Searchlight Cyber

Introducing our new eBook: "ASM in the Age of CTEM". Follow this link to download your free copy now: slcyber.io/ebooks/asm-in-…

In 2025, 3 notorious threat actors joined forces, merging their operations, resources, and expertise to form "Scattered LAPSUS$ Hunters." In this short clip we break down how this supergroup emerged and why it represents a new level of coordination in ransomware. #Ransomware

Ransomware groups claimed a record 7,458 victims in 2025 - a 30% jump on 2024. In this short clip from our recent webinar, we reveal the ransomware groups driving the surge in H2 2025. youtube.com/watch?v=KHwsfV… #Ransomware #DarkWeb #ThreatIntelligence

Ransomware doesn’t begin with encryption, it begins with exposure. In our latest blog, Luke Donovan, Head of Threat Intelligence, discusses why ransomware defense must start by closing critical gaps long before an attack is launched. slcyber.io/blog/how-to-st… #Ransomware

In our latest blog hear from Luke Donovan, Head of Threat Intelligence as he reflects on ransomware’s record year and what it takes to stay a step ahead of an increasingly fragmented and professionalized threat. slcyber.io/blog/supergrou… #Ransomware #DarkWeb #Cybersecurity

Fewer ransomware victims in H2 2025 sounds like progress. Not quite. Year-over-year victims are still up 30%. Watch now to learn what’s changed, and gain insights into how to minimize your attack surface against ransomware. slcyber.io/webinars/the-r… #Ransomware #DarkWeb

Ransomware victims hit record numbers in 2025, and this figure is growing faster than ever... So what do organizations need to do? Download the full report to understand the trends, the adversaries, and what they mean for your organization: slcyber.io/whitepapers-re… #Ransomware

We're breaking down what's really happening beneath the suface of the ransomware landscape and why fewer victims is not the win it sounds like. Join us as we unpack what changed in H2 2025 and how ransomware groups are shifting their tactics and targets. slcyber.io/webinars/the-r…

#ICYMI Stay ahead with our Ransomware File Explorer, the first-of-its-kind technology that lets analysts instantly search ransomware leak site file-tree data and set alerts. Learn more at eu1.hubs.ly/H0r11Wx0

According to the National Bureau of Economic Research, 𝐨𝐧𝐥𝐲 10.5% 𝐨𝐟 𝐚𝐭𝐭𝐚𝐜𝐤𝐬 𝐚𝐫𝐞 𝐝𝐢𝐬𝐜𝐥𝐨𝐬𝐞𝐝 𝐛𝐲 𝐯𝐢𝐜𝐭𝐢𝐦𝐬, meaning most organizations never learn when their sensitive files are circulating on ransomware leak sites. eu1.hubs.ly/H0qNdvM0

In 2026, the real winners won't be the ones who react fastest, it will be the ones who pre-empt attacks. Read our blog to understand how threat and vulnerability management has evolved and why CTEM can help pre-empt cyberattacks. slcyber.io/blog/how-conti…

Don’t get caught up in the blast radius of a partner’s ransomware attack. Take control with the 𝐑𝐚𝐧𝐬𝐨𝐦𝐰𝐚𝐫𝐞 𝐅𝐢𝐥𝐞 𝐄𝐱𝐩𝐥𝐨𝐫𝐞𝐫: eu1.hubs.ly/H0qNbYC0

Is your ASM platform burying your team in noise and hiding real exposures? If your 2026 focus includes reducing alert fatigue and getting clearer visibility of your internet-facing assets, our blog can help you. slcyber.io/blog/ten-quest… #AttackSurfaceManagement #ASM #Cybersecurity

Fewer ransomware victims in H2 2025...is that a win for organizations? Join Searchight’s Head of Threat Intelligence Data Collection, Luke Donovan, to find out plus learn how you can stay ahead of ransomware. slcyber.io/webinars/the-r… #Ransomware #DarkWeb #ThreatIntelligence

1 infosecurity-magazine.com/news/surge-in-… 2 cybersecuritydive.com/news/initial-a… 3 thehackernews.com/2025/04/initia… 4 thehackernews.com/2025/04/initia…

Initial Access Brokers are one of the most common threats to organizations that we observe on the dark web...and the statistics from our Mitigation Guide show why. Download our full mitigation guide: slcyber.io/whitepapers-re… #InitialAccessBrokers #IAB #DarkWeb #Cybersecurity

Many organizations do not believe they are important enough to be attacked, however, while some "bad guys" conduct targeted attacks, in a lot of cases, they are simply "throwing a wide net". #Ransomware #Cybersecurity #Cyberattack

In this video interview with ISMG, Ryan Cole, Product Technical Specialist discussed the role of the darkweb in credential sales, how supply chain gaps increase breach risk, and how simulating attacks on an organization's infrastructure helps identify blind spots. #DarkWeb

We've updated Cerberus with a dedicated Initial Access Broker Intelligence dashboard. It allows analysts to identify and neutralize IAB threats before they become ransomware incidents. Learn more at eu1.hubs.ly/H0qrz0m0

Pushed a new update to github.com/assetnote/reac… -- it now scans for the RCE payload via reflection. Use the --waf-bypass flag to bypass WAFs, works well for Cloudflare/AWS. Other WAFs might need tinkering with the payload, depending on whether they don't have a max context limit.

Searchlight Cyber analysts discovered the victim shaming blog operated by the fifth iteration of the LockBit RaaS affiliate program, known as LockBit 5.0. While 23 victims were posted, only 5 were new, while the rest were disclosed via posts made on previous blogs.