Diaries

• Neutrino exploit kit sends Cerber ransomware Nov 9th 2025
  5 months ago by Brad
• Malspam on 2017-04-11 pushes yet another ransomware variant Apr 2nd 2025
  1 year ago by Brad
• TeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Compromise, TeamPCP Runs Dual Ransomware Operations, and AstraZeneca Data Released Mar 31st 2026
  1 month ago by Kenneth G. Hartman
• TeamPCP Supply Chain Campaign: Update 002 - Telnyx PyPI Compromise, Vect Ransomware Mass Affiliate Program, and First Named Victim Claim Mar 27th 2026
  1 month ago by Kenneth G. Hartman
• Malspam pushing Locky ransomware tries HoeflerText notifications for Chrome and FireFox Feb 23rd 2025
  1 year ago by Brad
• Jaff ransomware gets a makeover Mar 27th 2025
  1 year ago by Brad
• Malspam with password-protected Word docs pushes Hermes ransomware Aug 25th 2024
  1 year ago by Brad
• And Ransomware Just Got a Bit Meaner (yes... it is possible) May 20th 2021
  4 years ago by Johannes
• Ransomware Defenses May 17th 2021
  4 years ago by Daniel
• Kaseya VSA Users Hit by Ransomware Jul 2nd 2021
  4 years ago by Xme
• Another Script-Based Ransomware Nov 9th 2022
  3 years ago by Xme
• Simple Powershell Ransomware Creating a 7Z Archive of your Files Apr 8th 2021
  5 years ago by Xme
• Powershell Dropping a REvil Ransomware Jan 21st 2021
  5 years ago by Xme
• Ransomware in Node.js Jan 2nd 2020
  6 years ago by Xme
• Wide-scale Petya variant ransomware attack noted Jun 27th 2017
  8 years ago by Brad

Podcasts

• SANS Stormcast: Webshells; Undocumented ESP32 Commands; Camera Used For Ransomware Distribution
  SANS Stormcast: Webshells; Undocumented ESP32 Commands; Camera Used For Ransomware Distribution
• SANS Stormcast Thursday May 29th 2025: LLM Assisted Analysis; MSP Ransomware; Everetz Vulnerability
  SANS Stormcast Thursday May 29th 2025: LLM Assisted Analysis; MSP Ransomware; Everetz Vulnerability
• SANS Stormcast Wednesday, July 23rd, 2025: Sharepoint 2016 Patch; MotW Privacy and WinZip; Interlock Ransomware; Sophos Patches
  SANS Stormcast Wednesday, July 23rd, 2025: Sharepoint 2016 Patch; MotW Privacy and WinZip; Interlock Ransomware; Sophos Patches
• SANS ISC Stormcast, Jan 14, 2025: Brute-Forcing Hikvision Devices, macOS SIP Bypass, Linux Rootkits, Aviatrix Exploits, and AWS Ransomware Tactics
  SANS ISC Stormcast, Jan 14, 2025: Brute-Forcing Hikvision Devices, macOS SIP Bypass, Linux Rootkits, Aviatrix Exploits, and AWS Ransomware Tactics
• SANS Stormcast Friday, February 13th, 2026: SSH Bot; OpenSSH MacOS Change; Abused Employee Monitoring
  SANS Stormcast Friday, February 13th, 2026: SSH Bot; OpenSSH MacOS Change; Abused Employee Monitoring
• SANS Stormcast Thursday Mar 6th: DShield ELK Analysis; Jailbreaking AMD CPUs; VIM Vulnerability; Snail Mail Ransomware
  SANS Stormcast Thursday Mar 6th: DShield ELK Analysis; Jailbreaking AMD CPUs; VIM Vulnerability; Snail Mail Ransomware
• SANS Stormcast Tuesday Mar 25th: Privacy Awware Bots; Ingress Nightmare; Malicious File Converters; VSCode Extension Leads to Ransomware
  SANS Stormcast Tuesday Mar 25th: Privacy Awware Bots; Ingress Nightmare; Malicious File Converters; VSCode Extension Leads to Ransomware
• SANS Stormcast Friday Feb 28th: Njrat devtunnels.ms; Apple FindMe Abuse; XSS Exploited; @sans_edu Ben Powell EDR vs. Ransomware
  SANS Stormcast Friday Feb 28th: Njrat devtunnels.ms; Apple FindMe Abuse; XSS Exploited; @sans_edu Ben Powell EDR vs. Ransomware
• SANS Stormcast Tuesday, April 21st, 2026: CVE and EPSS; Windows Server 2025 OOB; QEMU Abuse;
  SANS Stormcast Tuesday, April 21st, 2026: CVE and EPSS; Windows Server 2025 OOB; QEMU Abuse;
• ISC StormCast for Wednesday, May 29th, 2024
  SQL Injection and Python; FortiSIEM RCE PoC; Bitlocker Ransomware; iconv (glibc) and MacOS PoC; @Horizon3ai @WangTielei
• SANS Stormcast Thursday Mar 13th: Exploiting Login Pages with Log4j; Patch Tuesday Fallout; Adobe Patches; Medusa Ransomware; Zoom and Font Library Updates;
  SANS Stormcast Thursday Mar 13th: Exploiting Login Pages with Log4j; Patch Tuesday Fallout; Adobe Patches; Medusa Ransomware; Zoom and Font Library Updates;
• ISC StormCast for Tuesday, October 1st, 2024
  Mac-Robber Update; Recall Re-Released; Hybrid Cloud Attacks; Ransomware IDs; What's Up Gold Patch;
• ISC StormCast for Monday, May 13th, 2024
  Windows DNS Suffixes; Black Basta Ransomware; Arcserve UDP Exploits; Chrome 0-day; SolarWinds ARM Vuln;
• ISC StormCast for Tuesday, September 10th, 2024
  LoadMaster Vuln; HAProxy Patch; Sonicwall SSLVPN Ransomware; Kibana Update; VSCode Abuse
• SANS Stormcast Tuesday, September 23rd, 2025: Ivanti EPMM Exploit; GitHub Impersonation
  SANS Stormcast Tuesday, September 23rd, 2025: Ivanti EPMM Exploit; GitHub Impersonation