Identities and cloud services have become more lucrative for attackers than infrastructure vulnerabilities; many companies fail to close this gap technologically due to lack of people, processes, and clear accountability.
Two independent attack groups exploited the same unpatched SharePoint server simultaneously within the same victim network, causing their traces to overlap and complicating the investigation.
The Gentlemen has developed GentleKiller, an EDR killer framework that provides less experienced affiliate partners with ready-to-use tools for bypassing enterprise security systems.
Gentlemen gang uses at least eight variants of GentleKiller to disable EDR protection from 48 different security vendors before executing ransomware attacks.
Ransomware group DragonForce disguises its command-and-control traffic via Microsoft Teams’ TURN protocol and exploits multiple CVEs and kernel exploits to bypass security software.
One in six breaches involves third parties, and even rapid patches fail to prevent most incidents—therefore incident exercises must prioritize operational resilience and third-party scenarios.
Ransomware incidents reached a yearly peak in May 2026 with 698 registered cases, as attackers shift from classical attack methods to more profitable extortion campaigns.
Backup systems with failed restoration tests and MFA bypasses via fatigue-push flooding or adversary-in-the-middle attacks are critical failure points in practice.