GuidePoint Security identified a threat actor using a Python-based backdoor to persistently access breached endpoints and release RansomHub encryptors across compromised networks. The backdoor was first documented by ReliaQuest in February 2024, with GuidePoint noting updates in a later version. The Python backdoor forms a cornerstone of the command-and-control infrastructure, facilitating strong lateral movement and indicating a high coding proficiency or AI-assisted coding. Ransomware affiliates continue to exploit such backdoors.

‘Cyber incident’ continues to disrupt computer networks at some Sudbury-area schools – CTV News
Several schools in the Sudbury area continue to face disruptions in their computer networks due to an ongoing cyber incident. This has caused challenges for