Tag: cybercrime
-
Attackers Used AI to Breach an AWS Environment in 8 Minutes
Threat actors using LLMs needed only eight minutes to move from initial access to full admin privileges in an attack on a company’s AWS cloud environment in the latest example of cybercriminals expanding their use of AI in their operations, Sysdig researchers said. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/attackers-used-ai-to-breach-an-aws-environment-in-8-minutes/
-
Bulletproof Hosting Providers Exploit Legitimate ISPs to Power Cybercrime Servers
A surprising link between legitimate IT software and major cybercriminal operations. While investigating attacks by the >>WantToCry<< ransomware gang, analysts noticed that the attackers were using virtual machines (VMs) with identical, computer names (hostnames) like WIN-J9D866ESIJ2 and WIN-LIVFRVQFMKO. These names were not random. They were automatically generated by ISPsystem, a completely legitimate company that makes software for managing web…
-
Why Good Cyber Defense Rarely Stops Attackers
Global Cyber Alliance: as AI Fuels Cybercrime, Outcomes Keep Getting Worse. Security teams report stronger controls and broader collaboration each year. Yet cybercrime outcomes continue to worsen. Brian Cute of the Global Cyber Alliance says artificial intelligence-based attacks are tipping the scales against cyber defenders. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/good-cyber-defense-rarely-stops-attackers-a-30692
-
Substack Breach: 662,752 User Records Leaked on Cybercrime Forum
Substack confirms a breach after hacker accessed internal user records now circulating on crime forums, exposing emails, phone numbers, and account metadata. First seen on hackread.com Jump to article: hackread.com/substack-breach-user-records-leak-cybercrime-forum/
-
Proton Warns European Startups: No One Is Too Small to Be Targeted by Hackers
Tags: breach, business, cybercrime, cybersecurity, dark-web, data, hacker, monitoring, privacy, startupSwiss privacy company Proton is urging European startups to rethink their cybersecurity approach after new research based on dark-web breach monitoring found that early-stage companies are increasingly targeted by cybercriminals, with significant consequences for innovation, data protection, and business continuity. The push comes as Proton launches its new initiative, “Build in Private,” aimed at helping…
-
Attackers Use Legitimate Forensic Driver to Disable Endpoint Security, Huntress Warns
Tags: attack, cybercrime, endpoint, incident response, malicious, software, threat, tool, vulnerabilityCybercriminals are increasingly turning trusted software against defenders, according to new research from Huntress, which has uncovered a real-world attack in which threat actors used a legitimate but vulnerable driver to disable endpoint security tools before deploying further malicious activity. In a detailed incident response analysis, Huntress researchers observed attackers abusing an outdated EnCase forensic…
-
ShadowSyndicate Leverages Server Transition Technique in Latest Ransomware Attacks
ShadowSyndicate, a sophisticated cybercrime cluster first identified in 2023, has evolved its infrastructure management tactics by implementing a previously unreported server transition technique. This method involves rotating SSH fingerprints across multiple servers to obscure operational continuity. However, operational security (OPSEC) errors have allowed researchers to trace these connections.”‹ The threat actor orchestrates large server clusters…
-
Police shut down global DDoS operation, arrest 20-year-old
Police officers from Poland’s Central Bureau for Combating Cybercrime (CBZC) have arrested a 20-year-old man suspected of carrying out global DDoS attacks targeting … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/05/ddos-poland-suspect-arrested/
-
Cybercrime mittels Prävention zurückdrängen: Ausführungen zur Zusammenarbeit von Ermittlern und Staatsanwaltschaft auf der ‘IT-DEFENSE 2026″
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/cybercrime-pravention-zuruckdraengung-zusammenarbeit-ermittler-staatsanwaltschaft-it-defense-2026
-
TRM Labs Raises $70M Series C for AI Crime-Fighting Push
Funding at $1B Valuation Targets AI-Driven Investigations and Compliance Tools. TRM Labs has secured $70 million in Series C funding led by Blockchain Capital reaching a $1 billion valuation. CEO Esteban Castano says the money will boost AI-powered investigations, compliance automation and intelligence as criminals use AI to scale cybercrime faster than defenders can respond.…
-
Harvard, UPenn Data Leaked in ShinyHunters Shakedown
