Scattered Spider is now hijacking VMware ESXi hypervisors—not with malware, but fake help desk calls.

They impersonate admins, reset passwords, and deploy ransomware directly from the hypervisor.

Google says it's fast, stealthy, and crippling. #RansomwareAttacks #ScatteredSpider https://thehackernews.com/2025/07/scattered-spider-hijacks-vmware-esxi-to.html

Japanese Police Release Free Decryption Tool for Phobos and 8Base Ransomware Victims https://thecyberexpress.com/free-decryption-tool-released/ #Japan’sNationalPoliceAgency #NationalPoliceAgency #TheCyberExpressNews #ransomwareattacks #8Baseransomware #TheCyberExpress #RansomwareNews #decryptiontool #FirewallDaily #Ransomware #CyberNews #Europol #Phobos #FBI

Ransomware gangs are exploiting unpatched SimpleHelp flaws to hit utility billing customers with double extortion attacks — since Jan 2025.

CISA warns: patch now or risk serious breaches.
#RansomwareAttacks #CyberSecurity
https://thehackernews.com/2025/06/ransomware-gangs-exploit-unpatched.html

“We never drop tools. We use yours.” — #BlackBasta ransomware.

A new Bitdefender analysis of 700,000 incidents reveals this chilling truth: 84% of major cyberattacks use Living Off the Land tools like netsh.exe, powershell.exe, wmic.exe.
#RansomwareAttacks
https://thehackernews.com/expert-insights/2025/05/living-off-land-what-we-learned-from.html

The #DragonForce ransomware operation successfully breached a managed service provider and used its SimpleHelp remote monitoring and management (RMM) platform to steal data and deploy encryptors on downstream customers' systems. #RansomwareAttacks #CyberSecurity
https://www.bleepingcomputer.com/news/security/dragonforce-ransomware-abuses-simplehelp-in-msp-supply-chain-attack/

One of the largest providers of social services globally, the Christian organization Salvation Army, has been allegedly hit by a ransomware attack.

#Christian #cybersecurity #hack #RansomwareAttacks https://cybernews.com/security/salvation-army-ransomware-attack/?utm_source=cn_twitter&utm_medium=social&utm_campaign=cybernews&utm_content=tweet&source=cn_twitter&medium=social&campaign=cybernews&content=tweet

Coca-Cola and its bottling partner CCEP, have been named in two separate cyberattack claims. #Everest alleges a ransomware hit, while #Gehenna says it breached CRM data.

https://hackread.com/coca-cola-bottling-partner-ransomware-data-breach/

International Operation Targets Qakbot Hacker, $24M in Crypto Seized https://thecyberexpress.com/doj-indicts-alleged-qakbot-malware/ #RustamRafailevichGallyamov #USJusticeDepartment #ransomwareattacks #CryptoCrackdown #maliciousemails #RansomwareNews #cryptocurrency #FirewallDaily #Qakbotmalware #BlackBasta #CyberNews #Gallyamov #Qakbot #REvil #FBI

Cyberattack-Hit M&S Says Food Availability Improving Every Day https://www.diningandcooking.com/2072858/cyberattack-hit-ms-says-food-availability-improving-every-day/ #BusinessInterruption(BI) #BusinessInterruptionInsurance #Cyber #CyberAttacks #CyberIncidents #food #MarksSpencer #RansomwareAttacks #UKCyberAttacks

A U.S. org was hit by Play ransomware using CVE-2025-29824 before it was patched. Attackers slipped in via a Cisco ASA, dropped fake Palo Alto files, stole AD data, and planted custom tools — but didn’t launch ransomware. #RansomwareAttacks #CyberDefence https://thehackernews.com/2025/05/play-ransomware-exploited-windows-cve.html

One more On Location recording from #RSAC2025 — and this one is all about standing strong against #ransomwareattacks!

New Brand Story from #RSAC 2025: When Ransomware Strikes — Will Your Backups Hold the Line?

At RSA Conference 2025, Sean Martin, CISSP sat down with Sterling Wilson, Field CTO at Object First, to talk about why #backupsecurity is becoming a critical front line in the fight against ransomware.

