Overview The enterprise threat landscape in 2026 has been reshaped by the rapid ascent of “The Gentlemen” — a Ransomware-as-a-Service (RaaS) operation tracked by Microsoft Threat Intelligence as Storm-2697 and by other security research firms under the alias LARVA-368. Since its emergence in mid-2025, this financially motivated syndicate has scaled faster than any other ransomware group on record, […]

Modern supply chain intrusions are attacks that compromise trusted software development systems, including CI/CD pipelines, package registries, GitHub repositories, developer tools, and cloud environments. Instead of attacking one organization directly, threat actors abuse trusted dependencies, automation workflows, and stolen developer credentials to spread across entire software ecosystems. TeamPcP History TeamPCP (also tracked as PCPcat, DeadCatx3, […]

Payload ransomware is a Windows ransomware family that appends the .payload extension to encrypted files, drops RECOVER_payload.txt ransom notes, and uses ChaCha20 encryption with per-file Curve25519 ECDH key exchange. The sample also includes anti-forensics features such as ETW patching, VSS deletion, Windows Event Log clearing, and process/service termination. Key Takeaways Overview On 15 February 2026, […]