Leaked Financial and Admissions Data Includes Contact Details for ‘Top Donors’. Harvard University has been named as a victim and doxed by hack-and-leak group ShinyHunters, apparently as a result of the cybercrime group’s ongoing live phishing attacks that often attempt to trick IT help desks into giving attackers direct access to a victim’s network and…
-
Hackers publish personal information stolen during Harvard, UPenn data breaches
The prolific cybercrime group ShinyHunters took responsibility for hacking Harvard and the University of Pennsylvania, and published the stolen data on its extortion website. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/04/hackers-publish-personal-information-stolen-during-harvard-upenn-data-breaches/
-
Autonomous attacks ushered cybercrime into AI era in 2025
Malwarebytes urged companies to adopt continuous monitoring and lock down identity systems as AI models get better at orchestrating intrusions. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cybercrime-ai-ransomware-mcp-malwarebytes/811360/
-
New Technical Markers Reveal Expanding ShadowSyndicate Cybercriminal Infrastructure
ShadowSyndicate cluster expands with new SSH fingerprints connecting servers to other ransomware ops First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/shadowsyndicate/
-
ValleyRAT Masquerades as LINE Installer to Target Users and Harvest Login Credentials
A malware campaign where cybercriminals distribute a fake LINE messenger installer that secretly deploys the ValleyRAT malware to steal credentials and evade detection. Since early 2025, threat actors have increasingly used fraudulent software installers to deliver malware. This campaign shares techniques with previously discovered LetsVPN-themed attacks, including task-scheduler persistence, PowerShell-based evasion, and C2 communications via Hong Kong servers. Cybereason GSOC performed…
-
Frequently Asked Questions About Notepad++ Supply Chain Compromise
Tags: advisory, attack, backdoor, china, credentials, cve, cyber, cybercrime, defense, espionage, government, group, Hardware, infrastructure, malware, ransomware, security-incident, service, software, supply-chain, threat, update, vulnerability, windowsThreat actors compromised the update infrastructure for Notepad++, redirecting traffic to an attacker controlled site for targeted espionage purposes. Key takeaways: Beginning in June 2025, threat actors compromised the infrastructure Notepad++ uses to distribute software updates. The issue has been addressed and Notepad++ have released 8.9.1 which now includes XML signature validation (XMLDSig) for security…
-
Cybercrime Unit of Paris Prosecutors Raid Elon Musk’s X Offices in France
Elon Musk and X’s former CEO were summoned for voluntary interviews in Paris on April 20, 2026 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/paris-prosecutors-raid-elon-musk-x/
-
IPIDEA Proxy Network Dismantled: Global Cybercrime and Botnet Risks Exposed
Researchers have found what they believe is one of the world’s largest residential proxy networks: the IPIDEA proxy operation. The action targeted a little-known but deeply embedded component of the online ecosystem that has been quietly enabling large-scale cybercrime, espionage, and botnet activity. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/ipidea-proxy-residential-network-disruption/
-
Was tun, wenn die Erpresser kommen?
Tags: access, ai, backup, bsi, cio, cyberattack, cybercrime, data, encryption, hacker, infrastructure, Internet, mail, password, phishing, ransomware, service, supply-chain, update, vulnerabilityRuhe bewahren und keine übereilten Sachen machen, empfiehlt Podcast-Gast Joanna Lang-Recht. intersoft consulting services AGMontagmorgen, 8:00 Uhr. Die Mitarbeitenden können sich nicht einloggen. Die Produktionsbänder stehen still, und auf den Bildschirmen prangen digitale Erpresserschreiben. Der Albtraum eines jeden CIOs ist wahr geworden: Ein Ransomware-Angriff hat den Betrieb lahmgelegt. Jetzt endet der Regelbetrieb, und der Ausnahmezustand…
-
Cybercrime Enters a New Era as Autonomous AI Agents Take Center Stage
As of February 2026, enterprise defenders are no longer just battling human-operated ransomware groups or credential thieves. The frontline has shifted to a new class of threat: autonomous AI agents that plan, execute, adapt, and even reinvest their own criminal profits without direct human oversight. The convergence of OpenClaw (local runtime), Moltbook (agent collaboration network),…
-
ShinyHunters Expands Scope of SaaS Extortion Attacks
