Click any tag below to further narrow down your results
Links
Researchers have identified a new spyware toolkit called ZeroDayRAT that allows complete remote access to both iOS and Android devices. Available on Telegram, it enables features like live camera feeds, keylogging, and theft of banking information. Infection occurs through malicious binaries, and attackers can use various distribution methods, including phishing and social engineering.
Cybercriminals are increasingly attacking trucking and logistics companies to deploy remote monitoring and management (RMM) software, aiming to steal cargo, especially food and beverages. They exploit compromised email accounts and use spear-phishing tactics to gain access, allowing them to hijack shipments and manipulate logistics operations.
The article details the emergence of 01flip, a new ransomware written in Rust, which has begun targeting organizations in Southeast Asia. The attackers have compromised systems and are potentially selling stolen data on dark web forums. Initial access was gained through exploiting older vulnerabilities, leading to the deployment of the ransomware across both Windows and Linux devices.
Yuriy Rybtsov, a Ukrainian hacker known as "MrICQ," was arrested in Italy and extradited to the U.S. for his role in the Jabber Zeus cybercrime group. The gang stole millions from businesses using a customized ZeuS trojan that intercepted banking credentials and facilitated money laundering through recruited mules. Rybtsov's arrest follows a long investigation into the group's operations and their notorious methods.
The article outlines key developments in cyber threats during 2025, emphasizing how attackers increasingly exploit trust, identity, and initial access rather than relying on new tools. It discusses the rise of crimeware-as-a-service, the integration of AI in cybercrime, and the decline of traditional carding fraud, highlighting the changing tactics used by threat actors.
The article outlines the collapse of major ransomware groups Black Basta and LockBit, highlighting internal issues and law enforcement pressures. New players like DragonForce are emerging with innovative business models, while the competition drives both sophistication and amateurism in ransomware operations.
The CISA has reported that a vulnerability in Control Web Panel (CWP) is being actively exploited by attackers. An estimated 150,000 internet-exposed CWP instances are at risk, prompting federal agencies to address this issue by November 25.
Google warns that various threat actors, including those linked to Russia and China, are exploiting a critical flaw in WinRAR to gain access and deploy malware. This vulnerability, CVE-2025-8088, allows attackers to execute malicious code by manipulating archive files, leading to widespread attacks on multiple targets.
The article discusses two new dark large language models (LLMs), WormGPT 4 and KawaiiGPT, which help less-skilled cybercriminals automate attacks like phishing and malware creation. WormGPT 4 is sold on underground forums, while KawaiiGPT is freely available on GitHub, making it easy for aspiring hackers to access powerful tools. Researchers warn these models lower the skill barrier for cybercrime, posing a significant digital risk.
The FBI, in collaboration with German and Finnish authorities, has dismantled E-Note, a major crypto laundering service linked to over $70 million in illegal funds. The operation, run by Russian national Mykhalio Chudnovets, helped cybercriminals, including ransomware attackers, disguise their stolen money. Chudnovets now faces serious charges that could lead to a lengthy prison sentence.
Europol coordinated a crackdown on three cybercrime operations, targeting the malware Rhadamanthys, the Elysium botnet, and VenomRAT. Police arrested a key suspect in Greece and seized over 1,000 servers, revealing millions of stolen credentials from infected computers. Rhadamanthys gained prominence after the takedown of another malware, Lumma, earlier this year.
Chinese state-sponsored hackers used Anthropic's AI tool, Claude, to automate cyberattacks on around 30 organizations worldwide, succeeding in several breaches. They tricked the AI into bypassing security protocols by framing malicious tasks as routine cybersecurity work. This marks a significant shift in cybercrime, highlighting the need for enhanced AI-driven defenses.
Two British teens, Thalha Jubair and Owen Flowers, have pleaded not guilty to charges related to a cyberattack on Transport for London in August 2024, which caused significant damage and compromised customer data. They are also linked to other international hacking incidents, including attacks on U.S. healthcare networks.
