Safeguard
Tag

ransomware

Safeguard articles tagged "ransomware" — guides, analysis, and best practices for software supply chain and application security.

91 articles

Best Practices

Ransomware defense strategy for engineering teams

Ransomware hit 44% of breaches in Verizon's 2025 DBIR, up from 32% a year prior. Here's the backup, access, and detection playbook that actually stops it.

Jul 15, 20266 min read
Vulnerability Analysis

PaperCut CVE-2023-27350 Explained: Auth Bypass to Unauthenticated RCE

CVE-2023-27350 is an authentication bypass in PaperCut MF and NG that hands an attacker admin access and remote code execution, rated CVSS 9.8. Here is the timeline, root cause, and how to remediate.

Jul 2, 20265 min read
Vulnerability Analysis

EternalBlue (CVE-2017-0144) Explained: The SMBv1 Flaw Behind WannaCry

CVE-2017-0144 is the SMBv1 remote code execution bug that powered WannaCry and NotPetya. Here is how the EternalBlue exploit works, why it spread, and how to stay clear of it today.

Jul 1, 20266 min read
Threat Intelligence

2026 Mid-Year Threat Landscape: Supply-Chain Worms, Agentic AI, and Edge Zero-Days

A defender's synthesis of the first half of 2026 — self-propagating package worms, the agentic-AI access-control problem, edge-appliance zero-days, and a healthcare ransomware surge — and what to prioritize next.

Jun 24, 20265 min read
Threat Intelligence

Stryker Wiper Attack: When Hacktivists Used Intune to Brick 200,000 Medtech Devices

An Iran-aligned group used a compromised admin account and Microsoft Intune to factory-reset roughly 200,000 of Stryker's devices in real time. The lesson is uncomfortable: your management plane is your biggest single point of failure.

Jun 21, 20267 min read
Threat Intelligence

Ransomware vs. Hospitals: The 2026 Healthcare Surge and the Push to Call It Terrorism

Healthcare ransomware dipped in volume in May 2026 but kept climbing in impact, and a former FBI cyber chief is asking Congress to treat hospital ransomware as terrorism. We weigh the policy debate against what actually protects patients.

Jun 20, 20267 min read
Threat Intelligence

ShinyHunters Breaches Match Group: Hinge, Match, and OkCupid Data Exposed in a Vishing-Driven Extortion Hit

ShinyHunters claimed 10 million records from Match Group's dating apps in late January 2026. Here is what was actually taken (Hinge, Match, and OkCupid — notably not Tinder), how a single vishing call opened the door, and why dating-app data raises the extortion stakes.

Jun 20, 20267 min read
Threat Intelligence

Kairos Ransomware Hits Gregory Jewellers: 574 GB of Data Extortion at an Australian Luxury Retailer

The Kairos extortion group claims it stole roughly 574 GB from Australian luxury jeweller Gregory Jewellers. Here is what is verified, what the group's playbook tells us, and why pure data-extortion crews are the harder problem.

Jun 19, 20267 min read
Vulnerabilities

Edge Appliances Are the Soft Underbelly: VPN Zero-Days as Initial Access in 2026

Check Point's CVE-2026-50751 and Cisco's seventh SD-WAN zero-day of the year are not isolated bugs — they are the same story. Here is why VPN and edge appliances keep becoming the front door for ransomware, and how to monitor and segment them.

Jun 17, 20267 min read
Threat Intelligence

Ransomware Economics in 2026: Data Extortion Wins, Encryption Loses

Payment rates hit record lows in 2025 while attack volume surged. The result is a colder, leaner extortion economy built on data theft, not encryption — and a RaaS market reconsolidating around a handful of operators.

Jun 12, 20267 min read
Vulnerabilities

CVE-2026-45657: The Wormable-Class Windows Kernel RCE You Should Patch This Week

A CVSS 9.8 zero-day-grade remote code execution flaw in the Windows kernel's TCP/IP path lets unauthenticated attackers run code as SYSTEM with no user interaction. Here's what's confirmed, what's hype, and what to do now.

Jun 12, 20267 min read
Vulnerabilities

Check Point VPN Zero-Day CVE-2026-50751: Auth Bypass Under Active Exploitation

Check Point's CVE-2026-50751 lets an attacker dictate how hard the gateway checks them — and walk in without a password. It is rated CVSS 9.3, exploited since early May 2026, and already tied to a Qilin ransomware affiliate.

Jun 9, 20266 min read
ransomware — Safeguard Blog