchain using free tools — Chainabuse for tagged wallets, OXT for BTC clusters, Walletexplorer for entity heuristics, and Etherscan for ETH/USDT.

How to set up a malware analysis sandbox at home: FlareVM, REMnux, and Cuckoo tutorial

Jesse William McGrawMay 7, 20260

A step-by-step tutorial for building a free malware analysis sandbox at home — Windows reverse-engineering with FlareVM, Linux analysis with REMnux, and automated detonation with Cuckoo.

How to verify a ransom payment on-chain: tutorial with Mempool, OXT, and Ransomwhe.re

Ransomnews Research TeamMay 7, 20260

A practitioner’s tutorial for verifying — or refuting — a claimed ransom payment on the Bitcoin blockchain using free tools. Useful for journalists, IR teams, and victims dealing with secondary-extortion claims.

How to build a threat actor profile from public sources: MITRE ATT&CK + Mandiant + Malpedia tutorial

Jesse William McGrawMay 7, 20260

A practitioner’s tutorial for assembling a working threat-actor profile from public sources — MITRE ATT&CK for TTPs, Mandiant and CrowdStrike for attribution context, Malpedia for malware lineage, plus a clean note-taking template.

Tracking ransomware affiliates across rebrands with VirusTotal, MalwareBazaar, and YARA

Ransomnews Research TeamMay 7, 20260

A 2026 tutorial for tracking individual ransomware affiliates across operator rebrands using VirusTotal Intelligence, abuse.ch’s MalwareBazaar, and YARA rules. Code reuse, builder fingerprints, and TTP continuity reveal the same crews under new names.

How to check if you’re in a stealer log: tutorial with Hudson Rock, IntelX, and Have I Been Pwned

Jesse William McGrawMay 7, 20260

A practitioner’s tutorial for checking whether your email, your domain, or your employees show up in fresh infostealer logs — using Hudson Rock’s free tools, IntelX, Have I Been Pwned, and a couple of paid options worth the spend.

Defending against infostealers: tutorial with Defender for Endpoint, CrowdStrike, and browser hardening

Ransomnews Research TeamMay 7, 20260

A 2026 tutorial on building a layered defence against infostealers — endpoint EDR settings that catch stealer behaviour, browser hardening that protects cookie stores, and the user-side training that closes the actual gap.

Browser fingerprint markets: how stolen identities get sold in 2026

Ransomnews Research TeamMay 3, 20260

Stolen credentials are only half the package. The other half is the browser fingerprint that lets an attacker impersonate the victim’s session believably. A 2026 look at how fingerprint markets work.

Inside a ‘cloud of logs’ Telegram subscription tier

Jesse William McGrawMay 3, 20260

A practitioner’s look inside the “cloud of logs” subscription model — what attackers pay, what they get, and the operational mechanics that turn raw infostealer output into a productised threat.

Previous 1 … 4 5 6 7 8 … 17 Next
Facebook X (Twitter) LinkedIn
© 2026 Ransomnews.com

Type above and press Enter to search. Press Esc to cancel.

Cookies on Ransomnews

We use strictly-necessary cookies to run the site and may use first-party analytics to understand which articles are read. Some pages contain affiliate links — when you click one, the affiliate network sets cookies on the merchant's domain to attribute the referral. See the Cookie Policy and Affiliate Disclosure for detail.

RANSOMNEWS.COM

Tracking the criminal infrastructure of the internet.

Independent coverage of ransomware, breach economics, threat actors, privacy, AI security, and the open-source investigation toolkit.

// Topics

  • News
  • Security
  • Privacy
  • Cybercrime
  • AI
  • OSINT
  • Threat Groups
  • Stealer Logs
  • Ransomtracker
  • Stealercheck
  • FortiBleed Checker

// Site

  • About Us
  • Editorial Team
  • Contact
  • Tip Line
  • Editorial

// Legal

  • Privacy Policy
  • Terms of Service
  • Cookie Policy
  • Funding & Independence
  • RSS Feed
© 2026 Ransomnews.com · Tracking the criminal infrastructure of the internet.