The UK government plans a major restructuring of its policing system to better address rising cybercrime and online fraud. A new National Police Service will centralize efforts against serious crimes that cross local and national boundaries, while local forces will focus on community policing. The changes aim to modernize law enforcement capabilities in response to evolving criminal tactics.
Ukrainian and German authorities have identified two Ukrainians linked to the Black Basta ransomware group and named Oleg Nefedov as its leader. Nefedov, who has ties to Russian intelligence, has been added to INTERPOL's wanted list, and the group has reportedly earned hundreds of millions in cryptocurrency from attacks on over 500 companies. Recent leaks suggest Black Basta may have disbanded, but its members could regroup under new aliases.
This article discusses a repository of usernames scraped from various cybercrime forums, created as an alternative to expensive threat intelligence services. It offers insights into the collection's purpose, usage, and encourages contributions from users. The data includes usernames from both active and defunct forums, along with advice on maintaining anonymity online.
Zahid Hasan, a 29-year-old from Dhaka, Bangladesh, was indicted for running a network selling digital templates for fake US government documents. The operation generated over $2.9 million from more than 1,400 customers worldwide before the FBI seized multiple domains linked to the fraud.
The FBI has reportedly seized the RAMP cybercrime forum, a hub for ransomware groups. Following the seizure, its former administrator, Stallman, acknowledged the loss and indicated he would shift to purchasing access to victim networks instead of creating a new forum. The legitimacy of the seizure has raised questions, given past claims of similar operations being scams.
A report reveals that 18 American universities faced a coordinated phishing campaign from April to November 2025. Attackers used the Evilginx tool to bypass Multi-Factor Authentication and steal login credentials and session cookies, compromising user accounts. The University of San Diego was the first reported victim, and several other institutions were significantly affected.
Artem Stryzhak, a 35-year-old Ukrainian national, pleaded guilty to conspiracy for deploying Nefilim ransomware in attacks against companies in the U.S. and elsewhere. He worked with a group that extorted victims by threatening to publish stolen data unless they paid a ransom. Stryzhak faces up to 10 years in prison, with sentencing set for May 2026.
European law enforcement arrested 18 people involved in credit card fraud and money laundering, which defrauded 4.3 million cardholders across 193 countries, resulting in losses of €300 million ($346 million). The operation, named Chargeback, targeted a total of 44 suspects, including nationals from several countries.
The Scattered Lapsus ShinyHunters gang uses aggressive methods to extort companies, including threats of violence against executives and their families. Experts advise against negotiating with them, as they have a history of failing to uphold promises in ransom situations. Engaging with the group may escalate harassment and risks for victims.
Dutch authorities arrested a 33-year-old man at Schiphol Airport, believed to be the mastermind behind the AVCheck malware platform. This site, shut down in May 2025, allowed cybercriminals to test their malware against various antivirus systems. The arrest followed an international investigation linked to the platform's takedown.
Microsoft is suing RedVDS, a service providing virtual desktops used for phishing and fraud. The company aims to shut down the operation, which has contributed to over $40 million in fraud losses in the US, and has partnered with law enforcement to seize its infrastructure. Victims of RedVDS include various organizations across multiple sectors globally.
GoldFactory, a Chinese-speaking cybercrime group, is attacking mobile users in Indonesia, Thailand, and Vietnam by impersonating government services and distributing modified banking apps. Their tactics involve tricking victims into installing malware through phone calls and fake app links, leading to thousands of infections. The group has developed sophisticated methods to bypass security features of legitimate banking applications.
Tokyo FM Broadcasting Co. was hacked on January 1, 2026, with a group claiming to have stolen over 3 million records. The stolen data includes names, birthdays, email addresses, IP addresses, and internal login IDs, raising significant security concerns for listeners and employees. Verification of the claims is still pending.
