Researchers began to detect exploit attempts in the wild targeting the patched, high-severity flaw in TP-Link routers starting on April 11.
Ransomware actors are utilizing a tool that abuses an out-of-date Windows driver in order to kill security software.
More ransomware groups are developing custom tools for data exfiltration, to deploy second-stage malware and more.
The Russian APT28 group is exploiting a six-year-old vulnerability in some Cisco IOS and IOS XE router software to install malware known as Jaguar Tooth.
Researchers believe that the Domino malware is being deployed by former Conti members and has been developed by FIN7, indicating “at least some level of collaboration between the two groups."