Ransomware & Extortion
GodDamn Ransomware PoisonX Driver Kills EDR
The GodDamn ransomware PoisonX driver is a Microsoft-signed kernel tool that ransomware operators use to silently kill EDR and antivirus processes before deploying encryption — and because the driver carries a legitimate Microsoft signature, standard driver-trust checks wave it straight through. What Happened Symantec disclosed on July 9, 2026 that a ransomware family called GodDamn…
Read MoreDragonForce Ransomware Hides C2 Traffic Inside Microsoft Teams Relay Servers
Ransomware operators found a backdoor into your network. It looks exactly like a Teams meeting. Symantec and Carbon Black disclosed that DragonForce ransomware affiliates deployed Backdoor.Turn — a Go-based implant that tunnels its command-and-control traffic through Microsoft Teams TURN relay servers. The malware obtains an anonymous Teams visitor token, uses a legitimate Microsoft relay for…
Read MoreYour Check Point VPN has a zero-day. Qilin ransomware is already using it.
Your Check Point VPN has a zero-day. Qilin ransomware is already using it. The vulnerability requires no stolen credentials, no phishing, no user interaction. It requires only that your VPN still supports a protocol from 2005. CVE-2026-50751, disclosed on June 8, is an authentication bypass in Check Point Remote Access VPN and Mobile Access. The…
Read MoreYour password manager just had encrypted vaults stolen. That’s not a near-miss.
Your password manager just had encrypted vaults stolen. That’s not a near-miss. Dashlane disclosed this week that attackers successfully downloaded encrypted password vaults belonging to fewer than 20 users via a brute-force attack. Dashlane notes the vaults remain encrypted and there’s no evidence of successful decryption. Most organizations reading this will breathe a sigh of…
Read MoreA ransomware group grew from 35 victims to 182 in a single quarter. They did it by offering affiliates 90% of every ransom paid.
A ransomware group grew from 35 victims to 182 in a single quarter. They did it by offering affiliates 90% of every ransom paid. That’s not a cyber story. That’s a business model. The Gentlemen launched in August 2025. By Q1 2026 they were the second most active ransomware group globally, claiming 300+ victims publicly…
Read More