Law enforcement across Spain and Germany arrested 34 members of Black Axe, a notorious cybercrime group originally from Nigeria. Their operations include online fraud and money laundering, often exploiting vulnerable individuals in poor neighborhoods. The recent raids resulted in nearly €6 million in fraud losses and significant asset seizures.
Europol has shut down Cryptomixer, a cryptocurrency laundering service linked to the laundering of 1.3 billion euros since 2016. The site was used by cybercriminals to obscure the origins of their funds, making it harder for authorities to trace illegal transactions.
Interpol's Operation Sentinel resulted in 574 arrests and the recovery of $3 million linked to cybercrimes across 19 countries. The operation dismantled over 6,000 malicious links and decrypted six ransomware strains, highlighting the growing threat of cyberattacks in Africa.
The FBI has shared 630 million passwords with Troy Hunt to help organizations block potential account takeovers. This data, some of which is newly identified, adds to the existing database and enhances security measures against cybercrime. Hunt emphasizes the importance of using this information to protect accounts effectively.
A new infostealer called SantaStealer has been launched, promoting itself on Telegram and underground forums. This malware collects sensitive data and aims to evade detection by operating in-memory, though initial samples reveal weaknesses in its design and execution.
This article details an organized cybercriminal operation that primarily targets cryptocurrency users and Web3 employees through sophisticated malware and social engineering tactics. The gang, linked to multiple traffer groups, has generated at least $2.4 million in theft, using fake applications and extensive infrastructure to deliver their attacks.
The U.S. Treasury and allies have sanctioned Media Land, a Russian bulletproof hosting provider, and its leaders for facilitating ransomware and cybercrime. Despite these sanctions, experts warn that the infrastructure remains operational until key partners sever ties. Authorities emphasize the need for a strategic approach to disrupt these services without impacting legitimate internet operations.
Researchers found a phishing campaign using Phorpiex malware to spread Global Group ransomware. The attack employs deceptive file names to trick users into downloading a Windows shortcut that encrypts files offline, making recovery nearly impossible. It also erases backup files to cover its tracks.
Hackers compromised 80 CCTV systems across India, stealing over 50,000 clips and selling them for profit on porn channels. The attackers exploited weak passwords and used various hacking tools to access cameras in hospitals, schools, and homes. Key members of the operation were arrested, facing charges under cyber terrorism laws.
Aleksei Volkov, a 25-year-old Russian, pleaded guilty to charges related to his role as an initial access broker for the Yanluowang ransomware group. He helped facilitate attacks on seven U.S. businesses, resulting in over $24 million in ransom demands. Volkov faces a maximum sentence of 53 years in prison and must pay nearly $9.2 million in restitution.
This article explores how large language models (LLMs) can be used for both defensive and offensive purposes in cybersecurity, highlighting the rise of malicious models like WormGPT and WormGPT 4. These tools bypass ethical constraints, making cybercrime more accessible for less skilled attackers. The piece details their capabilities, including generating phishing content and malware, and discusses the implications for the threat landscape.
Researchers found that Sicarii ransomware has a decryption flaw, rendering victims' data unrecoverable even if they pay the ransom. The malware generates a new RSA key for each attack, discarding the private key, leaving no viable recovery option. Caution is advised for organizations considering ransom payments.
A significant data breach affecting hotels in Italy has raised concerns over the potential misuse of stolen personal identification information. The Italian data protection authority has initiated an investigation and advised individuals to monitor their documents and report any suspected theft. Malicious actors frequently target the hospitality sector, heightening the urgency for protective measures.
Russian law enforcement has successfully shut down 100 servers associated with the notorious NoName05716 hacking group, known for its DDoS attacks on various targets. This operation reflects ongoing efforts to combat cybercrime and disrupt malicious online activities in the region.
