VulnHub

The Clop ransomware group has successfully breached the University of Phoenix's network, compromising the personal data of approximately 3.5 million individuals, including students, staff, and suppliers. The attack occurred in August, and the stolen data could potentially include sensitive information, which raises concerns about identity theft and privacy violations. This incident emphasizes the growing threat of ransomware attacks on educational institutions, highlighting the need for improved cybersecurity measures. Affected individuals should be vigilant for signs of identity theft and consider monitoring their personal information more closely. The university has not yet detailed specific steps being taken to mitigate this breach or protect affected individuals.

The latest Malware Newsletter from Security Affairs covers significant topics in the malware scene, including a focus on pro-Russian cyber attacks. One notable incident involves the deployment of a malware called Phantom Stealer through ISO-mounted executables, which could pose risks to users who interact with these files. Additionally, researchers have identified a method used by hackers to infect around 50,000 Firefox users by embedding malware in a PNG icon. These incidents highlight ongoing threats to cybersecurity, particularly from hacktivist groups and ransomware, emphasizing the need for users and organizations to remain vigilant against emerging tactics and techniques used by cybercriminals.

A data breach at the Richmond Behavioral Health Authority (RBHA) in Virginia has compromised the personal information of approximately 113,000 individuals. Attackers gained access to sensitive data, including names, Social Security numbers, and financial and health information. In addition to stealing this information, the hackers deployed ransomware on the organization’s systems, which can further complicate recovery efforts and put more data at risk. This incident raises significant concerns about the security of mental health records and the potential for identity theft among those affected. As the healthcare sector increasingly relies on digital systems, breaches like this one highlight the urgent need for stronger cybersecurity measures to protect sensitive patient data.

A ransomware group has taken advantage of a serious vulnerability in React2Shell, identified as CVE-2025-55182, to infiltrate corporate networks. Once they gain access, they deploy their file-encrypting malware in under a minute, making the attack extremely swift and damaging. This incident highlights the urgency for organizations to address this vulnerability, as it poses a significant risk to corporate data security. Companies using systems that incorporate React2Shell need to remain vigilant and take immediate action to protect their networks from potential exploitation. The rapid nature of these attacks underlines the necessity for robust security measures and timely updates.

Askul, a major Japanese e-commerce and logistics company, has reported a significant data breach following a ransomware attack by a group called RansomHouse. This incident has compromised over 700,000 records, raising concerns about the security of sensitive information related to both businesses and consumers who rely on Askul for office supplies and logistics services. The attack underscores the ongoing risks faced by companies in the e-commerce sector, particularly as cybercriminals increasingly target organizations with ransomware. As a result, affected individuals and businesses may be at risk of identity theft and other cyber threats. Companies should take this incident as a wake-up call to bolster their cybersecurity measures and ensure they have effective data protection strategies in place.

Ransomware groups are increasingly targeting hypervisors, which are the underlying technology that allows multiple virtual machines to run on a single physical server. This approach enables attackers to encrypt multiple virtual machines simultaneously with a single breach, significantly increasing the impact of their attacks. Researchers at Huntress have found that these attackers exploit gaps in visibility and security at the hypervisor layer. Organizations need to take proactive steps to secure their virtualization infrastructure against these threats. This includes implementing stricter access controls, regular monitoring, and keeping systems updated to defend against potential ransomware attacks that can disrupt operations and lead to data loss.

Askul, a company specializing in e-commerce and logistics, suffered a significant data breach when the RansomHouse ransomware group targeted it in October. Around 700,000 records were compromised during this attack, raising concerns about the exposure of sensitive customer and business information. The incident highlights the ongoing risks faced by online retailers and logistics providers in today's digital landscape. Organizations like Askul must bolster their cybersecurity measures to protect against such threats and safeguard customer trust. The breach serves as a reminder for all businesses to remain vigilant and proactive in their security practices.

Askul Corporation, a major Japanese e-commerce company, reported a ransomware attack by the hacker group RansomHouse, resulting in the theft of approximately 740,000 customer records. The breach, which occurred in October, raises significant concerns about the security of customer data and the potential for identity theft or fraud. Askul has not disclosed the specific types of information taken, but the volume of records suggests that sensitive personal information may be involved. This incident highlights the ongoing challenges faced by companies in protecting consumer data against increasingly sophisticated cyber threats. Customers of Askul should remain vigilant and monitor their accounts for any suspicious activity.

A new version of the VolkLocker ransomware, operated by the pro-Russia group CyberVolk, has emerged with notable enhancements but also a significant vulnerability. Researchers discovered that the latest iteration allows victims to decrypt their own files without having to pay a ransom. This flaw undermines the effectiveness of the ransomware, potentially reducing the financial incentive for the attackers. Organizations targeted by this ransomware may find some relief, as they can regain access to their files independently. However, the situation remains concerning as the group continues to evolve its tactics. The presence of such vulnerabilities raises questions about the security measures businesses have in place against ransomware attacks.

Asahi Group, a major beverage and food company, is facing significant challenges after a ransomware attack that severely disrupted its operations. The company's CEO has announced plans to potentially establish a dedicated cybersecurity unit in response to this incident. This move comes as organizations worldwide increasingly recognize the need for stronger defenses against cyber threats, especially after high-profile attacks like this one. The attack not only affected Asahi's internal systems but also raises concerns about the security of sensitive customer and company data. Strengthening cybersecurity measures is crucial for Asahi to protect its assets and regain consumer trust moving forward.

CyberVolk, a pro-Russian hacktivist group, has launched a new ransomware-as-a-service (RaaS) called VolkLocker, which has a significant flaw. Researchers from SentinelOne discovered that VolkLocker contains a hard-coded master key, allowing victims to decrypt their files without paying the ransom. This ransomware, which surfaced in August 2025, targets Windows systems and is part of an ongoing trend of ransomware attacks that can disrupt businesses and individuals alike. The presence of this flaw means that while the ransomware may still be a concern, victims have a potential way to recover their data without succumbing to the attackers' demands. This incident underscores the ongoing battle between cybercriminals and security researchers, as vulnerabilities in ransomware can lead to unexpected outcomes for victims.

The hacktivist group CyberVolk has introduced a new ransomware-as-a-service (RaaS) called VolkLocker. However, the launch has been marred by significant cryptographic flaws that could allow victims to recover their files without paying the ransom. This oversight raises questions about the effectiveness of the ransomware and puts CyberVolk's credibility at risk. The vulnerabilities mean that organizations targeted by this ransomware might not suffer the financial losses typically associated with such attacks. As ransomware continues to be a prevalent threat, incidents like this remind users and businesses to remain vigilant and prepared for potential attacks.