LIVETHREAT INTELLIGENCE
NVD/NISTCVE-2025-29927 β€” Next.js Middleware Auth Bypass Β· All versions <15.2.3 affectedCRITICAL 9.1β—†AlienVault OTXAPT29 (Cozy Bear) β€” Active Spear-Phishing Campaign Targeting NATO DiplomatsCRITICAL 9.3β—†Recorded FutureCl0p Ransomware β€” MOVEit-style Campaign Targeting MFT Solutions GloballyCRITICAL 9.5β—†Shodan22,000+ Redis Instances Exposed on Port 6379 β€” No Auth β€” Cryptominer RiskHIGH 8.9β—†VirusTotalCVE-2025-21298 β€” Windows OLE Remote Code Execution Β· CISA KEV Catalog AddedCRITICAL 9.8β—†Censys14,500+ Exposed Kubernetes API Servers Detected β€” Anonymous Access EnabledHIGH 8.7β—†AlienVault OTXFIN7 Carbanak Group β€” New JavaScript Backdoor Targeting Retail POS SystemsHIGH 8.4β—†NVD/NISTCVE-2025-24813 β€” Apache Tomcat RCE via Partial PUT Β· Exploit Code PublicCRITICAL 9.8β—†Recorded FutureDark Web Auction: 2.1M U.S. Healthcare Records Listed Β· PII + Insurance DataHIGH 8.1β—†VirusTotalLumma Stealer v4.1 β€” New Evasion Bypass for Windows Defender SmartScreenHIGH 8.6β—†NVD/NISTCVE-2025-30065 β€” Apache Parquet RCE via Schema Parsing Β· CVSS Maximum ScoreCRITICAL 10.0β—†Recorded FutureSalt Typhoon (China) β€” Telco Backdoors Persist in 3 U.S. Carriers Post-DisclosureCRITICAL 9.2β—†VirusTotalDragonForce Ransomware β€” New Affiliate Program Attracting LockBit DefectorsHIGH 8.5β—†ShodanCitrix NetScaler Bleed (CVE-2023-4966) β€” 4,800 Unpatched Hosts Still ExploitableCRITICAL 9.4β—†CensysIvanti Connect Secure 0-Day Chain β€” Nation-State Actor Exploitation ConfirmedCRITICAL 9.0β—†AlienVault OTXBEC Surge Q1 2026 β€” $3.1B in Wire Fraud Β· AI Voice Cloning in UseHIGH 7.9β—†NVD/NISTCVE-2025-29927 β€” Next.js Middleware Auth Bypass Β· All versions <15.2.3 affectedCRITICAL 9.1β—†AlienVault OTXAPT29 (Cozy Bear) β€” Active Spear-Phishing Campaign Targeting NATO DiplomatsCRITICAL 9.3β—†Recorded FutureCl0p Ransomware β€” MOVEit-style Campaign Targeting MFT Solutions GloballyCRITICAL 9.5β—†Shodan22,000+ Redis Instances Exposed on Port 6379 β€” No Auth β€” Cryptominer RiskHIGH 8.9β—†VirusTotalCVE-2025-21298 β€” Windows OLE Remote Code Execution Β· CISA KEV Catalog AddedCRITICAL 9.8β—†Censys14,500+ Exposed Kubernetes API Servers Detected β€” Anonymous Access EnabledHIGH 8.7β—†AlienVault OTXFIN7 Carbanak Group β€” New JavaScript Backdoor Targeting Retail POS SystemsHIGH 8.4β—†NVD/NISTCVE-2025-24813 β€” Apache Tomcat RCE via Partial PUT Β· Exploit Code PublicCRITICAL 9.8β—†Recorded FutureDark Web Auction: 2.1M U.S. Healthcare Records Listed Β· PII + Insurance DataHIGH 8.1β—†VirusTotalLumma Stealer v4.1 β€” New Evasion Bypass for Windows Defender SmartScreenHIGH 8.6β—†NVD/NISTCVE-2025-30065 β€” Apache Parquet RCE via Schema Parsing Β· CVSS Maximum ScoreCRITICAL 10.0β—†Recorded FutureSalt Typhoon (China) β€” Telco Backdoors Persist in 3 U.S. Carriers Post-DisclosureCRITICAL 9.2β—†VirusTotalDragonForce Ransomware β€” New Affiliate Program Attracting LockBit DefectorsHIGH 8.5β—†ShodanCitrix NetScaler Bleed (CVE-2023-4966) β€” 4,800 Unpatched Hosts Still ExploitableCRITICAL 9.4β—†CensysIvanti Connect Secure 0-Day Chain β€” Nation-State Actor Exploitation ConfirmedCRITICAL 9.0β—†AlienVault OTXBEC Surge Q1 2026 β€” $3.1B in Wire Fraud Β· AI Voice Cloning in UseHIGH 7.9β—†
← BlogΒ·Incident Response15 min read2,106 views

Ransomware Defense Playbook

Ransomware remains the top threat. Our playbook covers prevention, detection, and recovery.

H
HorizonShield Team
March 24, 2026

Prevention First

Ransomware has evolved into highly organized, targeted operations. Average ransom demands exceeded $2.1M in 2024. Prevention starts with patch management, email filtering, and endpoint protection.

The 3-2-1 backup rule is non-negotiable: three copies, two media types, one offsite β€” and backups must be air-gapped or immutable.

Incident ResponseCybersecurityHorizonShield
← More Articles
H
HorizonShield Team
HorizonShield Security Team

Cybersecurity expert at HorizonShield, specializing in threat intelligence, incident response, and enterprise security architecture.