Ragnarok shuts down and releases the decrypter
Ragnarok ransomware operation closure with public master decrypter release: scope of recovery for past victims and operator transition signals.
Blog · research & analysis
Latest analysis
Read the analysis
Phishing campaign abusing open-redirect links
Widespread phishing campaign weaponising open-redirect parameters on legitimate domains to bypass URL reputation filters and reach corporate inboxes.
Atera software abused as a backdoor during Cyber-Attack
Threat actors weaponising Atera RMM agent for unauthorised remote access: living-off-the-land patterns, telemetry signals and post-compromise operator behaviour.
Privilege Escalation via Mouse installation
Local privilege escalation primitive abusing Windows mouse-driver installation flow: exploitation pre-conditions and mitigation considerations.
Marketo and Virginia Defense Force: classified data published
Marketo extortion site publishes data attributed to the Virginia Defense Force: data scope, attribution claims and downstream risk for affected entities.
Advanced Persistent Adware: IsErik
IsErik adware family with APT-style persistence: registry tampering, browser hijack persistence, removal complexity and detection considerations.
New attack against Microsoft Exchange servers
Fresh wave of attacks against Microsoft Exchange Server: new exploitation patterns, web shell families observed and mitigation guidance for exposed environments.
Inside a Ransomware Gang
Operational anatomy of a ransomware gang: roles, affiliate program structure, financial distribution and OPSEC practices observed inside leaked communications.
Black Markets: how they are organised and what data they hold
Underground marketplaces structure: vendor reputation, escrow models, product taxonomy (credentials, accesses, malware kits, leaked data) and policing dynamics.
