delivers timely ransomware news, expert analysis, threat intelligence,
and monthly updates via the iconic RedACT and RedACTinsights reports
ransomNews is an independent observatory dedicated to tracking and analyzing global ransomware activity. We monitor cyber extortion claims across the world, verify each incident manually, and compile clear, data-driven insights with a sharp focus on Italy.
Every month, we publish RedACT, in-depth report to inform, educate, and raise awareness - empowering businesses, institutions, and individuals to better understand the evolving ransomware landscape.
Our mission: to turn raw data into actionable knowledge, making cybersecurity a shared responsibility.
RedACT & dataset
Behind every alert, there’s a story - and a lot of work.
We sift through noise, verify facts, and enrich raw data to bring you clarity in the chaos of cyber threats. Follow us to see the bigger picture, and the small details that matter.
Stay up to date with real-time news on ransomware events, emerging threat groups, critical vulnerabilities, and more. We share timely alerts, expert insights, and key developments to keep you informed and ahead of the curve. Because cybersecurity awareness starts with staying connected.
We monitor and jot down public claims made by threat actors, verifying their credibility. The data is then enriched and aggregated to provide a structured, up-to-date view of ransomware activity, supporting analysis, prevention, and response efforts.
We compile RedACT and RedACTinsights, free resources offering rigorously verified, data-driven reporting on ransomware activity and threat actors. Each edition distills complex intelligence into clear, structured insights, built to inform, and always grounded in verifiable evidence.
We support organizations and institutions with tailored ransomware intelligence reports, sector-specific, data-driven, and designed to inform strategic decisions and strengthen cyber resilience.
We deliver curated threat landscape briefings, sector-specific, timely, and actionable. Each brief considers actual ransomware trends and scenarios, group activity, and vulnerabilities relevant to any organization.
We're proud partner of The Cyber Act Forum, one of the biggest cybersecurity event in Italy. Cyber Actors claim the responsibility and the ideal of raising awareness of cybersecurity issues, to create new opportunities for those working in these areas.
Cyber Act Forum
Viterbo, Italy
During PA Forum and related institutional events, our data provided a reliable foundation for understanding ransomware trends in Italy. It served as a strategic lens to assess risks, support policy discussions, and inform decision-making in the public cybersecurity ecosystem.
Forum PA 2025
Rome, Italy
Our datasets have been integrated into continuous learning programs and threat modeling exercises. By highlighting prevalent attack vectors and the most exploited entry points, our intelligence supports teams in staying aligned with real-world threats and enhancing their operational readiness.
Public Sector Stakeholders
Italy, Switzerland
Trusted by analysts and advisors, our datasets are regularly used to enrich private reports, strategic briefs, and incident reviews. Their depth and structure make them a reliable layer of intelligence across sectors, supporting evidence-based recommendations and high-stakes decision-making.
Private Consulting
Italy, Switzerland, remote
Italian landscape and threat report for Apr, 2025
.pdf format | free download | CC BY-NC license
Italian landscape and threat report for Mar, 2025
.pdf format | free download | CC BY-NC license
Italian landscape and threat report for Feb, 2025
.pdf format | free download | CC BY-NC license
Italian landscape and threat report for Jan, 2025
.pdf format | free download | CC BY-NC license
Italian landscape and threat report for Jan, 2025
.pdf format | updated dataset | CC BY-NC license
Italian landscape and threat report for Jan, 2025
.pdf format | free download | CC BY-NC license
An incident advisory quick sheet about Lynx threat actor, now rebranded in Sinobi. Origin, tactics, infrastructure, and operational patterns.
An OSINT-based analysis of akira ransomware group's tactics, infrastructure, and operational patterns.
Awareness
We raise awareness around invisible exposure: how our digital habits, overlooked traces, and public signals can silently map our vulnerabilities. Understanding what we reveal is the first step toward reclaiming control in an increasingly transparent world.