Good morning. Here’s what crossed my radar today that’s worth your time.

Good morning. Here’s what crossed my radar today that’s worth your time.

[7,655 Ransomware Claims in One Year: Group, Sector, and Country Breakdown]

Source: Hacker News: Front Page

The headline number is loud (7,655 claims in 376 days), but the more interesting detail is the shape of the ecosystem: this is concentrated and fragmented at the same time. Qilin is clearly dominant at 1,179 claims (15.4%), and the top five groups make up 40% of posts — but that still leaves 4,628 claims from 124 smaller groups. In practical terms, this means “take down one gang and the problem goes away” is fantasy. The market has enough depth that pressure in one place redistributes activity rather than ending it.

The sector split is also more operationally useful than the raw totals. Manufacturing (890) and Technology (843) lead the chart, with healthcare still alarmingly high at 537. That pattern lines up with where downtime hurts most: plants, service providers, and critical workflows that can’t tolerate prolonged outages. It also underscores a recurring blind spot in enterprise security programs: third-party exposure. If your ERP integrator, managed file transfer vendor, or mid-tier supplier appears on a leak site, that can become your outage before it becomes your incident report.

Geography tells a similar story of asymmetric risk. Yes, the U.S. is 40% of all claims (3,101), but the spread across 141 countries and standout pockets like Germany (315 claims, including 72 tied to SafePay) suggest region-specific affiliate behavior and campaign strategies. Add the time trend — second-half monthly average rising from 521 to 732 claims (+40%), with peaks in October and December 2025 — and the key takeaway is that baseline extortion pressure has shifted upward. Even if some of that is better leak-site coverage rather than pure attack growth, defenders still have to manage the observable risk surface, not the perfect truth.

Potential follow-up: Build a lightweight “ransomware exposure watchlist” for your top 25 vendors (especially manufacturing/IT providers), mapped by country and business criticality, and define a 24-hour response playbook for when any of them appears on a leak site.

[Tier 2 section will be added by script - don’t write it]

Quick scan

A few more things worth a quick look:

• Claude Code's source code has been leaked via a map file in their NPM registry — Hacker News: Front Page
  ▲0 (0)▼
• Autoscaling CI for Gitea in Rust — Lobsters
  ▲0 (0)▼
• ONLYOFFICE flags license violations in “Euro-Office” project — Lobsters
  ▲0 (0)▼
• Refill UV Printer Ink Cartridges Like It’s The Late 90s — Hackaday
  ▲0 (0)▼

Research notes saved to vault for potential studio follow-up.