%term

WantToCry ransomware remotely encrypts files

May 19, 2026 By Sophos Counter Threat Unit Research Team In Sophos

SophosLabs analysts investigated WantToCry ransomware attacks that involved the threat actors abusing the Server Message Block (SMB) service for initial access and then exfiltrating files to attacker-controlled infrastructure for remote encryption. The detection surface is significantly reduced because WantToCry operates without local malware execution, and there is no post-compromise activity beyond exfiltrating files and rewriting them to disk.

Read Post

Sophos

Read more about WantToCry ransomware remotely encrypts files

Mini Shai-Hulud Hits @antv: 323 npm Packages Compromised Through the atool Maintainer Account

May 19, 2026 By Alina Podoba In Mend

An active supply chain attack has compromised 323 npm packages published under the atool npm maintainer account. The wave sweeps the entire @antv data-visualization organization alongside standalone libraries with wide independent adoption: echarts-for-react, timeago.js, size-sensor, and canvas-nest.js. With echarts-for-react pulling roughly 1.1 million weekly downloads, any project that auto-updates these packages is in scope.

Read Post

Mend

Read more about Mini Shai-Hulud Hits @antv: 323 npm Packages Compromised Through the atool Maintainer Account

Protecting the Neglected: Measuring County Cyber Risk with Dr. Ido Sivan Sevilla

May 19, 2026 By Rubrik In Rubrik

- Dr. Ido Sivan Sevilla joins host Caleb Tolin to break down battlefield stories from a massive analysis of over 3,000 local government entities. Dr. Sivan Sevilla, who serves as an Assistant Professor at the UMD College of Information and holds joint positions at the Hebrew University School of Public Policy & Governance and the School of Computer Science and Engineering, brings a multidisciplinary lens to the alarming reality of risk clusters.

View Video

Rubrik

Read more about Protecting the Neglected: Measuring County Cyber Risk with Dr. Ido Sivan Sevilla

Analyzing TAX#TRIDENT: Fake Indian Tax Lures Pivot Across ZIP, VBS, Stego and PHP-Wrapped VBS Delivery

May 18, 2026 By Chain 1: In Securonix

Securonix Threat Research tracks TAX#TRIDENT, an active fake Indian Income Tax-themed campaign that uses three delivery paths to reach Windows endpoints. The campaign starts with fake tax assessment lures and then moves victims toward ZIP files, VBScript downloaders, or PHP-looking web endpoints that actually return script content.

Read Post

Securonix

Read more about Analyzing TAX#TRIDENT: Fake Indian Tax Lures Pivot Across ZIP, VBS, Stego and PHP-Wrapped VBS Delivery

The Danger of Legitimate Remote Tools

May 18, 2026 By Rubrik In Rubrik

How threat actors use AnyDesk and TeamViewer to bypass security.

View Video

Rubrik

Read more about The Danger of Legitimate Remote Tools

Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account

May 18, 2026 By Liran Tal In Snyk

A supply chain attack affecting the @antv data visualization ecosystem and related npm packages is actively spreading through the npm registry. The attack, attributed to a threat group called TeamPCP and branded as another wave of the Mini Shai-Hulud campaign, published more than 300 malicious package versions across 323 packages in a 22-minute automated burst on May 19, 2026. The packages collectively represent approximately 16 million weekly downloads.

Read Post

Snyk

Read more about Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account

How Hybrid Work and Cloud Adoption Are Changing Enterprise Ransomware Risk

May 15, 2026 By Fidelis Security In Fidelis Security

Five years ago, enterprise ransomware risk was mostly a perimeter problem. Today it’s an identity problem, a visibility problem, and a cloud configuration problem, all at once. Hybrid work and cloud adoption didn’t just shift where people work. They fundamentally changed where ransomware attacks begin, how far they reach, and how long they go undetected.

Read Post

Fidelis Security

Read more about How Hybrid Work and Cloud Adoption Are Changing Enterprise Ransomware Risk

Are you asking the right security questions?

May 15, 2026 By Rubrik In Rubrik

An incident is not the time to be testing your recovery protocols. Kyle Fiehler recently joined us on Data Security Decoded to provide us with some questions you can ask before an attack in order to reduce your MTTR once that incident does occur. Add the full episode to your queue!

View Video

Rubrik

Read more about Are you asking the right security questions?

Why Cybersecurity is Dead | The Cyber Resilience Playbook

May 14, 2026 By Rubrik In Rubrik

“The cybersecurity industry as we knew it is dead." Rubrik CEO Bipul Sinha explains why the security industry’s obsession with "walls and detection" has failed. AI-powered attacks have reduced the window between intrusion and breach to zero seconds. The only path forward is a fundamental shift from reactive defense to preemptive recovery, at machine speed.

View Video

Rubrik

Read more about Why Cybersecurity is Dead | The Cyber Resilience Playbook

Why AMOS matters: The macOS malware stealing data at scale

May 14, 2026 By Mohammed Zubair In Sophos

Sophos X-Ops looks at the Atomic macOS Stealer and its capabilities Sophos Managed Detection and Response (MDR) teams recently responded to a customer incident involving an infostealer infection on a macOS host. When we investigated, we found that the infostealer appeared to be a variant of AMOS (Atomic macOS), a well-known malware family we’ve written about before. The attack began with a ClickFix-style ruse, where a user was tricked into running a terminal command.

Read Post