The Lynx ransomware, which appeared in July this year, may have originated from the INC Ransom source code reportedly sold in May, according to analyses by Nextron Systems and Palo Alto Networks’ Unit 42. The Lynx gang has claimed over 20 victims primarily in the retail, real estate, architecture, financial services, and environmental services sectors in the US and UK. While clear connections can’t be definitively confirmed, similarities between Lynx and INC Ransom suggest the development of Lynx has borrowed significantly from INC’s codebase.

New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth
An updated version of a malware loader, known as Hijack Loader, has been discovered with new features aimed at evading detection and maintaining persistence. The