The Gentlemen Ransomware TTPs: Lateral Movement and Encryption Breakdown
The Gentlemen ransomware stands out for its aggressive self-propagation, attempting up to 21 remote execution techniques per host via the --spread...

Created by Eduardo Silva
Timely CTI news for SOC analysts, incident responders, and threat hunters in enterprise environments
Explore the latest content tracked by Enterprise Threat Intel
The Gentlemen ransomware stands out for its aggressive self-propagation, attempting up to 21 remote execution techniques per host via the --spread...
Europol dismantled AudiA6, an industrial-scale cryptocurrency mixing service that laundered EUR 336 million for ransomware operators and other...
Anubis exploits CVE-2025-5777 via crafted HTTP POST requests to extract ~127 bytes of uninitialized memory containing active session tokens.
Avalon is a new modular malware framework delivered via multi-stage phishing with Proton Drive archives and ISO images containing malicious .lnk...
Intezer and Exabeam are advancing AI agent capabilities that automate SOC workflows while securing agentic activity across enterprises.
AI is turning theoretical attack ideas into practical, low-skill threats that bypass traditional defenses.
A detailed threat actor profile maps The Gentlemen's RaaS structure, nine-phase attack lifecycle from initial access through extortion, custom tooling like G-BOT, and specific detection opportunities for enterprise environments.
Coinbase Cartel is a data-theft extortion group first seen in September 2025.
A newly tracked APT group, Armored Likho, is actively targeting government agencies and electric power sectors in Russia, Brazil, and Kazakhstan.
Key...
Belgian authorities detained a 19-year-old leader of a European phishing and money-laundering ring that stole over €500,000 ($572K) via fake...
The Vect ransomware group has partnered with TeamPCP, enabling industrialized attacks by combining supply chain credential theft with RaaS operations. Any organization hit by TeamPCP's credential thefts now faces elevated ransomware risk from Vect.
PamStealer drops via fake maccyapp[.]com domain and uses AppleScript/JXA downloader before executing a Rust ARM64 payload.