Security Affairs
Telegram-Hosted RedWing Malware Lets Anyone Rent Android Spyware Tools|U.S. CISA adds Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder flaws to its Known Exploited Vulnerabilities catalog|CISA Deploys Anthropic’s Mythos AI to Hunt Vulnerabilities in U.S. Government Code|Critical Gitea Docker Bug Under Active Exploitation Exposes Repositories and Secrets|Spanish Police Arrest Man Linked to CARR, Z-Pentest, and NoName057(16)|Hidden Tenda Router Backdoor Grants Admin Access, No Patch Available|AI-Generated Malware Powers New Armored Likho APT Campaign|Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks|Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Telegram-Hosted RedWing Malware Lets Anyone Rent Android Spyware Tools|U.S. CISA adds Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder flaws to its Known Exploited Vulnerabilities catalog|CISA Deploys Anthropic’s Mythos AI to Hunt Vulnerabilities in U.S. Government Code|Critical Gitea Docker Bug Under Active Exploitation Exposes Repositories and Secrets|Spanish Police Arrest Man Linked to CARR, Z-Pentest, and NoName057(16)|Hidden Tenda Router Backdoor Grants Admin Access, No Patch Available|AI-Generated Malware Powers New Armored Likho APT Campaign|Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks|Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Maze Ransomware operators leak 14GB of files stolen from Southwire

The Maze ransomware gang has released 14GB of files that they claim were stolen from one of its victims, the Southwire cable manufacturer. The victims of the Maze Ransomware are facing another risk, after having their data encrypted now crooks are threatening to publish their data online. The Maze ransomware also implements data harvesting capabilities, […]

Maze ransomware

The Maze ransomware gang has released 14GB of files that they claim were stolen from one of its victims, the Southwire cable manufacturer.

The victims of the Maze Ransomware are facing another risk, after having their data encrypted now crooks are threatening to publish their data online.

The Maze ransomware also implements data harvesting capabilities, operators are threatening to release the data for all those victims who refuse to pay the ransom.

The operators behind the Maze ransomware have set up a website where they have published the list names of eight companies that allegedly refused to pay the ransom.

Maze ransomware

The website includes data related to the infection, including the date of the attack, some stolen documents (Office, text and PDF files), the size of stolen data, and the list of IP addresses and machine names of the infected servers.

In December, Maze ransomware operators have released 2GB of files that were allegedly stolen from the City of Pensacola during the recent attack.

According to BleepingComputer that first confirmed the involvement of the Maze ransomware in the attack against the City of Pensacola, crooks demanded a $1 million ransom to decrypt the victim’s files.

The Maze operators released 2GB out of 32GB of files that they claim to have stolen during the attack on the city network.

The gang has now released an additional 14GB of files that they claim were stolen from one of its victims, the Southwire cable manufacturer.

The attack against the company took place in December, the hackers infected 878 systems on the company network and stole 120GB of files.

The Maze gang demanded $6 million worth of bitcoins to avoid the leak of Southwire’s stolen files, but the company refused to pay the ransom.

Then Maze operators uploaded some of the company’s files to its web site.

Southwire filed a lawsuit against Maze in Georgia courts for illegally accessing their network, stealing data, encrypting computers, and publishing the stolen data after a ransom was not paid. 

The company asked the web hosting provider who was hosting the Maze site to shut down it.

The Maze operators released an additional 14.1GB of stolen files belonging to Southwire on a Russian hacking forum and announced that they plan to release 10% of the data every week unless the ransom is paid.

“But now our website is back but not only that. Because of southwire actions, we will now start sharing their private information with you, this only 10% of their information and we will publish the next 10% of the information each week until they agree to negotiate. Use this information in any nefarious ways that you want”, states the post published by the Maze operators.

At this point, Southwire executives need to evaluate is it is better to pay the ransom to avoid to sustain greater costs for data being exposed.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Maze ransomware, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]