Close Menu
  • Home
  • News
  • Security
  • Privacy
  • Cybercrime
    • Threat Groups
    • Ransomware
    • Explainers
    • Stealer Logs
  • AI
  • OSINT
  • Tools
    • Ransomtracker
    • Stealercheck
    • FortiBleed Checker
  • About Us
Facebook X (Twitter) Instagram Threads
Ransomnews
  • Home
  • News
  • Security
  • Privacy
  • Cybercrime
    • Threat Groups
    • Ransomware
    • Explainers
    • Stealer Logs
  • AI
  • OSINT
  • Tools
    • Ransomtracker
    • Stealercheck
    • FortiBleed Checker
  • About Us
Facebook X (Twitter) LinkedIn
Ransomnews

How session-cookie theft replaced password theft in 2026

Jesse William McGrawMay 3, 20260

Stealing your password used to be the goal. In 2026 it’s the consolation prize — modern infostealers go for session cookies, which let attackers impersonate authenticated users without needing to defeat MFA. Here’s how the model works.

Lumma vs RedLine vs Vidar in 2026: market share by infections

Ransomnews Research TeamMay 3, 20260

A 2026 comparative profile of the three dominant infostealer families — capabilities, distribution channels, market share by observed infections, and where each is heading after the 2024 takedown actions.

The new mid-tier RaaS contenders: Qilin, Medusa, Embargo

Ransomnews Research TeamMay 3, 20260

Three mid-tier ransomware operators have built sustained victim claim counts in 2025-2026. Profiles of Qilin, Medusa, and Embargo — what’s distinctive about each, and what the rise of the mid-tier means for defenders.

Lapsus$ revival rumors in 2026: what we know and what we don’t

Ransomnews Research TeamMay 3, 20260

Persistent rumors point to a Lapsus$ revival operating under new branding in 2026. Sorting the credible signal from the Telegram noise, and what defenders should make of it.

Akira’s pivot to extortion-only: a 2026 group profile

Ransomnews Research TeamMay 3, 20260

Akira began as a classic encrypt-and-extort operation but has been quietly drifting toward data-theft-only attacks across 2025-2026. A profile of where they came from, where they are now, and why the model is working.

Stealer log forensics: tracing infections back to the user

Jesse William McGrawMay 3, 20260

A practitioner’s forensic playbook for working backwards from a stealer log to the originating infection — what the log file structure tells you, where the malware sits, and how to clean it up properly.

RansomHub explained: the post-LockBit consolidator

Ransomnews Research TeamMay 3, 20260

RansomHub became the largest active RaaS by claim count in 2025 by absorbing experienced affiliates from the LockBit and ALPHV exits. A 2026 profile of the operator, their tooling, and their structural position.

Scattered Spider in 2026: still the SIM-swap kings

Ransomnews Research TeamMay 3, 20260

Scattered Spider — UNC3944, Octo Tempest — survived the 2024 arrests and remains one of the most operationally aggressive English-speaking threat groups. Their 2026 playbook, capabilities, and how they keep getting in.

Why double extortion isn’t enough anymore: the rise of triple and quadruple extortion

Ransomnews Research TeamMay 2, 20260

Encrypt the data, leak the data — that’s not enough leverage anymore. A 2026 look at how operators stack additional extortion vectors when the basic playbook stops getting paid.

Ransomware Q1 2026 leaderboard: who’s claiming the most victims

Ransomnews Research TeamMay 2, 20260

A 2026 Q1 ransomware leaderboard built from leak-site claims, with the structural changes shaping the operator pool — RansomHub at the top, a long mid-tier, and the takedown ripples still propagating through the ecosystem.

Previous 1 … 5 6 7 8 9 … 17 Next
Facebook X (Twitter) LinkedIn
© 2026 Ransomnews.com

Type above and press Enter to search. Press Esc to cancel.

Cookies on Ransomnews

We use strictly-necessary cookies to run the site and may use first-party analytics to understand which articles are read. Some pages contain affiliate links — when you click one, the affiliate network sets cookies on the merchant's domain to attribute the referral. See the Cookie Policy and Affiliate Disclosure for detail.

RANSOMNEWS.COM

Tracking the criminal infrastructure of the internet.

Independent coverage of ransomware, breach economics, threat actors, privacy, AI security, and the open-source investigation toolkit.

// Topics

  • News
  • Security
  • Privacy
  • Cybercrime
  • AI
  • OSINT
  • Threat Groups
  • Stealer Logs
  • Ransomtracker
  • Stealercheck
  • FortiBleed Checker

// Site

  • About Us
  • Editorial Team
  • Contact
  • Tip Line
  • Editorial

// Legal

  • Privacy Policy
  • Terms of Service
  • Cookie Policy
  • Funding & Independence
  • RSS Feed
© 2026 Ransomnews.com · Tracking the criminal infrastructure of the internet.