The RansomHub ransomware group has emerged as a significant player in the ransomware landscape, making bold claims and substantiating them with data leaks. The group emerged after the Federal Bureau of Investigation (FBI) disrupted ALPHV’s ransomware operation on December 19, 2023. There are assumptions that RansomHub is a “spiritual successor” of the ALPHV group and operates with the help of former ALPHV affiliates.

As one of the world’s largest and most advanced economic regions, the European region consists of 37 countries including the 27 European Union (EU) countries. With some of the most important economies in the world, Europe remains a prime target for cyber adversaries and state actors. The retail industry faces a constantly evolving array of threats among its major sectors.

DeepSeek is a Hangzhou-based startup founded in December 2023 by Liang Wenfeng. It released its first AI-based large language model in 2024. The company recently received widespread attention after releasing a new open-source AI model that rivals OpenAI’s work. The app shot to the top of the app stores’ downloads list and has sparked much interest.

A lot has happened since the emergence of social networking began in the early 2000s. Since then, many people have relied on social media platforms to stay connected with friends, family, community, and more. With this popularity, cyber criminals also took advantage of this trend.

On January 15th, the FSOCIETY ransomware group published on their official DLS (data leak site) that they have begun a partnership with the rising Funksec group. The FunkSec ransomware group first emerged publicly in late 2024 and rapidly gained prominence by publishing over 85 claimed victims—more than any other ransomware group in the month of December.

In 2024, the ransomware landscape recorded 5,414 published attacks on organizations worldwide, representing an 11% increase compared to 2023. While the year began with a decline in ransomware activity during Q1, the frequency of attacks surged in Q2 and continued to rise through the remainder of the year. This culminated in a dramatic spike during Q4, which saw 1,827 incidents—33% of all ransomware attacks for the year—making it the most active quarter.

The Cyberint (now a Check Point Company) Philippine Threat Landscape 2024-2025 report unravels the evolving cyber threats and scam operations targeting organizations in the Philippines—mainly within the Government, Education, Financial, and Telecommunications sectors. Data from Cyberint sources indicates a surge in cyber threats such as malware, social engineering, and system exploitations.

Traditionally, approaches to Attack Surface Management (ASM) went something like this: A business scanned its own IT estate to discover assets and understand what its attack surface actually included. We can think of this as Phase I. Following the completion of an asset inventory, they assessed each of their assets to identify risks and vulnerabilities, such as open ports, certificate issues, DNS misconfigurations, and more.

Cl0p Ransomware, aka Cl0p, is a ransomware group that emerged in February 2019 and targeted most industries worldwide, including retail, transportation, education, manufacturing, automotive, energy, financial, telecommunications and even healthcare. The clop ransomware group is thought to be a successor of the CryptoMix ransomware group.

On October 14th, prior to the data leak on December 16th, a threat actor known as IntelBroker announced on BreachForums that he was offering a Cisco breach for sale. As is typical for his operations, he provided samples and credited another well-known collaborator, EnergyWeaponUser. The price for the breach was not specified and was to be negotiated privately, with payments accepted exclusively in XMR cryptocurrency.