Medical data is the leading commodity for cybercriminals because it remains permanently valuable and is monetized across specialized marketplaces through a division of labor.
The critical vulnerability CVE-2026-50571 with CVSS 9.3 allows attackers to establish VPN sessions without valid passwords and has been actively exploited against organizations worldwide since May.
Unauthenticated attackers can gain VPN access without a password through a certificate verification flaw in IKEv1 configuration and are being exploited by ransomware groups.
AI agents coordinate continuous development of EDR evasion techniques in ransomware toolkits, enabling attackers to automatically adapt their tools to security solutions.
Organizations must transform cybersecurity from an annual compliance exercise into continuous operational training with realistic scenarios to stand against attackers who innovate daily.
Kaspersky data shows a doubling of ransomware incidents on Austrian ICS systems in Q4 2025, primarily distributed via phishing emails with malicious documents.
Ransomware attack costs Marks & Spencer £131.3 million directly and reduces profit by £210 million, prompting the remuneration committee to strip the CEO’s annual bonus.