A campaign exploiting the CVE-2024-36401 vulnerability in GeoServer has been discovered, allowing attackers to monetize victims' internet bandwidth through the deployment of legitimate software development kits (SDKs) or modified apps. The stealthy approach enables criminals to profit without distributing traditional malware while targeting an expanding number of publicly accessible GeoServer instances. Palo Alto Networks offers protective measures against such threats.
U.S. authorities have charged Ukrainian national Volodymyr Viktorovich Tymoshchuk for his involvement in managing the LockerGoga, MegaCortex, and Nefilim ransomware operations, which targeted over 250 companies globally, causing significant financial damage. Tymoshchuk faces multiple charges including conspiracy for computer fraud and unauthorized access, while a reward of up to $11 million is offered for information leading to his arrest.
An Iranian individual has pleaded guilty to participating in the RobbinHood ransomware attacks, which targeted various organizations, leading to significant financial losses. He now faces a potential sentence of up to 30 years in prison for his crimes.
The Scattered Spider ransomware group has decided to cease operations due to intense law enforcement pressure following significant cyberattacks on companies like Jaguar Land Rover and Salesforce. In a farewell message, they apologize to their victims and hint at a possible return with a new venture called "ShinySp1d3r RaaS."
The VanHelsing ransomware-as-a-service operation leaked its source code, including the affiliate panel and Windows encryptor builder, after an ex-developer attempted to sell it on a hacking forum. While the leak provides some useful tools for threat actors, it lacks key components like the Linux builder and databases, which could have aided law enforcement efforts. This incident highlights the ongoing trend of ransomware source code leaks facilitating new cyber attacks.
German police have identified Vitaly Nikolaevich Kovalev as the notorious leader of the Trickbot ransomware group, known as "Stern." This revelation comes after years of investigations into the cybercrime cartel, which has targeted thousands of victims and stolen hundreds of millions of dollars. An Interpol red notice has been issued for Kovalev, who is believed to be in Russia and protected from extradition.
A large-scale operation by Interpol has resulted in over 1,200 arrests across various African nations in a significant crackdown on cybercrime. The initiative aimed to combat the rising threat of digital criminal activities, enhancing regional cooperation and law enforcement capabilities.
Infostealers have evolved into powerful, user-friendly tools for cybercriminals, enabling the silent theft of sensitive information without detection. These malware variants, often available through malware-as-a-service platforms, are extensively used for credential theft and other malicious activities. Their success hinges on speed and stealth, allowing them to operate without leaving traces.
China-based SMS phishing groups, known as the "Smishing Triad," are increasingly targeting customers of international financial institutions by converting stolen payment card data into mobile wallets. Utilizing innovative phishing techniques and a vast cybercrime infrastructure, these groups are bypassing traditional SMS methods by sending messages through iMessage and RCS, achieving high delivery rates and expanding their operations globally. Experts emphasize the need for financial institutions to adopt more secure methods for verifying card enrollments to combat this rising threat.
macOS, while generally secure due to built-in protections like Keychain, SIP, TCC, and Gatekeeper, remains a target for cybercriminals who exploit vulnerabilities. The article details these security mechanisms, common attack methods, and emphasizes the importance of monitoring and managing access to sensitive data to thwart potential threats.
A ransomware group known as Medusa has breached Albavision, a major media company, stealing sensitive data and demanding a ransom for its return. The attack showcases the increasing threat of cybercrime targeting prominent organizations, emphasizing the need for robust cybersecurity measures.
The LockBit 4.0 leak provides critical insights into the chaotic nature of ransomware-as-a-service (RaaS) groups, revealing that many affiliates operate without oversight and often act unpredictably. This disorganization complicates defenses and incident response efforts, emphasizing the necessity of proactive preparation over negotiation. The evolving landscape suggests increasing fragmentation among ransomware groups, making them harder to attribute and defend against.
Unit 42 researchers have identified a series of cyberattacks targeting financial organizations in Africa, attributed to a threat actor known as CL-CRI-1014, who appears to gain initial access to these institutions and sell it on the dark web. The attackers utilize a range of open-source tools, employing sophisticated techniques to disguise their operations and evade detection, while focusing on establishing footholds within these networks.