Following its attacks on Salesforce instances last year, members of the cybercrime group have broadened their targeting and gotten more aggressive with extortion tactics. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/shinyhunters-expands-scope-saas-extortion-attacks
-
Cybercrime 2.0 – Cyberkriminelle steigern ihre Effizienz mit Agentic AI
First seen on security-insider.de Jump to article: www.security-insider.de/agentic-ai-cyberkriminalitaet-automatisierung-trend-micro-bericht-a-5f5bea760fb1f7738d575241e6083990/
-
BreachForums Breach Exposes Names of 324K Cybercriminals, Upends the Threat Intel Game
The BreachForums marketplace has suffered a leak, exposing the identities of nearly 324,000 cybercriminals. This incident highlights a critical shift in cyberattacks, creating opportunities for law enforcement while demonstrating the risks associated with breaches in the cybercriminal ecosystem. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/breachforums-breach-exposes-names-of-324k-cybercriminals-upends-the-threat-intel-game/
-
Google Uncovers Major Expansion in ShinyHunters Threat Activity Using New Tactics
Tags: authentication, corporate, credentials, cyber, cybercrime, extortion, google, identity, mfa, phishing, service, software, tactics, threatA substantial expansion in cybercrime operations using tactics consistent with ShinyHunters-branded extortion campaigns. These sophisticated operations employ advanced voice phishing (vishing) and victim-branded credential harvesting websites to compromise corporate environments by stealing single sign-on (SSO) credentials and multi-factor authentication (MFA) codes. While the methodology of targeting identity providers and Software-as-a-Service (SaaS) platforms remains consistent with…
-
Deutschland und Israel trainieren Abwehr von Cyberangriff
Bundesinnenminister Alexander Dobrindt mit dem israelischen Ministerpräsidenten Benjamin Netanjahu bei der Pressekonferenz. BMI/ Laurin SchmidDeutschland und Israel haben nach Angaben des Bundesinnenministeriums erstmals gemeinsam die Abwehr eines schweren Cyberangriffs trainiert. Die Übung mit dem Namen “Blue Horizon” war demnach der erste konkrete Schritt aus dem Cyber- und Sicherheitspakt, den Bundesinnenminister Alexander Dobrindt (CSU) und Israels…
-
Wie Unternehmen Compliance für Cyberversicherungen erreichen können
Möglichkeiten zur Senkung der Versicherungsprämien. Der weltweite Markt für Cybersicherheitsversicherungen ist bis 2026 auf rund 20 Milliarden US-Dollar angewachsen ein Trend, der sich voraussichtlich fortsetzen wird, da immer stärker ausgefeilte Ransomware-Kampagnen, KI-gestützte Angriffe und der regulatorische Druck zunehmen. Da Cyberkriminalität im Jahr 2026 voraussichtlich wirtschaftliche Schäden in Höhe von Billionen US-Dollar verursachen wird,… First seen…
-
Startup Amutable plotting Linux security overhaul to counter hacking threats
Tags: attack, backdoor, ceo, cloud, computer, computing, container, cve, cybercrime, data, exploit, fortinet, hacking, infrastructure, kubernetes, linux, microsoft, open-source, skills, software, startup, supply-chain, technology, threat, tool, training, vpn, vulnerabilitysystemd, he has alongside him two other ex-Microsoft employees, Chris Kühl as CEO, and Christian Brauner as CTO.A clue to Amutable’s plans lies in the announcement’s emphasis on some of its founders’ backgrounds in Kubernetes, runc, LXC, Incus, and containerd, all connected in different ways to the Linux container stack. Computing is full of security…
-
FBI takes notorious RAMP ransomware forum offline
The FBI has seized control of RAMP, a notorious cybercrime online forum that bragged to be the only place that allowed ransomware, and boasted over 14,000 active users. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/fbi-takes-notorious-ramp-ransomware-forum-offline
-
Google’s disruption rips millions out of devices out of malicious network
The actions impaired some of IPIDEA’s proxy infrastructure, but not all of it. The effort underscores the back-and-forth struggle of taking out pieces of cybercriminals’ vast and growing infrastructure. First seen on cyberscoop.com Jump to article: cyberscoop.com/ipidea-proxy-network-disrupted-google-lumen/
-
Threat Actors Hide Behind School-Themed Domains In Newly Uncovered Bulletproof Infrastructure
A sophisticated traffic distribution system (TDS) hiding behind education-themed domains. The operation uses bulletproof hosting to deliver phishing pages, scams, and malware files. Analysts triaged a first-stage JavaScript loader from hxxps[:]//toxicsnake-wifes[.]com/promise/script.js. This revealed a commodity cybercrime farm routing victims to harmful payloads. The main domain, toxicsnake-wifes[.]com, acts as a TDS node. It injects db.php with…