Researchers at Malwarebytes are tracking a major malvertising campaign that’s abusing Google Ads to target individuals and businesses interested in advertising. The threat actors are using compromised Google Ads accounts to run ads that impersonate Google, leading victims to a fake Google login page designed to steal their credentials.

FunkSec ransomware threatens victims globally, malvertising scam targets Google Ads users, and threat actors use fake software and installers to push malware.

The process of crafting new malware detection features is usually time-consuming and requires extensive domain knowledge outside the expertise of many machine learning practitioners. These factors make it especially difficult to keep up with a constantly evolving threat landscape. To mitigate these challenges, the CrowdStrike Data Science team explored the use of deep learning to automatically generate features for novel malware families.

We are excited to announce the integration of the CelesTLSH Malware Scanner into the LimaCharlie ecosystem. Developed by Magonia Research, CelesTLSH enhances your security operations by scanning files collected via the BinLib extension. It identifies known malware and threat actor tools through advanced fuzzy hashing techniques.

Medusa is a ransomware-as-a-service (RaaS) platform that first came to prominence in 2023. The ransomware impacts organisations running Windows, predominantly exploiting vulnerable and unpatched systems and hijacking accounts through initial access brokers.

As we step into 2025, the high-impact, financially motivated ransomware landscape continues to evolve, shaped by a combination of law enforcement actions, shifting affiliate dynamics, advancements in defensive approaches, and broader economic and geopolitical influences. While 2024 also saw the continued use of ransomware for non-financial gain purposes, such as drawing attention away from other activities – financial motives remained at the forefront of the overall ransomware landscape.

In the context of ongoing cyber risk assessment , ransomware is one of the most commercial and destructive forms of cybercrime. Amidst the ocean of crime groups within cyberspace, the Cl0p ransomware syndicate is one of the more refined and persistent threats. This group of cyber-thieves has made notorious headlines with aggressive forms of extortion and campaigns.

Akira ransomware is a destructive malware that has ravaged industries since its discovery in March 2023. The operations have mostly targeted businesses in North America, the UK, and Australia. Akira ransomware’s darkweb site Akira employs a double-extortion tactic; it does not only encrypt the victim's data but also exfiltrates the data, and subsequently threatens to leak it on the internet unless the ransom demand is met.

Ransomware groups claimed responsibility for 5,461 attacks in 2024, with 1,204 of these attacks being publicly confirmed by victim organizations, according to Comparitech’s latest Ransomware Roundup report. The average ransom demand was more than $3.5 million, and the average ransom paid was $9.5 million. Many of these attacks involved data theft extortion, leading to the breach of nearly 200 million records.

The recent Codefinger ransomware attack has sent shockwaves through the IT community, specifically targeting businesses relying on AWS S3 storage services. This breach highlights the importance of prioritizing security “best practices” to protect even the most reliable platforms.