More than 120 active ransomware brands in a single year. These are the findings that open the 2026 edition of the Internet Organised Crime Threat
In 2025, just 19% of non-encrypted extortion victims paid, according to Coveware. Instructure has just joined this minority. On May 11, 2026, the publisher of
On May 4, 2026, the administrator of RaaS program The Gentlemen admitted on an underground forum that part of his internal database had been leaked.
On May 7, 2026 at 17:06 UTC, a Reddit user reported that installers downloaded from the official JDownloader website triggered a Windows Defender alert. Eighteen
On April 6, 2026, Microsoft Threat Intelligence published a consolidated analysis of the operations of Storm-1175, a China-based cybercriminal actor it has been tracking since
Booking.com customer reservation data is in the hands of attackers, and is already being used for targeted phishing campaigns. On April 13, 2026, the online
Having an EDR is no longer a guarantee. In recent attacks, Qilin affiliates have deployed a dedicated module capable of disabling over 300 threat detection
More than 200 victims in just over a year, an increasingly sophisticated GB payload, and, in its early days, a server hostname that displayed the
On March 24, 2026, the European Commission detected an intrusion into the AWS cloud infrastructure hosting its Europa(.)eu sites. Three days later, the ShinyHunters group
For over a year, an attack campaign led by Russian-speaking actors had been operating discreetly, without triggering the slightest alert. Its target: HR teams. Its
After PromptSpy, which exploited Gemini to ensure the persistence of Android malware, it’s now the turn of a ransomware player to take the plunge. In
Four years after its launch, LeakBase no longer responds. In place of the forum, an FBI seizure banner. Behind this familiar image lies an operation
