Tag: cybercrime
-
British Scattered Spider hacker pleads guilty to crypto theft charges
A British man, believed to be the leader of the Scattered Spider cybercrime collective, has pleaded guilty in the United States to charges of wire fraud and aggravated identity theft. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/british-scattered-spider-hacker-pleads-guilty-to-crypto-theft-charges/
-
British hacker tied to Scattered Spider campaign pleads guilty in $8M scheme
A British hacker pleaded guilty in U.S. federal court to participating in a sweeping cybercrime campaign that siphoned at least $8 million in cryptocurrency from companies and individuals, federal prosecutors said. First seen on therecord.media Jump to article: therecord.media/hacker-scattered-spider-guilty-plea
-
Scattered Spider Hacker Pleads Guilty in US Federal Court
Tyler Buchanan Pleads Guilty to Conspiracy to Commit Wire Fraud and Identity Theft. A senior figure in the Scattered Spider cybercrime group pleaded guilty to one count of conspiracy to commit wire fraud and one count of aggravated identity theft on Friday in US federal district court. The plea marks the conclusion of a digital…
-
Inside an Underground Guide: How Threat Actors Vet Stolen Credit Card Shops
In cybercrime markets, trust isn’t assumed, it’s verified. Flare reveals how underground guides teach actors to evaluate carding shops based on data quality, reputation, and survivability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/inside-an-underground-guide-how-threat-actors-vet-stolen-credit-card-shops/
-
Hackers Deploy ATHR for Scalable AI-Driven Vishing and Credential Theft
Tags: ai, attack, automation, credentials, cyber, cybercrime, email, hacker, malicious, phishing, theftHackers are increasingly turning to telephone-oriented attack delivery (TOAD) to bypass traditional email security, and a new cybercrime platform called ATHR is accelerating this trend with AI-driven automation and integrated phishing capabilities. TOAD attacks rely on a simple but effective tactic: instead of embedding malicious links or attachments, attackers send benign-looking emails containing only a…
-
Google Deploys Gemini AI to Stop Threat Actors, Blocking 8.3 Billion Ads
Google has significantly escalated its fight against cybercriminals, deploying its advanced Gemini AI to neutralize malicious advertising campaigns. By leveraging generative AI, the tech giant intercepted more than 99% of these harmful advertisements before they ever reached end users. This milestone marks a major shift in how cybersecurity defenses handle automated threats. Threat actors have…
-
Cargo Hackers Hit Trucking Firms to Steal Physical Shipments
Hackers are increasingly breaking into trucking and freight companies to quietly hijack real-world cargo shipments, turning digital access into physical theft at scale. Researchers say organized crime rings are teaming up with cybercriminals to exploit the systems carriers and freight brokers use every day to book and dispatch loads. Cargo theft is already a multi”‘billion”‘dollar…
-
The need for a board-level definition of cyber resilience
Tags: awareness, business, cisa, compliance, control, crime, cyber, cybercrime, cybersecurity, detection, finance, framework, governance, law, metric, regulation, resilience, risk, risk-analysis, risk-management, service, supply-chain, technologyWhere the literature converges: Organizational outcomes vs. policy and controls It’s consistently agreed that cyber resilience should be tied to organizational outcomes rather than technical controls and policies. Rather than focusing on metrics such as mean time to detection or number of security controls, organizational cyber resilience needs to evaluate levels of business continuity, preservation…
-
Crypto-exchange Kraken extorted by hackers after insider breach
The Kraken cryptocurrency exchange announced that a cybercrime group is trying to extort the company by threatening to release videos showing internal systems that host client data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/crypto-exchange-kraken-extorted-by-hackers-after-insider-breach/
-
New ‘JanaWare’ ransomware targeting Turkish citizens as cybercriminal ecosystem fragments
The researchers said the ransomware operation has been ongoing since 2020 and is associated with a strain of malware that enforces execution constraints based on system locale and external IP geolocation. First seen on therecord.media Jump to article: therecord.media/new-janaware-ransomware-targeting-turkey
-
W3LL phishing service sold for $500 dismantled by the FBI
The W3LL phishing kit, a cybercrime tool used to impersonate legitimate login pages and steal usernames and passwords, has been dismantled by the FBI and Indonesian law … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/14/fbi-w3ll-phishing-kit-takedown/
-
Mirax Android RAT Hijacks Infected Phones as Residential Proxies
A new Android banking trojan called Mirax is rapidly gaining traction in the cybercrime ecosystem, combining powerful remote access features with residential proxy capabilities to turn victims’ smartphones into high-value infrastructure nodes. Mirax is marketed as a premium Android RAT and banking malware, offering attackers full, real”‘time control over compromised devices. Once installed, the malware can execute…
-
Mirax Android RAT Hijacks Infected Phones as Residential Proxies
A new Android banking trojan called Mirax is rapidly gaining traction in the cybercrime ecosystem, combining powerful remote access features with residential proxy capabilities to turn victims’ smartphones into high-value infrastructure nodes. Mirax is marketed as a premium Android RAT and banking malware, offering attackers full, real”‘time control over compromised devices. Once installed, the malware can execute…
-
