Weekly Cybersecurity: How to avoid ransomware and every new vulnerability
We analyze the week's threats: from the rise of EDR killers to recurring risks in browsers and websites.

The persistence of threats: A never-ending cycle
We begin a new week by analyzing the cybersecurity landscape, where the report of incidents feels, unfortunately, familiar. The constant appearance of fake tools, compromised websites, and invasive browser extensions reminds us that, despite technological advances, attack vectors remain surprisingly traditional.
The core problem lies in the trust placed in third-party tools and the lack of digital hygiene in credential management. A clear example of how an error in a plugin can compromise an entire ecosystem is the New vulnerability in Gravity SMTP puts WordPress API keys at risk, a reminder that website security remains a critical battlefront.
EDR Killers and the rise of ransomware
One of the most concerning trends this week is the refinement of EDR killers. These malicious programs are specifically designed to disable security solutions installed on endpoints, clearing the way for ransomware groups to deploy their payloads without resistance.
"Attackers are no longer just looking for access; they are investing resources into actively neutralizing defenses before initiating data encryption."
This tactic, combined with the exploitation of any known vulnerability in unpatched systems, exponentially raises the risk for companies that do not maintain a defense-in-depth strategy.
Attack vectors: From the browser to mobile devices
Modern hacking does not discriminate between platforms. We have observed an increase in:
- Mobile malware: Applications that request excessive permissions, compromising user privacy and facilitating the theft of banking information.
- IoT device botnets: Smart devices used as nodes in attack networks, often due to weak credentials that were never changed from their defaults.
- Browser extensions: Tools that, under a benign appearance, exfiltrate browsing data and active sessions.
Conclusion: What can we do?
Security is not a state, but a process. To mitigate these risks, it is vital to implement Zero Trust policies, keep all systems updated, and, above all, constantly audit the privileges granted to applications and extensions. Prevention remains our best tool in a landscape where human error continues to be the weakest link.
Sources: The Hacker News
Related articles
11 de julio de 2026
Condemna històrica: membre de la banda Ryuk ransomware admet la seva culpabilitat
Un ciutadà armeni es declara culpable als EUA pel desplegament de ransomware Ryuk, afrontant una possible sentència de 15 anys de presó.
11 de julio de 2026
Historic Conviction: Ryuk Ransomware Gang Member Admits Guilt
An Armenian national pleads guilty in the U.S. for deploying Ryuk ransomware and faces a potential 15-year prison sentence.
11 de julio de 2026
Condena histórica: miembro de la banda Ryuk ransomware admite su culpa
Un ciudadano armenio se declara culpable en EE. UU. por el despliegue de ransomware Ryuk, enfrentando una posible sentencia de 15 años de prisión.
10 de julio de 2026
Hackers exploten Microsoft Entra: Nova vulnerabilitat en passkeys
Un grup d'actors maliciosos utilitza enginyeria social per comprometre comptes de Microsoft 365 mitjançant falsos registres de passkeys a Entra.
Loading comments...