VulnHub

Real-time Cybersecurity News

INC ransomware opsec fail allowed data recovery for 12 US orgs

BleepingComputer
RansomwareCritical

Overview

A failure in operational security by the INC ransomware group has allowed researchers to recover data stolen from 12 U.S. organizations. This incident highlights vulnerabilities in the ransomware gang's methods, which typically aim to keep their operations hidden and secure. The affected organizations were able to regain access to their compromised data, which could lessen the impact of the attack. Such operational oversights by attackers can provide critical opportunities for recovery and response for victims. This situation serves as a reminder for organizations to remain vigilant and proactive in their cybersecurity measures to protect against ransomware threats.

Key Takeaways

  • Affected Systems: Data from 12 U.S. organizations affected by INC ransomware
  • Action Required: Organizations should review their cybersecurity practices, enhance data backup protocols, and implement robust incident response strategies.
  • Timeline: Newly disclosed

Original Article Summary

An operational security failure allowed researchers to recover data that the INC ransomware gang stole from a dozen U.S. organizations. [...]

Impact

Data from 12 U.S. organizations affected by INC ransomware

Exploitation Status

No active exploitation has been reported at this time. However, organizations should still apply patches promptly as proof-of-concept code may exist.

Timeline

Newly disclosed

Remediation

Organizations should review their cybersecurity practices, enhance data backup protocols, and implement robust incident response strategies.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Ransomware, Critical.

Read Original Article

Related Coverage

CISA tells agencies to stop using unsupported edge devices

CyberScoop

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a binding operational directive urging federal agencies to stop using unsupported edge devices. This directive aims to address vulnerabilities that have been exploited in significant cyberattacks in recent years. Unsupported edge devices can pose serious security risks, as they no longer receive updates or patches, making them easy targets for attackers. By discontinuing the use of these devices, agencies can better protect their networks and sensitive data. This move is part of a broader effort to enhance cybersecurity across the federal government and ensure that agencies are not exposed to avoidable risks.

Feb 5, 2026

AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack

The Hacker News

The AISURU/Kimwolf botnet has launched a massive DDoS attack that peaked at an astonishing 31.4 Terabits per second, lasting just 35 seconds. This attack is part of a growing trend of extremely high-volume HTTP DDoS assaults that the botnet has been executing throughout the fourth quarter of 2025. Cloudflare, a cybersecurity company that monitors these incidents, successfully detected and mitigated the attack, preventing potential disruptions to online services. Such high-capacity attacks pose significant risks to internet infrastructure and can overwhelm even the most fortified systems, affecting businesses and users alike. As these types of attacks become more common, organizations need to bolster their defenses against DDoS threats.

Feb 5, 2026

AI-assisted cloud breach achieved in record 8 minutes

SCM feed for Latest

A recent cybersecurity incident saw attackers breach a cloud environment in just eight minutes, using exposed test credentials that were found in a public S3 bucket. This rapid breach highlights the dangers of improperly secured cloud storage and the need for better credential management practices. Organizations using cloud services should ensure that sensitive information is not publicly accessible and that test credentials are properly safeguarded. The incident serves as a stark reminder that even minor oversights can lead to significant security breaches, potentially compromising sensitive data. Companies need to take immediate action to review their cloud configurations and implement stricter access controls.

Feb 5, 2026

Alleged 764 member arrested, charged with CSAM possession in New York

CyberScoop

Authorities in New York have arrested a member of the group known as 764, charging him with possession of child sexual abuse material (CSAM). This arrest is part of a broader crackdown on the violent extremist collective, which has seen multiple members detained over the past year. The increased law enforcement activity aims to disrupt the group's operations and reduce the risks associated with its activities. This incident not only highlights the ongoing efforts to combat online exploitation but also raises awareness about the dangers posed by extremist groups that may exploit vulnerable individuals. The implications extend beyond the arrests, as it signals a commitment to addressing child exploitation and extremist violence.

Feb 5, 2026

Pro-Russian group Noname057(16) launched DDoS attacks on Milano Cortina 2026 Winter Olympics

Security Affairs

Italy's Foreign Minister Antonio Tajani announced that the country successfully thwarted a series of cyberattacks linked to a pro-Russian group known as Noname057(16). These attacks targeted various entities, including the Foreign Ministry offices, with one affecting operations in Washington, D.C. Additionally, the group aimed at disrupting websites and hotels associated with the upcoming Milano Cortina 2026 Winter Olympics. This incident highlights ongoing cybersecurity concerns related to geopolitical tensions, particularly as major international events approach. The Italian government’s proactive measures demonstrate the importance of safeguarding critical infrastructure and national security against external threats.

Feb 5, 2026

Romanian oil pipeline operator Conpet discloses cyberattack

BleepingComputer

Conpet, Romania's national oil pipeline operator, reported a cyberattack on Tuesday that disrupted its business operations and took down its website. The attack affected the company’s ability to manage its systems effectively, although details on the type of attack or the perpetrators have not been disclosed. This incident raises concerns about the security of critical infrastructure, particularly in the energy sector, where such attacks can have significant implications for supply chains and national security. As authorities investigate, it’s crucial for companies in similar sectors to review their cybersecurity measures to prevent similar disruptions in the future.

Feb 5, 2026