Ransomware remains above 1,400 attacks yearly since 2023. Qilin leads in 2026, while the U.S. remains the main target. Ransomnews has independently confirmed 9,291 ransomware attacks worldwide between January 2018 and July 2026, tracking incidents only when verified through victim disclosures, regulatory filings, official statements, or credible press reporting. Leak-site listings alone don’t qualify, operators […]
Researchers uncovered 222 GitHub repositories spreading malware through fake Go packages, delivering loaders, stealers, RATs, and cryptominers. Socket’s security research team started with the investigation of a single malicious Go module: github[.]com/kaleidora/dnsub-scanning-tool, which presented itself as a DNS and subdomain scanning utility. Pulling on that thread exposed something significantly larger: a network of 222 confirmed […]
A former ransomware negotiator was sentenced to nearly six years for secretly helping BlackCat extort victims while betraying his clients. A U.S. court sentenced former ransomware negotiator Angelo Martino, 41, to 70 months in prison for conspiring with the BlackCat ransomware gang. While negotiating on behalf of five victims, he secretly shared confidential information about […]
Microsoft uncovered GigaWiper, a modular Go backdoor combining three malware families with espionage, remote control, and destructive wiping features. In October 2025, Microsoft’s threat intelligence team identified destructive wiping activity inside compromised environments and traced it to a previously unknown piece of malware they’re now calling GigaWiper. The malicious code is written in Go, it […]
INTERPOL’s Operation First Light 2026 led to 5,811 arrests, blocked $293M in criminal assets, and disrupted global fraud and money laundering networks. INTERPOL coordinated a four-month operation across 97 countries and territories that ended with 5,811 arrests and the interception of USD 293 million in illicit assets. Operation First Light 2026 ran from January 15 […]
GodDamn ransomware uses the signed PoisonX driver to disable security tools, marking a more advanced version of the Beast ransomware family. Symantec’s Threat Hunter Team found a new ransomware family called GodDamn that first appeared in the wild on May 21, 2026, and analyzed an attack that took place in early June. The group behind […]
AssuranceAmerica confirmed a breach exposing nearly 7 million driver’s licenses after hackers compromised an employee account and stole customer data. U.S. auto insurer AssuranceAmerica has confirmed a data breach affecting nearly 7 million people, making it the largest known theft of Americans’ driver’s license information in 2026. “In a data breach notice sent to customers […]
Microsoft fixed RoguePlanet (CVE-2026-50656), a Defender flaw allowing local attackers to gain higher privileges through the Malware Protection Engine. Microsoft released security updates for RoguePlanet, a vulnerability tracked as CVE-2026-50656 (CVSS score of 7.8) affecting the Malware Protection Engine used by Defender. The Microsoft Malware Protection Engine (mpengine.dll) powers Defender’s malware scanning, detection, and removal […]
Fake apps like WireVPN and a trojanized 7-Zip turn victims’ devices into residential proxies, letting criminals route traffic through their IPs. Infoblox’s threat research team started pulling on a single thread in early 2026: a fake version of the 7-Zip archive utility hosted at 7zip[.]com instead of the real site, 7-zip[.]org. The researchers uncovered a […]
Ubiquiti patched seven UniFi OS flaws, including critical CVE-2026-50746, which allows command injection in UniFi Connect Application. Ubiquiti released security updates for seven critical UniFi OS vulnerabilities, including a maximum-severity flaw, tracked as CVE-2026-50746 (CVSS score of 10.0), enabling command injection attacks. The issue affects UniFi Connect Application versions 3.4.16 and earlier, a platform used […]