A Russian hacker associated with the REvil ransomware group received a suspended sentence and time served for his involvement in cybercrimes that targeted businesses worldwide. The case highlights the complexities of international cybercrime prosecution and the challenges of enforcing justice across borders.
Dutch police have identified 126 individuals linked to the now-defunct Cracked.io cybercrime forum, which facilitated the trade of stolen data and hacking tools. Many of those identified are young, with some being as young as 11 years old, and the police are engaging with them to highlight the long-term consequences of their online activities. The forum's infrastructure was dismantled in January 2025, but a new version of the site has since emerged.
Thai police conducted a raid at the Antai Holiday Hotel in Pattaya, uncovering a criminal gang involved in ransomware and illegal gambling. The operation led to the arrest of at least 20 foreign nationals, including six Chinese men who were distributing ransomware links, highlighting the intersection of cybercrime with traditional organized crime.
A new variant of spyware called Stealerium automates sextortion by detecting when users browse pornography, capturing screenshots and webcam images to blackmail victims. Researchers at Proofpoint revealed that this malware, available as open-source on GitHub, enhances traditional infostealer functions by adding a layer of privacy invasion and humiliation. The malware has been linked to multiple cybercriminal campaigns since May.
The FBI has issued a warning about cybercriminals creating fake versions of its Internet Crime Complaint Center (IC3) website, which could deceive users into providing personal information. Victims may inadvertently expose themselves to identity theft and financial scams while attempting to report online fraud. To avoid scams, users are advised to directly enter the official IC3 web address and be cautious of any altered URLs.
Phishing emails are increasingly targeting both human users and AI-based defenses, exploiting gaps in security measures to bypass traditional filters. The evolving tactics used by cybercriminals highlight the need for improved defenses to protect sensitive information and maintain user trust in digital communications.
Ethan J. Foltz, a 22-year-old from Oregon, has been arrested for allegedly operating "Rapper Bot," a large botnet used for launching DDoS attacks, including a significant attack that disrupted Twitter/X in March 2025. Federal investigators tracked Foltz's activities through financial records and chat logs, revealing that he and a co-conspirator extorted online businesses using the botnet's capabilities, which could generate massive amounts of junk data per second. Foltz now faces criminal charges that could lead to a maximum of 10 years in prison if convicted.
Klopatra is a newly discovered Android banking trojan that utilizes advanced evasion techniques and operates through sophisticated Remote Access Trojan (RAT) capabilities. Primarily targeting financial institutions in Spain and Italy, it is linked to a Turkish-speaking criminal group and employs a unique architecture that combines native libraries with commercial-grade code protection to evade detection. Its infection chain leverages social engineering tactics and exploits Android Accessibility Services for financial fraud.
The article discusses the rising trend of synthetic business fraud, where cybercriminals create fake identities and businesses to exploit financial systems. This type of fraud is becoming increasingly sophisticated, leading to significant financial losses for companies and financial institutions. Experts emphasize the need for enhanced detection and prevention measures to combat this growing threat.
North Korean hackers have successfully stolen approximately $88 million by masquerading as U.S. technology workers, exploiting sophisticated social engineering techniques. The attackers targeted various organizations to gain access to sensitive information and financial resources, showcasing their advanced cyber capabilities.
Operation Endgame has successfully disrupted a significant global ransomware infrastructure, leading to the apprehension of key individuals involved in cybercrime activities. This operation underscores the collaborative efforts of law enforcement agencies and cybersecurity experts to combat the rising threat of ransomware attacks worldwide.
The FBI has issued a warning about two cybercriminal groups, UNC6040 and UNC6395, that are exploiting Salesforce environments to steal data and extort organizations. These groups have employed various tactics, including social engineering and the use of compromised OAuth tokens, impacting many well-known companies and revealing sensitive information in their attacks. The FBI has released indicators of compromise to help organizations bolster their defenses against these threats.