When ransomware attacks, your backups are either your last hope—or your biggest vulnerability.

Find out how Object First is helping organizations ensure their backup systems are truly ready to stand up under pressure.

Watch, listen, or read the full story here:
https://www.itspmagazine.com/their-stories/when-ransomware-strikes-will-your-backups-hold-the-line-a-brand-story-with-sterling-wilson-from-object-first-an-on-location-rsac-conference-2025-brand-story

Learn more about Object First’s work:
https://www.itspmagazine.com/directory/object-first

See all our RSAC 2025 coverage:
https://www.itspmagazine.com/rsac25

Discover more Brand Stories from innovative companies:
https://www.itspmagazine.com/brand-story

This is just one of the many incredible conversations we recorded On Location in San Francisco, as Sean Martin and Marco Ciappelli covered the event as official media partners for the 11th year in a row.
Stay tuned for more Brand Stories, Briefings, and candid conversations from RSAC 2025!

Looking ahead:
If your company would like to share your story with our audiences On Location, we're gearing up for #InfosecurityEurope in June and #BlackHatUSA in August!

RSAC 2025 sold out fast — we expect the same for these next events.

Reserve your full sponsorship or briefing now: https://www.itspmagazine.com/purchase-programs

Hashtags:
#cybersecurity #infosec #infosecurity #technology #tech #society #business #ransomwareprotection #databackup #immutablebackup #objectfirst

Kidney dialysis firm DaVita disclosed Monday it suffered a weekend ransomware attack that encrypted parts of its network and impacted some of its operations. #RansomwareAttacks #cybercrime https://www.bleepingcomputer.com/news/security/kidney-dialysis-firm-davita-hit-by-weekend-ransomware-attack/

#minnesota #databreach #Ransomwareattacks

Minnesota Tribe Struggles After Ransomware Attack

Hotel and casino operations for the Lower Sioux Indians have been canceled or postponed, and the local health center is redirecting those needing medical or dental care.

https://www.darkreading.com/cyberattacks-data-breaches/minnesota-tribe-operations-ransomware-attack

Malaysia Braces for Cyberattacks During Hari Raya: Cyber999 Issues Warning https://thecyberexpress.com/cyber-threats-in-malaysia-ahead-of-hari-raya/ #CyberSecurityMalaysia #cybersecuritythreats #HariRayaAidilfitri #malwareinfections #ransomwareattacks #FirewallDaily #phishingscams #CyberNews #Cyber999

A new multi-platform ransomware-as-a-service (RaaS) operation named VanHelsing has emerged, targeting Windows, Linux, BSD, ARM, and ESXi systems. #RansomwareAttacks #CyberAlerts https://www.bleepingcomputer.com/news/security/new-vanhelsing-ransomware-targets-windows-arm-esxi-systems/

A newly identified custom backdoor deployed in several recent ransomware attacks has been linked to at least one RansomHub ransomware-as-a-service (RaaS) operation affiliate. #CyberAlerts #Ransomware #RansomwareAttacks https://www.bleepingcomputer.com/news/security/ransomhub-ransomware-uses-new-betruger-multi-function-backdoor/

Security researcher Yohanes Nugroho has released a decryptor for the Linux variant of #Akira ransomware, which utilizes GPU power to retrieve the decryption key and unlock files for free. #RansomwareAttacks #Cybersecurity https://www.bleepingcomputer.com/news/security/gpu-powered-akira-ransomware-decryptor-released-on-github/

#CISA says the Medusa ransomware operation has impacted over 300 organizations in critical infrastructure sectors in the United States until last month. #CyberSecurity #RansomwareAttacks https://www.bleepingcomputer.com/news/security/cisa-medusa-ransomware-hit-over-300-critical-infrastructure-orgs/

Ransomware Attacks Set Records in February: Cyble https://thecyberexpress.com/record-ransomware-attacks/ #TheCyberExpressNews #ransomwareattacks #AkiraRansomware #ContiRansomware #TheCyberExpress #RansomwareNews #cl0pransomware #PlayRansomware #FirewallDaily #Fogransomware #Ransomware #CyberNews #RansomHub #LockBit