The rise of AI-powered ransomware marks a significant shift in the cybersecurity landscape, with 80% of ransomware attacks now utilizing artificial intelligence. This new category of ransomware not only encrypts files but also learns and adapts to maximize damage, posing unprecedented challenges for organizations worldwide.

The OYO Las Vegas Hotel & Casino experienced a ransomware attack in January, exposing personal and financial information of approximately 4,700 individuals. The incident is now central to a legal dispute between OYO and its former management company, Highgate Hotels.

Everest Ransomware has reportedly breached AT&T Careers, compromising 576,000 records. This incident highlights the ongoing threat of ransomware attacks targeting large organizations.

The UK government has introduced new anti-ransomware guidance aimed at addressing supply chain vulnerabilities that have led to significant cyber incidents. Developed in collaboration with Singapore, the guidance outlines practical steps for organizations to enhance their supply chain security and prevent exploitation by cyber criminals.

Comcast Corporation has had 186.36 GB of compressed data, totaling 834 GB of stolen information, exposed by the Medusa ransomware gang after refusing to pay a $1.2 million ransom. The data includes sensitive Excel files and scripts related to auto premium analysis.

Medusa Ransomware has leaked a significant amount of data from Comcast, totaling 834 GB, after the company failed to meet a $1.2 million ransom demand. This incident highlights the ongoing threat posed by ransomware groups.

The Warlock ransomware campaign, linked to Chinese threat actors, exploits the ToolShell zero-day vulnerability in Microsoft SharePoint (CVE-2025-53770). This shift towards direct financial cybercrime marks a significant change in tactics among these groups.

In Q3 2025, Cisco Talos observed a significant rise in ToolShell attacks, primarily targeting public-facing applications, with a notable increase in post-exploitation phishing campaigns. The report emphasizes the importance of network segmentation and rapid patching to mitigate these threats.

Jewett-Cameron Company, an Oregon-based provider of fencing and pet solutions, experienced a cyberattack that led to the theft of sensitive information and disruption of business operations. The company reported that hackers deployed encryption software and threatened to release stolen data unless a ransom is paid.

The latest Microsoft Digital Defense Report reveals that over 52% of cyberattacks are motivated by extortion and ransomware, with a significant focus on data theft. The report emphasizes the need for proactive cybersecurity measures and modernization in defense strategies.

SimonMed Imaging has reported a data breach impacting over 1.2 million patients, with unauthorized access occurring between January 21 and February 5. The breach was linked to the Medusa ransomware group, which claimed to have stolen 212 GB of sensitive data.

Oracle has announced a high-severity vulnerability in its E-Business Suite, tracked as CVE-2025-61884, which allows remote, unauthenticated access to sensitive resources. This flaw has not yet been exploited in the wild, but it poses significant risks to corporate users.

A recent study by MIT reveals that 80% of ransomware attacks utilize artificial intelligence, highlighting the need for a multi-layered defense approach. The research outlines three essential pillars for effective AI defense in cybersecurity.

The Clop Ransomware group has announced a breach of Harvard University, adding it to their Tor data leak site. They claim to have stolen sensitive data and will leak it soon, raising concerns about the potential impact on the prestigious institution.

China-based group Storm-2603 has exploited an outdated version of the Velociraptor tool to maintain persistence and deploy multiple ransomware strains including Warlock, LockBit, and Babuk. This incident highlights the evolving tactics of threat actors utilizing legitimate tools for malicious purposes.

Asahi, Japan's leading beer producer, has been forced to halt production at most of its factories due to a cyber-attack attributed to the ransomware group Qilin. The company is currently processing orders manually, leading to significant shortages of its products across the country.