ransomNews

⚠️ Fake CleanMyMac download spreads Shub stealer malware

A counterfeit CleanMyMac site distributes the #Shub Stealer, which harvests browser credentials, Telegram data, and cryptocurrency wallets from macOS systems before exfiltrating them to attacker-controlled servers.

#ransomNews #macOS

*all data arise checked, verified and validated by human beings, no Molts.

We’ve always been on the hard-work side of the page and automations are not a replacement. Paid platforms not able to localize a claim, and free platforms unable to catch the latest claims.

The rest is #fuffa.

ransomNews • your go-to source for ransomware news, insights, and analysis, also home of RedACT monthly threat report ransomNews, your go-to source for ransomware news, insights, and analysis, also home of RedACT monthly threat report

This is verified data. Not estimates. Not noise.
And this is just the beginning, more features and insights are coming soon 👀

If you work in cybersecurity, risk management, or just want to understand the real threat landscape affecting businesses today, this is your bookmark.

#ransomNews

🇮🇹 Italy is not immune:
→ February alone recorded 26 confirmed incidents
→ Lombardia, Emilia-Romagna, Liguria leading the regional impact
→ over 3.600 GB of data already exfiltrated and published in early 2026

in the ransomware ecosystem:

🌍 Global snapshot (2026 so far*):
→ 1.504 ransomware victims worldwide
→ 62 active threat groups
→ 26 countries impacted
→ 13 new threat actors already emerged

ransomNews • your go-to source for ransomware news, insights, and analysis, also home of RedACT monthly threat report ransomNews, your go-to source for ransomware news, insights, and analysis, also home of RedACT monthly threat report

🚨 We just upgraded ransomNews - and the numbers speak for themselves!

Our website ransomnews.online got a serious update, and we're not just talking about a new coat of paint 😉

We've introduced threat landscape statistics, both globally and for Italy, giving you a quick pulse on what's happening

🚨 nuova rivendicazione #ransomware Italia 🚨

🏴‍☠️ gruppo #DragonForce
🧬 Tazzetti SPA | Volpiano (TO)
🎯 settore: trattamento e smaltimento rifiuti
🔗 tazzetti.com
🗓️ 10 marzo 2026

📄 sample: -
▪️ dati esfiltrati dichiarati: 14.94GB
▪️ dati esfiltrati pubblicati: -
⏲️ scadenza: 21 marzo 2026

#ransomNews

⚠️ Fake Signal security alerts steal accounts via phishing pages

Attackers sent fake #Signal security alert messages linking to credential-harvesting pages designed to capture account details and enable session hijacking of victims’ messaging accounts.

#Phishing #CyberSecurity

⚠️ Hospital forced offline after medical records system collapse

The #cyberattack disabled the hospital’s electronic medical records, forcing staff to switch to paper workflows while emergency admissions were reduced and patients redirected to nearby facilities.

#ransomNews #HealthcareCyber

⚠️ Commercial iPhone hacking kit traces back to US vendor

Security researchers link the #iPhone exploitation toolkit #Reign to US firm #QuaDream infrastructure, showing it leveraged zero-click iMessage exploits and was marketed to governments for covert device surveillance operations.

#iOS #Spyware

🚨 Custom tool turns Salesforce scanning into data theft

Attackers modified the open-source #AuraInspector tool to mass-scan public #Salesforce Experience Cloud sites and extract data directly via the `/s/sfsites/aura` API when guest user permissions are overly permissive.

#ransomNews

🚨 nuova rivendicazione #ransomware Italia 🚨

🏴‍☠️ gruppo #LockBit5
🧬 Commerfrutta Di Stancari | Cerlongo (MN)
🎯 settore: ingrosso alimentare
🔗 commerfrutta.com
🗓️ 09 marzo 2026

📄 sample: -
▪️ dati esfiltrati dichiarati: -
▪️ dati esfiltrati pubblicati: -
⏲️ scadenza: 25 marzo 2026

#ransomNews

🚨 nuova rivendicazione #ransomware Italia 🚨

🏴‍☠️ gruppo #LockBit5
🧬 FAC SRL | Augusta (SR)
🎯 settore: noleggio attrezzature pesanti
🔗 fac-srl.net
🗓️ 09 marzo 2026

📄 sample: -
▪️ dati esfiltrati dichiarati: -
▪️ dati esfiltrati pubblicati: -
⏲️ scadenza: 25 marzo 2026

#ransomNews #cybersecurity

🚨 nuova rivendicazione #ransomware Italia 🚨

🏴‍☠️ gruppo #LockBit5
🧬 S.I.A. Società Italiana Alimenti SPA | Offida (AP)
🎯 settore: alimentare
🔗 societaitalianaalimenti.it
🗓️ 07 marzo 2026

📄 sample: -
▪️ dati esfiltrati dichiarati: -
▪️ dati esfiltrati pubblicati: -
⏲️ scadenza: 21 marzo 2026

One click on this fake Google Meet update can give attackers control of your PC We found a fake Google Meet update that enrolls the victim's Windows PC in an attacker's device management system.

🔗 read the full report on #Malwarebytes: www.malwarebytes.com/blog/threat-...

