VulnHub

Marquis Software Solutions, a financial services provider based in Texas, has linked a ransomware attack that compromised its systems in August 2025 to a subsequent security breach involving SonicWall's cloud backup services. This incident impacted several U.S. banks and credit unions, raising concerns about the security of financial data and the potential for widespread disruption in banking services. The breach reportedly allowed attackers to exploit vulnerabilities in SonicWall's systems, leading to the ransomware attack on Marquis. This situation not only emphasizes the interconnected nature of cybersecurity risks but also highlights the importance of robust security measures for third-party services that handle sensitive financial information. As organizations increasingly rely on cloud solutions, ensuring their security is crucial to protect against similar incidents in the future.

A new ransomware strain known as 'Sicarii' has emerged, marked by its poorly designed code and a peculiar identity that suggests a connection to Hebrew culture, which may be misleading. This ransomware is particularly concerning because it cannot be decrypted, leaving victims unable to recover their files without paying the ransom. The strain first appeared last year, and while it may not be as sophisticated as other ransomware variants, its continued presence poses a risk to various organizations. Users and companies need to remain vigilant and consider implementing robust backup solutions to mitigate the impact of such attacks. The odd branding could lead to confusion about the true origins of this malware, making it a unique case in the evolving landscape of ransomware.

Nike is currently looking into a potential data breach after the World Leaks ransomware group leaked 1.4 terabytes of files that they claim to have stolen from the company. This incident raises concerns about the security of sensitive information held by one of the largest sportswear brands in the world. The leaked files could potentially contain customer data, company secrets, or other critical information, which might lead to further extortion attempts or data misuse. Nike's investigation is crucial not only for the company's reputation but also for the safety of its customers and business partners. As the situation unfolds, it highlights the ongoing threat posed by ransomware gangs targeting major corporations.

FortiGuard Labs has reported a multi-stage phishing campaign aimed at users in Russia, utilizing fake business documents as bait. This attack serves to distract victims while the Amnesia RAT malware operates in the background, potentially leading to ransomware deployment. The campaign is particularly concerning as it targets individuals and organizations that may not be aware of the risks associated with unsolicited documents. As attackers continue to refine their tactics, users need to remain vigilant and cautious about opening attachments from unknown sources. The implications of such attacks can be significant, leading to data breaches and financial losses for those affected.

Nike is currently looking into a significant data breach after the World Leaks ransomware group claimed to have released a massive 1.4TB data dump containing sensitive information. The hackers posted the stolen data online, raising concerns about the potential exposure of personal information and other confidential materials related to the company and its customers. This incident underscores ongoing challenges for large corporations regarding data security and the increasing boldness of ransomware groups. As the investigation unfolds, Nike aims to assess the extent of the breach and determine the necessary steps to protect affected individuals and mitigate any further risks. The situation serves as a reminder for companies to strengthen their cybersecurity measures to guard against such attacks.

A new ransomware strain called Osiris was identified in a November 2025 attack targeting a significant food service franchise in Southeast Asia. Researchers from Symantec and Carbon Black reported that the attackers used a malicious driver known as POORTRY through a technique called Bring Your Own Vulnerable Driver (BYOVD) to disable security tools. This method allowed the ransomware to operate without detection, posing a serious risk to the affected organization. With ransomware attacks on the rise, this incident highlights the need for companies to strengthen their defenses against evolving tactics. The incident serves as a reminder for businesses to continuously update their security measures and remain vigilant against such threats.

The Osiris ransomware, which emerged in November, is raising concerns among cybersecurity experts due to its advanced techniques that suggest the involvement of experienced attackers. This ransomware targets various organizations, encrypting their data and demanding a ransom for its release. The sophistication of Osiris indicates that it could pose a significant risk to businesses that might not have robust security measures in place. As ransomware continues to evolve, companies must be vigilant and proactive in their cybersecurity strategies to defend against such threats. Understanding the tactics used by Osiris can help organizations better prepare for potential attacks and minimize their impact.

Cyber Centaurs, a digital forensics firm, discovered critical attacker infrastructure while investigating a ransomware incident involving a U.S. client. This operational security lapse allowed the firm to recover data that the attackers had encrypted. The incident serves as a reminder of the vulnerabilities that organizations face when dealing with ransomware, particularly if they fail to maintain strict security protocols. Companies should take this case as a warning to enhance their cybersecurity measures, as ransomware attacks can have devastating consequences for both data integrity and business operations. The recovery of the data also raises questions about the methods used by attackers and the potential for further exploitation of the exposed infrastructure.

A new strain of ransomware known as Osiris has been identified, targeting a major food service franchisee operator in Southeast Asia in November 2025. The attackers utilized a malicious driver called POORTRY in a technique known as bring your own vulnerable driver (BYOVD), which helps them disable security measures on the victim's systems. This method allows the ransomware to operate without detection, increasing the risk of data theft and operational disruption. The emergence of Osiris is concerning as it reflects a growing trend in ransomware attacks that exploit existing drivers to bypass security protocols. Organizations, especially those in sensitive sectors like food services, need to be vigilant and ensure their security measures can defend against such sophisticated techniques.