Ngrok Archives • Daily CyberSecurity

The “Gentlemen” Ransomware Toolkit and the Lethal z1.bat Pre-Encryption Weapon TheGentlemen Ransomware z1.bat script

The “Gentlemen” Ransomware Toolkit and the Lethal z1.bat Pre-Encryption Weapon

Do Son March 30, 2026

Researchers have uncovered a “structured, maintained operational toolkit” belonging to an affiliate of TheGentlemen ransomware-as-a-service (RaaS) group....

The GRU’s Silent Shift: How BlueDelta Hijacks Ukrainian Webmail Using ngrok and Mocky BlueDelta Espionage, UKR.NET Phishing

The GRU’s Silent Shift: How BlueDelta Hijacks Ukrainian Webmail Using ngrok and Mocky

Do Son December 22, 2025

A persistent cyber-espionage campaign targeting Ukrainian webmail users has evolved its tactics to evade detection, leveraging a...

VSCode Supply Chain Compromise: 12 Malicious Extensions Steal Source Code and Open Remote Shells VSCode Source Code Theft, Malicious Extensions

VSCode Source Code Theft, Malicious Extensions

VSCode Supply Chain Compromise: 12 Malicious Extensions Steal Source Code and Open Remote Shells

Do Son October 30, 2025

The HelixGuard Threat Intelligence Team has uncovered a widespread supply chain compromise affecting the Visual Studio Code...

The Database Was the Door: A Ransomware Attack Began with an Exposed Oracle Serve Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

The Database Was the Door: A Ransomware Attack Began with an Exposed Oracle Serve

Do Son September 22, 2025

Yarix’s Incident Response Team (YIR) has published an in-depth analysis of a targeted intrusion that leveraged an...

Invoice to Infection: Sorillus RAT Campaign Strikes European Organizations

Do Son June 19, 2025

A fresh wave of targeted cyberattacks is sweeping across Europe, leveraging invoice-themed phishing emails and weaponizing legitimate...

Sneaky Email Attack Targets Spain, Italy, Portugal with RATty Trojan RATty Trojan, email phishing

Sneaky Email Attack Targets Spain, Italy, Portugal with RATty Trojan

Do Son May 12, 2025

The FortiMail IR team has uncovered a highly sophisticated email campaign delivering the RATty Remote Access Trojan,...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

Ngrok

The “Gentlemen” Ransomware Toolkit and the Lethal z1.bat Pre-Encryption Weapon

The GRU’s Silent Shift: How BlueDelta Hijacks Ukrainian Webmail Using ngrok and Mocky

VSCode Supply Chain Compromise: 12 Malicious Extensions Steal Source Code and Open Remote Shells

The Database Was the Door: A Ransomware Attack Began with an Exposed Oracle Serve

Invoice to Infection: Sorillus RAT Campaign Strikes European Organizations

Sneaky Email Attack Targets Spain, Italy, Portugal with RATty Trojan