Find notable cyber news and cases, enriched with sources, timelines, and signals.

Reynolds side-loaded-loader and GotoHTTP ransomware campaign

Campaign
First reported
Last updated
Happening score
H score 37
1 unique sources, 1 articles

Summary

Hide ▲

The Reynolds ransomware operation now shows pre-deployment staging and post-deployment access tooling, increasing the likelihood of persistent compromise on the target network. A side-loaded loader appeared weeks before ransomware deployment, and GotoHTTP was later deployed after the ransomware event. That sequence indicates a coordinated intrusion path rather than a single isolated payload drop.

Related Happenings

GodDamn ransomware PoisonX BYOVD activity

Malware Activity
H score15 First: 09.07.2026 13:43 Last: 09.07.2026 13:43 Sources 1

About this happening: The **GodDamn** ransomware family is using the **PoisonX** kernel driver to disable endpoint defenses during attacks, increasing the risk of **credential theft**, **lateral moveme...

JADEPUFFER agentic Langflow ransomware campaign

Campaign
H score26 First: 03.07.2026 21:55 Last: 03.07.2026 21:55 Sources 1

About this happening: The **JADEPUFFER** operation abused **CVE-2025-3248** on an internet-facing **Langflow** instance and then escalated into a **destructive database-extortion** campaign against a p...

Major U.S. services company hit by ransomware attack linked to DragonForce

Incident
H score38 First: 16.06.2026 13:18 Last: 16.06.2026 13:18 Sources 1

About this happening: A **DragonForce ransomware** incident hit a **major U.S. services firm** in **December 2025**, with attackers maintaining access for **one to two months** and hiding **command-and...

Medusa ransomware post-compromise deployment

Malware Activity
H score48 First: 07.04.2026 09:35 Last: 07.04.2026 09:35 Sources 1

About this happening: **Medusa ransomware** is being deployed rapidly after initial access, turning intrusions into fast-moving extortion events and shrinking defenders' response time. The malware acti...

Storm-1175 high-velocity zero-day and N-day intrusion campaign

Campaign
H score44 First: 07.04.2026 09:35 Last: 07.04.2026 09:35 Sources 1

About this happening: **Storm-1175** is running a **high-velocity intrusion campaign** that chains **zero-day** and **N-day vulnerabilities** to gain initial access to exposed systems, raising the risk...

Timeline

  1. 10.02.2026 16:36 2 articles · 4mo ago

    Reynolds campaign pairs a side-loaded loader with GotoHTTP access

    Campaign Scope Update

    Reynolds ransomware activity included a suspicious side-loaded loader on the affected target network several weeks before ransomware deployment, followed by GotoHTTP on the target network a day after deployment, indicating a coordinated intrusion path and an apparent attempt to maintain persistent access after encryption.

    Show sources