Ransomware gangs are exploiting the BlueHammer vulnerability in Microsoft Defender for privilege escalation, putting Windows systems at widespread risk.
Cyberattacks on midmarket companies unfold in five phases and often reach administrator privileges within 48 hours, with data exfiltration following by day five—early detection is critical to preventing escalation.
The parallel activity of two independent ransomware groups on the same SharePoint servers demonstrates that attackers are increasingly conducting overlapping campaigns, requiring centralized visibility across all layers.
Summer holiday absences lead to 69 percent email fraud between June and August, but ransomware remains undetected an average of nine days longer, with damages becoming visible only in autumn.
Following a period of lower activity, ransomware groups are increasingly concentrating on European organizations and their suppliers as primary attack targets.
A malicious Edge extension exploits the native messaging protocol to bypass browser sandbox and establish full remote access backdoor at operating system level.
Ransomware attacks are surging massively and hitting Germany particularly hard; the SafePay group is responsible for approximately one quarter of them.
The Mistic backdoor is being deployed by ransomware access broker KongTuke in targeted attacks against insurance companies, educational institutions, and IT firms.
Germany is Europe’s ransomware hotspot with nearly double the growth rate of France; its infrastructure and inadequate security awareness make it particularly attractive to criminals based in Russia.