Preventing the Access That Powers Ransomware Lateral Movement (Part 2/2)
Designing upstream controls that cut off access brokers, endpoint breakout, and perimeter device exploitation before T1021 starts
173 reports
Designing upstream controls that cut off access brokers, endpoint breakout, and perimeter device exploitation before T1021 starts
Ransomware lateral movement techniques in 2026 are increasingly identity-led, cloud-aware, and executed through legitimate admin channels, forcing defenders to prioritise high-fidelity telemetry,…
Scattered Spider is a financially motivated eCrime collective best known for high-success social engineering against enterprise IT help desks, often enabling account takeover in SSO and hybrid…
Zscaler ThreatLabz reports a December 2025 campaign it tracks as Ruby Jumper , attributed with high confidence to APT37 (aka ScarCruft, Ruby Sleet, Velvet Chollima). The infection chain begins…
UK financial stability and customer outcomes are increasingly shaped by operational cyber risk: attacks (and disruptive technology failures) that impair critical services, amplify fraud losses,…
Short title: Deep dive on Explorer-native WebDAV abuse for malware delivery WebDAV, Windows File Explorer, WebClient, TryCloudflare, Cloudflare Tunnel, phishing, .URL, .LNK, search-ms,…
Active exploitation of Cisco Catalyst SD-WAN authentication bypass (CVE-2026-20127) cisco catalyst sd-wan, vsmart, vmanage, CVE-2026-20127, UAT-8616, authentication bypass, rogue peer, NETCONF,…
Short title: SANDWORM_MODE npm worm (CI secret theft + MCP poisoning) npm supply chain attack, SANDWORM_MODE, typosquatting, GitHub Actions compromise, CI secret exfiltration, MCP server…
Summary: Symantec links Lazarus tooling to Medusa RaaS extortion activity observed in the Middle East and against a U.S. healthcare target.
Operational profile of the Black Basta ransomware ecosystem (2022–2026) Black Basta, BASTA, ransomware, RaaS, double extortion, UNC4393, Storm-1811, QakBot, DarkGate, Quick Assist, vishing, MITRE…
France’s Ministry of the Economy and Finance disclosed unauthorised access to FICOBA, the national registry of bank accounts, affecting data associated with approximately 1.2 million accounts .…
UK further education (FE) colleges and higher education (HE) institutions face a persistently high-volume threat environment driven by phishing, account compromise, ransomware/extortion, and…