Tag: cybercrime
-
CastleBot MaaS Released Diverse Payloads in Coordinated Mass Ransomware Attacks
IBM X-Force has uncovered CastleBot, a nascent malware framework operating as a Malware-as-a-Service (MaaS) platform, enabling cybercriminals to deploy a spectrum of payloads ranging from infostealers to sophisticated backdoors implicated in ransomware operations. First detected in early 2025 with heightened activity since May, CastleBot facilitates the delivery of threats like NetSupport and WarmCookie, which have…
-
Over 5,000 Fake Online Pharmacies Caught Selling Counterfeit Medicines
Researchers at Gen have uncovered a vast network of over 5,000 fraudulent online pharmacy domains operated by a single cybercriminal entity dubbed MediPhantom. This elaborate PharmaFraud operation exploits advanced techniques including domain hijacking, search engine optimization manipulation, and AI-generated content to deceive consumers seeking medications for conditions like erectile dysfunction, weight loss, and essential antibiotics.…
-
GreedyBear: 40 Fake Crypto Wallet Extensions Found on Firefox Marketplace
A new, coordinated cybercrime campaign called “GreedyBear” has stolen over $1 million from crypto users. Learn how the group uses malicious extensions, malware, and fake websites in an industrial-scale attack uncovered by Koi Security. First seen on hackread.com Jump to article: hackread.com/greedybear-fake-crypto-wallet-extensions-firefox-marketplace/
-
GreedyBear: 40 Fake Crypto Wallet Extensions Found on Firefox Marketplace
A new, coordinated cybercrime campaign called “GreedyBear” has stolen over $1 million from crypto users. Learn how the group uses malicious extensions, malware, and fake websites in an industrial-scale attack uncovered by Koi Security. First seen on hackread.com Jump to article: hackread.com/greedybear-fake-crypto-wallet-extensions-firefox-marketplace/
-
US Confirms Takedown of BlackSuit Ransomware Behind 450+ Hacks
Federal law enforcement agencies have successfully dismantled the critical infrastructure of BlackSuit ransomware, a sophisticated cybercriminal operation that has compromised over 450 victims across the United States since 2022 and collected more than $370 million in ransom payments. Major International Operation Targets Cyber Criminal Network ICE’s Homeland Security Investigations (HSI) led the coordinated takedown in…
-
Royal and BlackSuit ransomware gangs hit over 450 US companies
The U.S. Department of Homeland Security (DHS) says the cybercrime gang behind the Royal and BlackSuit ransomware operations had breached hundreds of U.S. companies before their infrastructure was dismantled last month. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/royal-and-blacksuit-ransomware-gangs-hit-over-450-us-companies/
-
Silver Fox APT Blurs the Line Between Espionage & Cybercrime
Silver Fox is the Hannah Montana of Chinese threat actors, effortlessly swapping between petty criminal and nation-state-type attacks. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/silver-fox-apt-espionage-cybercrime
-
BlackSuit, Royal ransomware group hit over 450 US victims before last month’s takedown
The Department of Homeland Security said the Russian cybercrime collective received at least $370 million in ransom payments, based on current cryptocurrency valuations. First seen on cyberscoop.com Jump to article: cyberscoop.com/blacksuit-royal-ransomware-450-us-victims/
-
How Machine Learning Detects Living off the Land (LotL) Attacks
Elite cybercriminals prefer LotL attacks because they’re incredibly hard to spot. Instead of deploying obvious malware, attackers use the same trusted tools that an IT team relies on daily, such as PowerShell, Windows Management Instrumentation (WMI) and various integrated utilities on almost every computer. When attackers use legitimate system tools, traditional security software thinks everything…
-
‘Samourai’ Cryptomixer Founders Plead Guilty to Money Laundering
Tags: cybercrimeAs part of their plea deal, the cybercriminal founders will also have to forfeit more than $200 million. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/cryptomixer-founders-guilty-money-laundering
-
SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others
The threat actors behind the SocGholish malware have been observed leveraging Traffic Distribution Systems (TDSs) like Parrot TDS and Keitaro TDS to filter and redirect unsuspecting users to sketchy content.”The core of their operation is a sophisticated Malware-as-a-Service (MaaS) model, where infected systems are sold as initial access points to other cybercriminal organizations,” Silent Push…
-
Cryptomixer founders pled guilty to laundering money for cybercriminals
The founders of the Samourai Wallet (Samourai) cryptocurrency mixer have pleaded guilty to laundering over $200 million for criminals. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/samourai-cryptomixer-founders-pled-guilty-to-laundering-money-for-cybercriminals/
