The State of Ransomware 2025

Cassandre Coyer reports: As another cybersecurity compliance deadline hits in New York, the impact may be most deeply felt by smaller companies—as well as vendors and other businesses outside the financial sector that technically aren’t within scope of the regulation. The New York Department of Financial Services’ (NYDFS) latest Cybersecurity Regulation amendments go into effect…

One actively exploited issue patched; five Critical-severity Office vulns exploitable via Preview Pane

When people ask us, “Aren’t all endpoint solutions the same these days?” — our answer is simple: No. They’re not.

The threat actor known as Storm-0249 is likely shifting from its role as an initial access broker to adopt a combination of more advanced tactics like domain spoofing, DLL side-loading, and fileless PowerShell execution to facilitate ransomware attacks. “These methods allow them to bypass defenses, infiltrate networks, maintain persistence, and operate undetected, raising serious concerns…

Alexander Castro reports; The City of Providence wants to investigate consolidating certain data sources across municipal and school district networks when its schools return from state to local control. The district superintendent is concerned about the plan’s finer points when it comes to data sharing. (Photo illustration by Alexander Castro/Rhode Island Current) Some systems get…

Cybersecurity researchers have discovered a new ransomware strain dubbed HybridPetya that resembles the notorious Petya/NotPetya malware, while also incorporating the ability to bypass the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems using a now-patched vulnerability disclosed earlier this year. Slovakian cybersecurity company ESET said the samples were uploaded