Cisco Talos reports a surge in malicious activities by hacking group GhostSec, including the development of GhostLocker 2.0 ransomware using Golang. Collaborating with Stormous, GhostSec conducts double extortion ransomware attacks globally, targeting sectors like technology and education. They’ve launched a RaaS program, STMX_GhostLocker, and introduced new tools for website attacks: GhostSec Deep Scan tool and GhostPresser for XSS attacks. GhostSec’s evolving tactics now feature .ghost file encryption, updated ransom notes, and enhanced C2 panel capabilities, indicating increased sophistication in compromising websites. No CVEs are mentioned.