-
Cryptomixer founders pled guilty to laundering money for cybercriminals
The founders of the Samourai Wallet (Samourai) cryptocurrency mixer have pleaded guilty to laundering over $200 million for criminals. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/samourai-cryptomixer-founders-pled-guilty-to-laundering-money-for-cybercriminals/
-
SocGholish Uses Parrot and Keitaro TDS to Spread Malware via Fake Updates
SocGholish, operated by the threat actor group TA569, has solidified its role as a prominent Malware-as-a-Service (MaaS) provider, functioning as an Initial Access Broker (IAB) that sells compromised system access to various cybercriminal clients. Since its emergence around 2017-2018, this malware family, also known as FakeUpdates, has primarily employed deceptive fake browser update lures to…
-
Black Hat Fireside Chat: Inside the ‘Mind of a Hacker’, A10’s plan for unified threat detection
In today’s threat landscape, attackers are no longer just exploiting technical flaws, they’re exploiting business logic. Think gaps in workflows, permissions, and overlooked assumptions in how applications behave. This subtle shift is creating powerful new footholds for cybercriminals and… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/black-hat-fireside-chat-inside-the-mind-of-a-hacker-a10s-plan-for-unified-threat-detection/
-
Cybercriminals are getting personal, and it’s working
Cybercriminals are deploying unidentifiable phishing kits (58% of phishing sites) to propagate malicious campaigns at scale, indicating a trend towards custom-made or … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/07/email-attacks-q2-2025/
-
Cybercriminals are getting personal, and it’s working
Cybercriminals are deploying unidentifiable phishing kits (58% of phishing sites) to propagate malicious campaigns at scale, indicating a trend towards custom-made or … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/07/email-attacks-q2-2025/
-
VexTrio Cybercrime Outfit Run by Legit Ad Tech Firms
New research reveals that a malicious traffic distribution system (TDS) is run not by hackers in hoodies, but by a series of corporations operating in the commercial digital advertising industry. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/vextrio-cybercrime-outfit-legit-ad-tech
-
#BHUSA: Researchers Expose Infrastructure Behind Cybercrime Network VexTrio
According to Infoblox’s new report, the VexTrio cybercrime-enabling network originates from Italy and Eastern Europe First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/bhusa-cybercrime-network-vextrio/
-
On the Rise: Ransomware Victims, Breaches, Infostealers
Tags: breach, credentials, cybercrime, data, data-breach, exploit, ransomware, threat, vulnerabilityResearchers See ‘Acceleration’ in Existing Threats, Ongoing Criminal Success. Cybercrime so far this year can be summarized as featuring more of everything, with researchers tracking increases in the number of ransomware and data breach victims, credentials stolen by infostealers, and new vulnerability disclosures with exploits coming to light. First seen on govinfosecurity.com Jump to article:…
-
Black Hat 2025: Security Researcher Unpacks Cybercrime’s Evolution”¦ and How AI Is Changing the Game
From prank viruses to profit-driven cybercrime, Mikko Hypponen explains how today’s malware is targeted, professional, and all about money. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-black-hat-2025-cybercrime-evolution-ai-mikko-hypponen/
-
Threat Actors Use GenAI to Launch Phishing Attacks Mimicking Government Websites
Threat actors are increasingly leveraging generative AI (GenAI) tools to craft highly convincing phishing websites that impersonate legitimate government portals. As highlighted by Zscaler ThreatLabz in their recent reports and blogs, the dual nature of GenAI empowering productivity for legitimate users while enabling cybercriminals has become a critical issue. These tools, such as DeepSite AI…
-
Cisco discloses data breach impacting Cisco.com user accounts
Cisco has disclosed that cybercriminals stole the basic profile information of users registered on Cisco.com following a voice phishing (vishing) attack that targeted a company representative. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-discloses-data-breach-impacting-ciscocom-user-accounts/
-
Streamlit Vulnerability Exposes Users to Cloud Account Takeover Attacks
A critical security flaw in Streamlit, the popular open-source framework for building data applications, has been discovered that could allow cybercriminals to execute cloud account takeover attacks and manipulate financial data systems. The vulnerability, found in Streamlit’s file upload feature, demonstrates how a simple oversight in client-side validation can lead to devastating consequences for organizations…