GodDamn Ransomware PoisonX Driver Kills EDR

GodDamn ransomware PoisonX driver

The GodDamn ransomware PoisonX driver is a Microsoft-signed kernel tool that ransomware operators use to silently kill EDR and antivirus processes before deploying encryption — and because the driver carries a legitimate Microsoft signature, standard driver-trust checks wave it straight through. What Happened Symantec disclosed on July 9, 2026 that a ransomware family called GodDamn…

Read More

DragonForce Ransomware Hides C2 Traffic Inside Microsoft Teams Relay Servers

Ransomware operators found a backdoor into your network. It looks exactly like a Teams meeting. Symantec and Carbon Black disclosed that DragonForce ransomware affiliates deployed Backdoor.Turn — a Go-based implant that tunnels its command-and-control traffic through Microsoft Teams TURN relay servers. The malware obtains an anonymous Teams visitor token, uses a legitimate Microsoft relay for…

Read More

Your password manager just had encrypted vaults stolen. That’s not a near-miss.

Your password manager just had encrypted vaults stolen. That’s not a near-miss. Dashlane disclosed this week that attackers successfully downloaded encrypted password vaults belonging to fewer than 20 users via a brute-force attack. Dashlane notes the vaults remain encrypted and there’s no evidence of successful decryption. Most organizations reading this will breathe a sigh of…

Read More

A ransomware group grew from 35 victims to 182 in a single quarter. They did it by offering affiliates 90% of every ransom paid.

A ransomware group grew from 35 victims to 182 in a single quarter. They did it by offering affiliates 90% of every ransom paid. That’s not a cyber story. That’s a business model. The Gentlemen launched in August 2025. By Q1 2026 they were the second most active ransomware group globally, claiming 300+ victims publicly…

Read More