Threat Research

    Under Medusa’s Gaze: How Darktrace Uncovers RMM Abuse in Ransomware Campaigns

    Medusa has emerged as one of the most active ransomware-as-a-service groups, ranking among the top 10 threats in 2025 and impacting over 500 organizations by January 2026....
    1/9/2026  0
    Read More »

    How RMM Abuse Fuelled Medusa & DragonForce attacks

    In early 2025, researchers identified a surge of ransomware attacks abusing the SimpleHelp Remote Monitoring and Management (RMM) platform, widely used by MSPs and software vendors. Threat groups such as Medusa and DragonForce exploited three vulnerabilities — CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728 — to infiltrate downstream customer networks....
    11/12/2025  0
    Read More »

    Investigating Active Exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer Vulnerability

    On September 18, 2025, a critical vulnerability (CVE-2025-10035, CVSS 10.0) was disclosed in GoAnywhere MFT's License Servlet, affecting versions up to 7.8.3. The flaw allows attackers to bypass signature verification and deserialize arbitrary objects, potentially leading to command injection and remote code execution....
    10/8/2025  0
    Read More »

    #StopRansomware: Medusa Ransomware

    This joint Cybersecurity Advisory is part of the ongoing #StopRansomware initiative, providing network defenders with insights into ransomware variants and threat actors. These advisories share observed tactics, techniques, procedures (TTPs), and indicators of compromise (IOCs) to enhance protection....
    3/13/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.