Latest news

The Gentlemen Ransomware: Custom EDR/AV Killers Fuel Rapid Global Expansion
Ransomware

The Gentlemen Ransomware: Custom EDR/AV Killers Fuel Rapid Global Expansion

8 July 2026 dark6

The Gentlemen ransomware group, tracked by Microsoft as Storm-2697, has claimed over 500 victims in 70+ countries using a custom...
SEO-Poisoned Bing Search Delivers BumbleBee Loader and Akira Ransomware to Enterprise Network
Ransomware

SEO-Poisoned Bing Search Delivers BumbleBee Loader and Akira Ransomware to Enterprise Network

1 July 2026 dark6

An IT administrator searching Bing for ManageEngine OpManager was redirected to a trojanized installer, triggering a 44-hour intrusion that ended...
Bajaj Auto Confirms Ransomware Attack — Both Parent Company and Tech Subsidiary Affected
Ransomware

Bajaj Auto Confirms Ransomware Attack — Both Parent Company and Tech Subsidiary Affected

24 June 2026 dark6

Bajaj Auto disclosed a ransomware attack on June 23, 2026, affecting systems at the company and its subsidiary BATL. The...
Prinz Eugen Ransomware Uses RemotePC RMM and PowerShell Stagers to Evade Detection
Ransomware

Prinz Eugen Ransomware Uses RemotePC RMM and PowerShell Stagers to Evade Detection

23 June 2026 dark6

A new ransomware group is deploying the Go-based Prinz Eugen ransomware by abusing legitimate remote management software (RemotePC) and PowerShell...
GentleKiller: Inside the Ransomware Framework Disabling 400+ EDR Security Products
Ransomware

GentleKiller: Inside the Ransomware Framework Disabling 400+ EDR Security Products

22 June 2026 dark6

ESET researchers have exposed GentleKiller, the in-house EDR-killing framework of the Gentlemen ransomware gang, capable of disabling over 400 security...
CISA Adds Oracle PeopleSoft Zero-Day CVE-2026-35273 to KEV Catalog After Ransomware Gang Exploitation
Ransomware

CISA Adds Oracle PeopleSoft Zero-Day CVE-2026-35273 to KEV Catalog After Ransomware Gang Exploitation

18 June 2026 dark6

CISA has added a critical Oracle PeopleSoft vulnerability (CVE-2026-35273) to its Known Exploited Vulnerabilities catalog after confirming active exploitation in...
DragonForce Ransomware Abuses Microsoft Teams TURN Relay to Hide Malicious C2 Traffic
Ransomware

DragonForce Ransomware Abuses Microsoft Teams TURN Relay to Hide Malicious C2 Traffic

17 June 2026 dark6

Symantec researchers have discovered that DragonForce ransomware actors used a novel Go-based backdoor called Backdoor.TURN to route C2 communications through...
CVE-2026-50751: Check Point VPN 0-Day Actively Exploited to Deploy Qilin Ransomware
Ransomware

CVE-2026-50751: Check Point VPN 0-Day Actively Exploited to Deploy Qilin Ransomware

9 June 2026 dark6

A critical CVSS 9.3 authentication bypass in Check Point Remote Access VPN (CVE-2026-50751) is being actively exploited in the wild,...
The Gentlemen Ransomware Group: Fortinet Exploits, AI Operations, and Custom C2 Make Them 2026’s Most Dangerous Crew
Ransomware

The Gentlemen Ransomware Group: Fortinet Exploits, AI Operations, and Custom C2 Make Them 2026’s Most Dangerous Crew

5 June 2026 dark6

Russian-speaking ransomware group The Gentlemen ranks second in 2026 activity, exploiting Fortinet vulnerabilities, deploying the custom G-BOT C2 framework, using...
‘The Gentlemen’ Ransomware: Self-Propagating Go Encryptor Uses SYSTEM Scheduled Tasks to Lock Entire Networks
Ransomware

‘The Gentlemen’ Ransomware: Self-Propagating Go Encryptor Uses SYSTEM Scheduled Tasks to Lock Entire Networks

30 May 2026 dark6

A new Go-based ransomware called The Gentlemen (tracked as Storm-2697 by Microsoft) spreads automatically across networks using eight simultaneous propagation...
NightSpire Ransomware Exploits RDP and Remote Admin Tools to Hit 64 Organizations in 33 Countries
Ransomware

NightSpire Ransomware Exploits RDP and Remote Admin Tools to Hit 64 Organizations in 33 Countries

28 May 2026 dark6

NightSpire ransomware has hit at least 64 organizations across 33 countries by exploiting Remote Desktop Protocol access and installing legitimate...
Payload Ransomware Deploys ChaCha20 + Curve25519 ECDH to Lock Files — 50+ Victims Across Five Countries
Ransomware

Payload Ransomware Deploys ChaCha20 + Curve25519 ECDH to Lock Files — 50+ Victims Across Five Countries

26 May 2026 dark6

A new ransomware operation called Payload has emerged using military-grade ChaCha20 encryption paired with Curve25519 ECDH key exchange, making file...