A massive malware campaign has been distributing Magniber ransomware, disguised as Microsoft Windows updates.

A Conti ransomware attack affected multiple government services in Costa Rica, from the Finance Ministry to the Labor Ministry. One of the most recent victims is the Electricity Service of Cartago (JASEC).

Malware loaders commonly used by threat actors, such as BazaLoader and IcedID, are seemingly being replaced by a new loader called Bumblebee.

A new ransomware known as Black Basta has emerged, attacking at least 12 companies within its first three weeks of operation — including the American Dental Association and wind farm operator Deutsche Windtechnik.

African banks have found themselves to be an increasing target for remote access tools (RATs) that are deployed through typo-squatted domains and HTML smuggling tactics as a delivery method.

The Hive extortion group is actively targeting unpatched Microsoft Exchange Servers and using them to deploy ransomware.

On February 23, 2022, a new data wiper and ransomware were deployed on a large number of devices in the Ukraine, as ESET Research reported on Twitter. Just before this, a couple of Ukrainian government sites and services were subjected to DDoS attacks. Cybersecurity specialists discovered that the malware was deployed via Microsoft Active Directory GPO. In addition to the disk wiper and ransomware, a worm component was deploy