Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In late July 2025, Arctic Wolf observed an increase in ransomware activity targeting SonicWall firewall devices for initial access. In the intrusions reviewed, multiple pre-ransomware intrusions were observed within a short period of time, each involving VPN access through SonicWall SSL VPNs. While credential access through brute force, dictionary attacks, and credential stuffing have not yet been definitively ruled out in all cases, available evidence points to the existence of a zero-day vulnerability.

AI is powering a new wave of ransomware. Learn how Avast stopped FunkSec's attack and how you can protect your files from evolving cyber threats. Ransomware has long been one of the most feared cyber threats on the internet, and for good reason. It’s fast, disruptive, and increasingly effective at locking up your most important files and demanding payment in exchange for their return. It’s not just businesses that get hit, either.

Most Microsoft 365 users aren’t aware of this recently growing serious email threat vector. I have been teaching about the risks of Microsoft email rules, forms and connectors on email clients and servers for decades. Both can be created by an attacker learning your email address and logon credentials (e.g., password or MFA codes).

Ransomware activity continues to increase, and Bitsight data illustrates the scale of this growth. In our State of the Underground 2025 report, Bitsight TRACE observed a nearly 25% rise in unique ransomware victims publicly listed on leak sites. Additionally, the number of leak sites operated by ransomware groups grew by 53%.

Katz Stealer seeks credentials and crypto assets, Lumma Stealer returns after a disruption, NailaoLocker ransomware targets Windows.

AURA Stealer is a newly emerging information-stealing malware that presents itself as a streamlined alternative to more established stealer families such as LummaC2. Marketed as a carefully engineered solution, AURA is positioned by its developers as purpose-built for efficiency and results—eschewing unnecessary complexity in favor of a focused and modular design.

As companies invest in cybersecurity to avoid fines and ransomware payouts, criminals are doing the opposite by turning ransomware into a full-blown business. With ransomware as a service (RaaS), cybercriminals are building revenue streams by selling ransomware kits online. This model doesn’t require technical skills or deep knowledge of hacking.