Secplicity Blog
Cybersecurity Headlines & Trends Explained
DeadLock Ransomware Group Embeds Data Leak Site Within Ransom Note
The DeadLock ransomware operation has existed since mid-2025, with most of the first reported sightings in mid-July, according to ThreatScene. Their report mentioned the group “now conducts double extortion” following a subsequent analysis in September 2025, which revealed newer DeadLock payloads…
The Shrinking Exploit Window and What It Means for Cybersecurity Teams
TL;DR The time between vulnerability disclosure and active exploitation is shrinking. In episode 372 of The 443 Security Simplified, WatchGuard’s Marc Laliberte and Adam Winston discuss why the traditional patch window is becoming harder for defenders to rely on. The episode also examines a recent…
Grandoreiro Malware Campaign Targets Europe and Latin America
WatchGuard telemetry identified a campaign associated to Grandoreiro that uses the DLL Side-Loading technique abusing four different softwares, targeting banks in Portugal. Also, it was identified cases of a known campaign that uses a malicious VBS to deliver the malware, targeting companies in…
Long Weekend Cybersecurity Checklist
Long weekends are good for people. They're also useful for attackers. That's not fearmongering. It's an operational reality. Threat actors understand how businesses work. They know when staffing is lighter, when response times may be slower, and when IT and security teams are more likely to be…
Ransomware Tracker (Entry #338): Sorry Worm
On April 27, 2026, a ransomware written in Golang was submitted to VirusTotal that appended the '.sorry' string to the encrypted filenames. Upon initial review, this was not the same as the 2018 Sorry ransomware, which was built using the open-source HiddenTear encryptor. This was novel, and that…
The IDE Is the New Domain Admin: How Developer Environments Became Ground Zero
I remember my first real dev setup. A beige tower, a copy of Turbo C++, and a dial-up connection that screamed like a fax machine having an existential crisis. The workstation was an island. What lived on it stayed on it. The biggest security risk was a floppy disk from a friend, and even then, you…
Looking For More?
443 Podcast
A weekly podcast featuring the leading white-hat hackers and security researchers.
Ransomware Tracker
The Ransomware Tracker is a dynamic, all-in-one hub for IT professionals, researchers, and cybersecurity-minded folks to learn about the entire ransomware landscape. This information-laden resource brings together WatchGuard Threat Labs' research with evidence from all over the Internet into one single convenient location.