The U.S. Treasury Department has sanctioned Funnull Technology, a Philippines-based company that has facilitated hundreds of thousands of cyber scam websites linked to over $200 million in losses for Americans. Funnull sold IP addresses to cybercriminals for virtual currency investment scams, and the Treasury also sanctioned Liu Lizhi, the company's administrator. As a result of these sanctions, U.S. transactions with Funnull and Lizhi are prohibited, and their assets will be frozen.
Europol has successfully dismantled a cybercrime operation responsible for generating over €540 million in illicit revenue through various online scams. The operation involved multiple arrests and the seizure of assets, highlighting the ongoing efforts to combat cybercrime across Europe.
An underground AI tool called SpamGPT is emerging as a CRM for cybercriminals, providing advanced marketing capabilities that enable more effective and targeted spam campaigns. This tool is designed to streamline operations for cybercriminals, offering features similar to legitimate business software, thus enhancing their ability to execute scams and phishing attacks. The rise of such tools highlights the ongoing challenges in cybersecurity and the increasing sophistication of cybercriminal activities.
Attackers are exploiting artificial intelligence to create fake CAPTCHAs, bypassing security measures that are designed to differentiate between human users and bots. This emerging tactic poses significant risks to online platforms and underscores the need for more robust security protocols.
The Justice Department has announced a series of coordinated actions aimed at disrupting the operations of the BlackSuit and Royal ransomware groups, targeting their infrastructure and financial networks. These efforts are part of a broader strategy to combat cybercrime and protect businesses and individuals from ransomware attacks.
A recent phishing attack targeted executives in the aviation industry, leading to a significant financial loss for a customer who was tricked into paying a fraudulent invoice. The investigation revealed links to a long-standing Nigerian cybercrime group known as SilverTerrier, which specializes in business email compromise scams and has been implicated in numerous similar attacks. Experts recommend organizations familiarize themselves with the financial fraud kill chain to recover funds lost to such schemes.
Ransomware gang Hunters International has announced its decision to shut down operations, citing various challenges faced in the cybercrime landscape. The group's closure reflects the increasing pressure from law enforcement and cybersecurity measures aimed at combating ransomware attacks.
A new HBO Max documentary series titled "Most Wanted: Teen Hacker" focuses on the cybercrimes of Julius Kivimäki, a Finnish hacker convicted of leaking patient records and extorting a psychotherapy clinic. The four-part series details Kivimäki's criminal activities from a young age, including a notorious DDoS attack against gaming platforms and his eventual arrest and sentencing for extortion. The series aims to shed light on the real-world impacts of cybercrime through Kivimäki's destructive exploits.
A large-scale ad fraud operation named 'Scallywag' has been generating 1.4 billion fraudulent ad requests daily through malicious WordPress plugins targeting piracy and URL shortening sites. Though efforts by the detection firm HUMAN have reduced Scallywag's operations by 95%, the perpetrators are adapting by rotating domains and exploring new monetization strategies.
French authorities have arrested several suspects linked to the cybercrime forum BreachForums, which is known for facilitating the trading of stolen data and hacking tools. The operation is part of a broader effort to combat cybercrime and enhance digital security across Europe.
Europol has successfully dismantled six major DDoS-for-hire services that were responsible for numerous cyberattacks across Europe. The operation involved multiple law enforcement agencies and aimed to curb the growing trend of cybercriminals offering DDoS attacks as a service. This crackdown is part of ongoing efforts to enhance cybersecurity and reduce online threats.
The article discusses Ianis Antropenko, a key figure in the Russian cybercrime group associated with the Zeppelin ransomware. It explores his background and the implications of his activities on cybersecurity, particularly focusing on the tactics used by the group to exploit vulnerabilities and extort victims.
