Cisco FMC Zero-Day: 36 Días con Ransomware en tu Red
El grupo Interlock explotó CVE-2026-20131 (CVSS 10.0) en Cisco FMC 36 días antes del parche. Descubre si tu red está comprometida y cómo actuar ahora.
Tag archive
El grupo Interlock explotó CVE-2026-20131 (CVSS 10.0) en Cisco FMC 36 días antes del parche. Descubre si tu red está comprometida y cómo actuar ahora.
Un ataque ransomware a Marquis, proveedor fintech de cientos de bancos en Texas, robó SSNs y datos financieros de 672,075 personas. La brecha silenciosa que duró meses.
Un ataque ransomware paralizó todos los servicios de Foster City, California en marzo 2026. Qué pasó, por qué los gobiernos locales son el blanco favorito y cómo proteger tu organización.
The INC_RANSOM ransomware group has listed Golden Glasko Haddy and Associates, a Miami-based law firm, as a victim on its dark web leak site. The posting, which appeared on July 14, 2026, is part of a double-extortion campaign where the attackers claim to have stolen internal files and threaten to release them to pressure the firm into paying a ransom. The firm, which specializes in estate and probate law, has not yet commented on the attack or the potential exposure of sensitive client data.
The Chaos ransomware group has claimed an attack on Aphena Pharma Solutions, a U.S.-based pharmaceutical contract manufacturer. The group listed the company on its dark web leak site on July 14, 2026, alleging the theft of 142 GB of 'critical corporate data,' including sensitive financial documents. The attackers claim to have gained full access to the company's infrastructure, employing a double-extortion strategy by threatening to leak the stolen information.
According to the Sophos 'State of Ransomware 2026' report, compromised identities are now the primary root cause of ransomware attacks, accounting for 79% of incidents. For the first time in four years, malicious email and phishing have surpassed software vulnerability exploitation as the top initial access vector. The report, which surveyed over 2,100 victims, highlights a strategic shift by attackers towards identity-based tactics, even as the average total cost to recover from an attack climbs to $1.7 million.
Deutsche Bank has acknowledged a cybersecurity incident at a third-party service provider following claims from the 'Unsafe' ransomware group. The group posted data on its leak site allegedly stolen from the bank, including employee records. Deutsche Bank asserts that its own internal systems were not compromised and that the incident was contained to an external marketing vendor in Germany. The event highlights the significant supply chain risks facing large financial institutions.
A recovery playbook for schools and local government. Backups are not the plan. This is the sequence...
El grupo ransomware iraní Pay2Key vuelve después de 5 años con un modelo RaaS más agresivo, 80% de ganancias para atacantes y foco en EEUU e Israel. Todo lo que necesitas saber.
Microsoft took down Fox Tempest, a malware-signing-as-a-service that created 1,000+ fraudulent code-signing certificates for ransomware gangs like Qilin, Akira, and INC.
The U.S. Treasury Department has sanctioned First VPN Service (1VPNS), its Ukrainian administrator Dmytro Rashevskyi, and a Belarusian malware 'cryptor' seller, Yegeniy Silayev, for their roles in facilitating ransomware attacks. Announced on July 13, 2026, the sanctions target 1VPNS for providing anonymous infrastructure used by numerous ransomware groups to attack U.S. critical infrastructure, including hospitals and financial services. The action, coordinated with the UK and FBI, follows a May 2026 takedown of 1VPNS infrastructure and aims to disrupt the cybercriminal ecosystem by targeting its key service providers.
The Akira ransomware group has claimed responsibility for a cyberattack on Ironmark, a U.S.-based marketing and communications provider. On July 13, 2026, the group added Ironmark to its dark web leak site, threatening to release 190GB of stolen data. The compromised information allegedly includes sensitive employee PII such as passports, as well as corporate financial records, client contracts, and NDAs. This attack is consistent with Akira's typical double-extortion strategy of encrypting data while also exfiltrating it to pressure victims into paying a ransom.