US, UK, and Australia sanction Russian ‘bulletproof’ web host used in ransomware attacks https://t.co/WVv2GQY54n ...

Core Insights - Rapid7's Q3 2025 Threat Landscape Report highlights the evolving tactics of threat actors, emphasizing the acceleration of vulnerability exploitation and the rise of ransomware groups leveraging artificial intelligence [1][2][5] Vulnerability Exploitation - The total number of newly exploited vulnerabilities decreased by 21% from Q2 to Q3 2025, yet attackers are increasingly targeting older, unpatched vulnerabilities, including those over a decade old [2] - The exploitation of critical vulnerabilities in Microsoft SharePoint (CVE-2025-53770) and Cisco ASA/FTD products illustrates the urgent need for timely patching [3] Ransomware Activity - The number of active ransomware groups surged to 88 in Q3 2025, up from 65 in Q2 and 76 in Q1, indicating a significant increase in ransomware activity [4] - New alliances among ransomware groups, such as Qilin, SafePay, and WorldLeaks, are targeting various industries and employing innovative tactics like fileless operations and single-extortion data leaks [4] AI and Cyber Warfare - Generative AI is facilitating the creation of sophisticated phishing campaigns and adaptive malware, lowering barriers for cybercriminals [5] - Nation-state actors from Russia, China, and Iran are refining their tactics, focusing on supply chain and identity system attacks, which blur the lines between espionage and disruption [5] Report Overview - The Rapid7 Threat Landscape Report provides a comprehensive analysis of global adversary behavior, covering various threats from ransomware to state-sponsored operations and AI-driven attacks [7]

it is 2025 and silicon valley elite still think publicly traceable blockchains like bitcoin are dangerous because "ransomware" while forgetting that cash is literally untraceableretardioCoinDesk (@CoinDesk):⚠️ @reidhoffman explains why Silicon Valley feared crypto: "crypto is... the preferred ransomware for people holding, you know, uh, critical infrastructure, hospitals, other kinds of things hostage." https://t.co/lPTHeKjl1b ...

RT Jake Bleiberg (@JZBleiberg)New: Three employees at cybersecurity companies spent years moonlighting as criminal hackers, launching their own ransomware attacks in a plot to extort millions of dollars from victims around the country, US prosecutors alleged in court filings.https://t.co/zSnNdAtV5A ...

Three employees at cybersecurity companies spent years moonlighting as criminal hackers, launching their own ransomware attacks in a plot to extort millions of dollars from victims around the country, US prosecutors allege https://t.co/uVx9DtjhqV ...

Three people, including two U.S. ransomware negotiators, are accused of working on behalf of the ALPHV/BlackCat ransomware gang. https://t.co/o2sug8dXAz ...

Core Insights - The 2025 European Threat Landscape Report by CrowdStrike indicates that European organizations represent nearly 22% of global ransomware and extortion victims, ranking second after North America [1] - Ransomware operations are accelerating, with adversary groups like SCATTERED SPIDER increasing deployment speed by 48%, resulting in an average attack duration of just 24 hours [1] Summary by Category Ransomware Impact - European organizations are significantly affected, accounting for almost 22% of global ransomware victims [1] - This positions Europe as the second most impacted region, following North America [1] Ransomware Operations - The speed of ransomware deployment is increasing, with a noted 48% rise in speed by groups such as SCATTERED SPIDER [1] - The average time taken for a ransomware attack has decreased to just 24 hours [1]

The recent wave of cyberattacks against Japanese businesses has exposed critical weaknesses in the country’s corporate digital defenses, fueling fears of further disruption to sales and supply chains.In the past month, Asahi Group Holdings Ltd. was forced to take its distribution system offline and revert to phone orders for beer and beverages after a ransomware attack, while retailers relying on Askul Corp. lost access to their e-commerce platforms.The surge reflects a combination of factors, including the ...

Core Viewpoint - A ransomware attack has disrupted the MuniOS platform, affecting the ability of state and local borrowers to post debt documents in the $4.3 trillion municipal bond market [1][2]. Group 1: Impact on Municipal Bond Market - MuniOS, operated by ImageMaster LLC, has been out of service for several days, impacting the posting of bond offering documents [1]. - Despite the outage, market participants have not reported delays in transactions, although some issuers are using alternative platforms like BondLink [2][4]. - The municipal bond market is crucial for financing infrastructure projects for states, cities, and other entities [3]. Group 2: Operational Adjustments - Issuers are resorting to traditional methods, such as sending large-file PDFs directly and making extensive phone calls to investors [4]. - The Texas Transportation Commission successfully posted documents for a $1.8 billion sale on a different platform, McElwee & Quinn LLC, and provided physical copies to investors [5]. Group 3: Cybersecurity Concerns - Ransomware attacks have become a significant concern, with recent high-profile incidents affecting various corporations [6]. - The municipal market has seen growing concerns over cyber risks, highlighted by a previous incident where a bond sale was hacked [7]. - The MuniOS platform, launched in 1999, holds a significant market share, with over 70% reported in 2017 [7]. Group 4: Regulatory Response - The Municipal Securities Rulemaking Board has advised issuers to use its EMMA website for posting preliminary official statements and other market information during the MuniOS outage [8].

Security Breach - A Russian-speaking hacker group known as Qilin claimed responsibility for a ransomware attack [1] - The ransomware attack impacted Asahi Group Holdings' operations for over a week [1]