Microsoft and Cloudflare have collaborated to take down the Raccoon365 phishing service, which targeted Microsoft 365 users. This operation aimed to protect users from credential theft and enhance overall cybersecurity measures against such phishing threats. The dismantling of Raccoon365 marks a significant step in combating cybercrime related to phishing schemes.
SatanLock ransomware has ceased its operations, marking an end to its activities after a significant data breach that had compromised sensitive information. The cybercriminal group has reportedly begun leaking the stolen data, raising concerns about the potential impact on affected organizations and individuals.
EvilCorp, a sanctioned Russian cybercriminal group, has been linked to RansomHub, a rapidly growing ransomware-as-a-service operation. The collaboration between these entities raises concerns about potential sanctions for RansomHub, as their combined tactics involve using malware like SocGholish to infiltrate systems and execute ransomware attacks. This connection could complicate the landscape for organizations responding to ransomware incidents and increase scrutiny from law enforcement.
A hacking group known as the Crimson Collective claims to have breached Red Hat's private GitLab repositories, stealing approximately 570GB of sensitive data, including customer engagement reports that detail client IT environments. The attackers assert they have already compromised some of Red Hat's downstream customers using authentication tokens found in the stolen files, while Red Hat has not confirmed the breach or responded to the hackers' extortion demands. The incident raises significant concerns for Red Hat's enterprise users, especially amid ongoing scrutiny over a critical bug in its OpenShift AI platform.
Scattered Lapsus$ Hunters has initiated a crowdsourced extortion scheme, offering $10 in Bitcoin to individuals who will pressure executives of organizations they claim to have breached into paying ransoms. The group has already reportedly paid out $1,000 and lists 39 alleged victims on its data leak site, threatening further action if demands are not met by a specified deadline. Despite claims of a breach, Salesforce has stated that there is no indication of compromise on its platform.
AI is transforming the cybercrime landscape by enhancing existing attack methods rather than creating new threats, making cybercriminal activities more efficient and accessible. The panel at RSA Conference 2025 emphasized the importance of adapting defense strategies to counter AI-driven attacks, highlighting the need for international cooperation and innovative security frameworks. As AI continues to evolve, both defenders and threat actors will need to adapt rapidly to the changing dynamics of cyber threats.
AT&T is investigating claims that approximately 86 million customer records are being sold on a cybercrime forum, believed to be a repackaging of data from a previous breach. The leaked information includes sensitive details such as dates of birth, phone numbers, and social security numbers, raising concerns about potential identity theft. AT&T is working to determine the origins of the data and has alerted law enforcement.
Criminals are selling compromised FBI and other government email accounts on dark web marketplaces for as low as $40, enabling them to impersonate officials and execute further crimes. These accounts provide real-time access, allowing attackers to submit fraudulent emergency data requests and manipulate investigations, posing significant threats to personal data security and law enforcement integrity.
Liridon Masurica, a Kosovo national, has pleaded guilty to running the BlackDB.cc cybercrime marketplace, which sold stolen personal information and compromised accounts from 2018 to 2025. Arrested in December 2024 and extradited to the U.S., he faces multiple charges that could result in a maximum sentence of 55 years in prison. The investigation was coordinated by the FBI and Kosovo authorities, highlighting a broader crackdown on cybercrime marketplaces.
A man received a suspended sentence after hacking public Wi-Fi networks at UK train stations and posting anti-Semitic messages online. The court found him guilty of using the hacked networks to spread hate speech, highlighting the dangers of cybercrime and online hate. His actions were deemed a serious breach of public trust and safety.
A turf war has erupted between ransomware groups DragonForce and RansomHub, both involved in recent cyberattacks on UK retailers. This conflict poses increased risks for companies, as competing groups may target the same victims, leading to potential double extortion. Experts indicate that the rivalry stems from DragonForce's rebranding and expansion of services, which has heightened tensions in the ransomware-as-a-service market.