FBI announces takedown of phishing operation that targeted thousands of victims
Cybercriminals allegedly used the W3LL phishing kit to target more than 17,000 victims worldwide, stealing their passwords and multi-factor authentication codes. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/13/fbi-announces-takedown-of-phishing-operation-that-targeted-thousands-of-victims/
-
US, Indonesia shut down ‘sophisticated’ phishing kit
For a nominal fee, cybercriminals could rent access to a service that maliciously duplicated popular websites’ login portals. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/phishing-kit-takedown-w3ll-us-indonesia/817318/
-
Hackers claim breach of Rockstar Games via cloud analytics platform
The ShinyHunters cybercrime group has claimed responsibility for breaching systems linked to video game developer Rockstar Games, threatening to release stolen data if a ransom is not paid. First seen on therecord.media Jump to article: therecord.media/rockstar-hackers-cyberattack-cloud
-
Booking.com warns customers of hack that exposed their data
Undisclosed number of names and contact and reservation details accessed in latest cybercrime attempt<ul><li><a href=”https://www.theguardian.com/business/live/2026/apr/13/oil-price-barrel-trump-naval-blockade-strait-of-hormuz-stock-markets-ftse-latest-news-updates”>Business live latest updates</li></ul>The accommodation reservation website Booking.com has suffered a data breach with “unauthorised parties” gaining access to customers’ details.The platform said it “noticed some suspicious activity involving unauthorised third parties being able to access some of our guests’ booking…
-
Alleged German DDoSHire Kingpin Behind Fluxstress Caught in Thailand
Alleged German cybercrime figure behind Fluxstress and Neldowner arrested in Thailand after years running global DDoS-for-hire services across countries. First seen on hackread.com Jump to article: hackread.com/german-ddos-for-hire-kingpin-fluxstress-thailand/
-
Alleged German DDoSHire Kingpin Behind Fluxstress Caught in Thailand
Alleged German cybercrime figure behind Fluxstress and Neldowner arrested in Thailand after years running global DDoS-for-hire services across countries. First seen on hackread.com Jump to article: hackread.com/german-ddos-for-hire-kingpin-fluxstress-thailand/
-
The Dark Web Explained with John Hammond
The dark web is often misunderstood, but it plays an important role in both privacy technology and cybercrime activity. In this episode, Tom Eston speaks with cybersecurity researcher and educator John Hammond about what the dark web actually is and how it has evolved in recent years. The discussion covers underground marketplaces, ransomware leak sites,……
-
Fake BTS Tour Ticket Scams Target Fans Worldwide
Cybercriminals are exploiting the massive hype around BTS’s return to the global stage by launching a wave of fake ticketing websites targeting fans across multiple countries. The K-pop group recently reunited after nearly four years, during which members completed mandatory military service in South Korea. Their upcoming “ARIRANG” world tour has triggered overwhelming demand and…
-
MuddyWater Uses Russian MaaS in New ChainShell Attack
MuddyWater is now weaponizing a Russian malware-as-a-service (MaaS) platform to run a new operation dubbed “ChainShell”, blending Iranian state targeting with commercially developed cybercrime tooling. The assessment is based on a misconfigured command”‘and”‘control (C2) web server, 15 malware samples, and a previously undocumented JavaScript/Node.js payload named ChainShell. Investigators conclude that MuddyWater is running at least…
-
Russia’s ‘Fancy Bear’ APT Continues Its Global Onslaught
Victims don’t need to match the cybercrime group’s technical sophistication, experts say. But patching and some form of zero trust are now non-negotiable. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/russias-fancy-bear-apt-continues-global-onslaught
-
Cybercriminals target accountants to drain Russian firms’ bank accounts
Cybercriminals have stolen millions from Russian companies by hacking accountants’ computers and disguising transfers as salary payments, with the largest confirmed theft exceeding 14 million rubles. First seen on therecord.media Jump to article: therecord.media/cybercriminals-hack-russian-accountants-to-steal-millions
-
Patch windows collapse as timeexploit accelerates
N-day exploitation: Rapid7 Labs validated its findings about a more febrile threat environment by producing both n-day and zero-day exploits using AI-assisted research, substantially reducing development time.In practice, n-day bugs, or the development of exploits against patched software, are a bigger problem than headline-grabbing zero-day vulnerabilities, adds Leeann Nicolo, incident response lead at Coalition, a technology…
-
ISMG Editors: Anthropic Bug Finder Sparks Zero-Day Dread
Also: How AI May Democratize Cybercrime and How Everyday Routers Enable Espionage. In this week’s ISMG panel, four ISMG editors discussed big shifts in cybersecurity: Anthropic’s dangerous new AI model that can uncover thousands of zero-days, growing concerns about a surge in AI-driven flaws, and the FBI disrupting a Russian espionage campaign targeting everyday routers.…
-
Cybercriminals Use Fake Zoom, Teams Calls to Deliver Malware
Tags: crypto, cyber, cybercrime, hacker, malicious, malware, microsoft, open-source, phishing, tacticsHackers are increasingly using fake Zoom and Microsoft Teams meetings to trick victims into infecting their own systems with malware. SEAL says it has blocked 164 malicious domains tied to this operation using MetaMask’s eth-phishing-detect system. The campaign primarily targets cryptocurrency professionals, Web3 developers, and investors, but its tactics are now expanding toward open-source communities.…