#ransomNews #Malware #Phishing

⚠️ Surveillance spyware hides inside fake meeting update

A fake #Google Meet update installs #Teramind surveillance software; the same MSI payload (SHA-256: 644ef9f..) is reused across campaigns and runs in hidden-agent mode with two auto-restarting services for persistent monitoring.

White House Unveils President Trump’s Cyber Strategy for America The White House today released “President Trump’s Cyber Strategy for America,” outlining the Administration’s priorities for ensuring that America remains

🔗 read the official statement: www.whitehouse.gov/articles/202...

#ransomNews #CyberStrategy #NationalSecurity

🔎 Five-page cyber strategy signals major policy shift

The new US cyber strategy is just 5 pages -far shorter than prior plans- and pivots toward offensive cyber operations, deregulation for industry, and AI-driven defense while leaving implementation details largely undefined.

Partnering with Mozilla to improve Firefox’s security Anthropic is an AI safety and research company that's working to build reliable, interpretable, and steerable AI systems.

⚠️ AI-generated bug reports flood Firefox maintainers

#Claude Opus 4.6 scanned 6k C++ files and sent 112 bug reports in two weeks. 22 confirmed vulnerabilities (14 high severity), nearly 20% of all Firefox high-severity bugs fixed in 2025.

#AIsecurity #Firefox #Vulnerabilities

🚨 nuova rivendicazione #ransomware Italia 🚨

🏴‍☠️ gruppo #LockBit5
🧬 Barbero Pietro SPA | Torino
🎯 settore: imballaggi e forniture per ufficio
🔗 barberopietro.it
🗓️ 05 marzo 2026

📄 sample: -
▪️ dati esfiltrati dichiarati: -
▪️ dati esfiltrati pubblicati: -
⏲️ scadenza: 19 marzo 2026

#ransomNews

🚨 nuova rivendicazione #ransomware Italia 🚨

🏴‍☠️ gruppo #Tengu
🧬 Eos Technology SRL | Roma
🎯 settore: riparazione computer e periferiche
🔗 eostechnology.net
🗓️ 04 marzo 2026

📄 sample: sì
▪️ dati esfiltrati dichiarati: 20.78GB
▪️ dati esfiltrati pubblicati: -
⏲️ scadenza: 11 marzo 2026

#ransomNews

🚨 nuova rivendicazione #ransomware Italia 🚨

🏴‍☠️ gruppo #LockBit5
🧬 Paoli Dental Center | Mestre (VE)
🎯 settore: sanitario
🔗 paolidental.org
🗓️ 04 marzo 2026

📄 sample: -
▪️ dati esfiltrati dichiarati: -
▪️ dati esfiltrati pubblicati: -
⏲️ scadenza: 19 marzo 2026

#ransomNews #cybersecurity

⚠️ North Korean StegaBin campaign targets developers

Researchers uncovered a North Korean #StegaBin operation using steganographic malware hidden in images to target developers, blending social engineering and covert payload delivery to evade traditional detection.

#ransomNews #APT #Steganography

🚨 nuova rivendicazione #ransomware Italia 🚨

🏴‍☠️ gruppo #LockBit5
🧬 Formula50 | Anagni (FR)
🎯 settore: sviluppo IT
🔗 formula50.it
🗓️ 04 marzo 2026

📄 sample: -
▪️ dati esfiltrati dichiarati: -
▪️ dati esfiltrati pubblicati: -
⏲️ scadenza: 18 marzo 2026

#ransomNews #cybersecurity #cyberthreats

Hacktivists claim to have hacked Homeland Security to release ICE contract data | TechCrunch A hacking group called Department of Peace said they hacked a specific office within Homeland Security to protest ICE’s mass deportation campaign, and the companies aiding it.

🔎 Hacktivists claim DHS breach exposing ICE contracts

Hacktivists allege they accessed US Homeland Security systems to leak sensitive ICE contract data, raising concerns over federal network security and the potential exposure of vendor and operational information.

#ransomNews #DataBreach

However, some victim claims are unverified, indicating possible fabrications to inflate reputation.

#ransomNews #cybersecurity #newthreatactor

The group's activity pattern suggests it is still establishing its operational tempo.
#Security teams should prioritize behavior-based detection and assume zero-trust principles, as traditional IOCs may be insufficient against an AI-augmented and state-aligned adversary.

as this is an evolving pressure tactic

🤓 Analyst take (confidence: low)
While AiLock's re-emergence and ties to sophisticated state actors are concerning, its public embrace of AI may be as much a marketing ploy as a technical reality.

- enhance detection for AI-assisted behaviors, focusing on anomalous user interaction patterns and rapid, large-scale encryption
- track blockchain transactions involving Wasabi mixer and FixedFloat exchange, especially conversions to Monero
- scrutinize threats of regulatory reporting,

• exfiltration (T1567): exfiltration over web service
• financial Motivation (T1657): the primary objective is financial gain through extortion, with potential secondary strategic disruption

👉🏻 What to watch next (#SOCPlaybook cues)
- monitor their DLS for re-emergence and new victim postings