Europol has successfully dismantled a major SIM farm network, significantly disrupting the criminal operations behind it. This network was involved in sim swapping attacks, which allowed hackers to gain control of victims' accounts and steal sensitive information. The operation highlights ongoing efforts to combat cybercrime and protect digital identities across Europe.
The Russian Market has gained popularity as a cybercrime marketplace for stolen credentials, particularly after the takedown of the Genesis Market. With a majority of sold credentials recycled from existing sources, the market features a significant number of logs containing sensitive information, including SaaS and SSO credentials. The rise of new infostealers like Acreed is noted, following the disruption of the Lumma stealer, indicating a dynamic landscape in cybercrime activities.
Canada’s financial regulators have imposed a historic $176 million fine on the cryptocurrency platform Cryptomus for failing to report suspicious transactions linked to serious crimes such as child sexual abuse material, fraud, and ransomware payments. The action follows an investigation revealing that Cryptomus facilitated numerous cybercrime services and was connected to a network of shadowy money service businesses operating under false pretenses in Canada.
Microsoft has dismantled the Lumma Stealer operation, a malware distribution network involved in stealing user credentials and sensitive information. The company's actions included seizing domains associated with the malware, significantly disrupting its functionality and targeting cybercriminal activities.
An analysis of over 2.6 million AI-related posts from underground sources reveals how threat actors are leveraging AI technologies for malicious purposes. The research highlights 100,000 tracked illicit sources and identifies five distinct use cases, including multilingual phishing and deepfake impersonation tools. This comprehensive insight offers unmatched visibility into adversaries' strategies and innovations in AI exploitation.
Southeast Asia has emerged as a significant hub for various online scams, prompting international scrutiny and sanctions against the region. The article discusses how these illicit activities are facilitated by sophisticated networks, and highlights the need for stronger regulatory measures to combat the growing threat.
Law enforcement in the U.S. and France has seized domains associated with the BreachForums hacking forum, known for selling stolen data and hacked credentials. Despite this action, a dark web version of BreachForums remains active, and the Scattered LAPSUS$ Hunters group claims it will still leak one billion Salesforce customer records. The ongoing struggle against cybercrime infrastructure emphasizes the resilience of such underground networks.
Daniil Kasatkin, a promising Russian basketball player, was arrested in connection with a ransomware attack targeting the basketball community. His involvement in the crime has raised significant concerns about the impact of cybercrime in sports and the integrity of the game.
Colt Telecom is currently dealing with a significant ransomware attack that has affected its services and led to the breach of sensitive data, which is being sold by the attackers for $200,000. The cause of the breach is believed to be a vulnerability in Microsoft SharePoint, highlighting the ongoing challenges faced by service providers in cybersecurity.
Authorities in Pakistan have arrested 21 individuals linked to the “Heartsender” malware service, which facilitated spam and cybercrime for over a decade, resulting in extensive financial losses. The operation, which targeted various internet companies, was identified by KrebsOnSecurity in 2021, and included notorious figures like Rameez Shahzad, the alleged ringleader. The arrests follow a series of raids conducted by the National Cyber Crime Investigation Agency amid ongoing investigations into transnational organized crime.
Silent Push CEO Ken Bagnall discusses the ongoing challenges of combating cybercrime, highlighting the vast network of financial scams linked to the Philippines-based company Funnull. He emphasizes the complexities of disrupting these operations, as crime organizations adapt to law enforcement tactics, and notes the need for a collaborative international effort to address the systemic issues posed by cybercrime.
Cybercriminals are utilizing malicious traffic distribution systems (TDS), such as TAG-124, to deliver targeted malware and conduct ransomware attacks on high-value targets, particularly in the healthcare sector. This infrastructure enhances the efficiency of cybercriminal operations, enabling them to exploit vulnerabilities and maximize extortion payouts. Understanding and mitigating the risks associated with TAG-124 is crucial for organizations to defend against these sophisticated attacks.