Interlock, a ransomware intrusion set first observed in September 2024, has steadily carved a niche for itself within the cybercriminal landscape. Unlike many well-known groups, Interlock does not operate under the typical "Ransomware-as-a-Service" (RaaS) model. As of March 2025, there are no public advertisements or indications of affiliate recruitment linked to this group, distinguishing it from larger, more commercialized ransomware operations.

A newly discovered Android malware, dubbed Crocodilus, has emerged as a serious threat to cryptocurrency holders and banking app users. Researchers at ThreatFabric uncovered this advanced malware, which employs sophisticated social engineering tactics and device takeover techniques to steal sensitive financial data.

A novel ransomware strain named Ymir has emerged, encrypting systems previously compromised by the RustyStealer malware. RustyStealer, a credential-harvesting tool initially documented in 2021, is now being used to facilitate ransomware deployment, reflecting an increasing trend of collaboration among cybercriminal operations.

A newly identified malware, code-named "FiXS," has begun affecting ATMs across Mexican banks. The malware's name comes from an identifier found within its binary code. FiXS appears to operate similarly to the infamous Ploutus malware, utilizing an external keyboard connection to control the ATM.

A significant ransomware attack has recently exploited vulnerabilities in CyberPanel, affecting over 22,000 instances globally. PSAUX ransomware leveraged a critical security flaw, leaving these web hosting control panels compromised and effectively taken offline. Here’s an overview of the vulnerabilities exploited, the ransomware’s impact, and steps for mitigation.