Ransomware
The DOJ sentenced Latvian national Deniss Zolotarjovs to 102 months in prison on May 4, 2026 — the first U.S. prosecution of a Karakurt member ever. Court documents tie the Conti-affiliated negotiator to extortion of more than 54 organizations, $56 million in losses across 13 victims alone, and a deliberate
Ransomware
World Leaks — the rebrand of Hunters International — published 8.5 terabytes and roughly 15 million files from Mediaworks, Hungary's pro-Orbán media giant. Mediaworks asked journalists not to report on the leak, citing criminal data-handling law. At least one Hungarian outlet refused. The data-extortion group World Leaks claimed responsibility
Trending
Ryan Goldberg (Sygnia) and Kevin Martin (DigitalMint) were sentenced to 4 years in federal prison for acting as BlackCat ransomware affiliates while employed as incident response professionals — attacking the same clients they were hired to help.
Policy & Government
Europol's IOCTA 2026 warns that cybercrime has industrialized — AI, encryption, and CaaS are widening the velocity gap between criminal innovation and law enforcement capability, with 120+ ransomware variants and $10.5T in projected 2026 costs.
Ransomware
Sandhills Medical Foundation discloses a ransomware breach by Inc Ransom affecting 169,017 patients — nearly 12 months after the attack was detected and 10 months after stolen data was published publicly.
Ransomware
The Trigona ransomware-as-a-service (RaaS) group, linked to the Rhantus cybercrime umbrella, has begun using a privately-built exfiltration tool instead of common utilities like Rclone and MegaSync. The new “uploader_client.exe” client helps Trigona move data quickly, rotate connections to hide from network monitoring, and maintain a lower profile during
Data Breaches
Ransomware group Incransom has targeted TruGreen, a major lawn-care and consumer-services provider, in a double-extortion attack that threatens the leaking of sensitive customer and operational data. MEMPHIS, TN — On April 22, 2026, the ransomware collective known as Incransom publicly claimed responsibility for a compromise of TruGreen Limited Partnership (trugreen.com)
Data Breaches
The delayed 2026 notification of a massive 1.7-million-record exposure at Kettering Health highlights the "long tail" of healthcare ransomware, where the clinical recovery of a hospital often precedes the true regulatory and legal fallout by nearly a year. DAYTON, OH — A 2025 ransomware attack on Ohio-based Kettering
Data Breaches
Same group behind ADT 10M breach claims 1.4M Udemy users via SaaS vishing. Education sector PII and corporate data at risk. April 27 leak deadline looms. SAN FRANCISCO, CA — Less than a week after the ADT data breach exposed 10 million records, the notorious threat collective ShinyHunters has claimed
Data Breaches
America's largest home security provider confirms breach after vishing attackers claim 10M customer records. Okta SSO → Salesforce attack chain exposes PII and partial SSNs. BOCA RATON, FL — In a stinging blow to the world’s most recognized name in physical security, ADT Inc. (NASDAQ: ADT) has confirmed a
Settlements
HHS cracks down on four healthcare entities after risk analysis failures allowed PYSA and other ransomware to encrypt servers and exfiltrate patient data. WASHINGTON, D.C. — In a decisive move against systemic negligence in the medical sector, the HHS Office for Civil Rights (OCR) has announced a collective $1.165
Data Breaches
Minidoka Memorial Hospital transferred emergency patients after an imaging outage; a new ransomware group demands payment for an alleged 2.3 million files. RUPERT, ID — A quiet Easter morning in rural Idaho was shattered on April 5, 2026, when Minidoka Memorial Hospital (MMH) fell victim to a cyberattack that paralyzed