Tag: cybercrime
-
Tea app data theft scandal worsens as stolen IDs leaked to cybercriminal forum
Makers of the app for women called Tea are continuing to respond to an intrusion into a “legacy data storage system” that exposed photos of users, including images of driver’s licenses. First seen on therecord.media Jump to article: therecord.media/tea-app-data-breach-stolen-ids-leaked
-
Android Malware-as-a-Service Gets Cheaper, Packing 2FA Interception
Malware-as-a-service (MaaS) platforms like PhantomOS and Nebula are democratizing Android device attacks because they provide pre-built, subscription-based malware kits for as little as $300 per month, marking a fundamental shift in the cybercrime scene. These services eliminate the need for coding expertise, providing cybercriminals with fully functional Android trojans equipped with advanced capabilities like two-factor…
-
Inside Muddled Libra’s Playbook: Call Center Attacks for Initial Breach
Palo Alto Networks’ Unit 42, the cybercrime group tracked as Muddled Libra also known as Scattered Spider or UNC3944 has demonstrated remarkable resilience and adaptation in 2025, following international law enforcement disruptions in late 2024. Despite federal charges against five suspected members in November 2024, the group has escalated its intrusion operations across sectors including…
-
UNC3944 Ransomware Attacks Target U.S. Infrastructure via VMware Exploits
Tags: attack, cybercrime, cybersecurity, exploit, google, group, hacking, infrastructure, intelligence, ransomware, threat, vmwareA financially driven cybercrime group known as UNC3944 has launched a coordinated and highly targeted hacking campaign that ends with ransomware against major U.S. industries, according to a joint report by Google’s Threat Intelligence Group (GTIG) and cybersecurity firm Mandiant…. First seen on sensorstechforum.com Jump to article: sensorstechforum.com/unc3944-ransomware-attacks-vmware-exploits/
-
Threat Actors Claim Breach of Airpay Payment Gateway
Cybercriminals have reportedly claimed a successful breach of Airpay, an Indian payment gateway service, raising serious concerns about the security of financial data and customer information. The allegations surfaced on underground forums where threat actors are allegedly offering access to sensitive data for sale, though the full extent and validity of the claimed breach remains…
-
Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
Tags: attack, cybercrime, google, group, infrastructure, mandiant, phone, ransomware, software, tactics, vmwareThe notorious cybercrime group known as Scattered Spider is targeting VMware ESXi hypervisors in attacks targeting retail, airline, and transportation sectors in North America.”The group’s core tactics have remained consistent and do not rely on software exploits. Instead, they use a proven playbook centered on phone calls to an IT help desk,” Google’s Mandiant team…
-
Darkweb das verkannte Security-Tool
Tags: crypto, cyberattack, cybercrime, exploit, hacker, intelligence, leak, mail, malware, ransomware, service, threat, tool, vulnerability, zero-dayEin Besuch im Darkweb kann der IT-Sicherheit zuträglich sein.Ist vom Darkweb die Rede, weckt das bei den meisten Menschen dunkle Assoziationen von einem florierenden Cyberuntergrund, in dem (unter anderem) mit Waffen, Drogen und Zugangsdaten gehandelt wird. Das trifft zwar durchaus zu allerdings eröffnet das Darkweb Unternehmen, beziehungsweise Security-Spezialisten und -Forschern, auch einige interessante Möglichkeiten, Schaden…
-
Wie KI zur größten Cyberbedrohung wird
Von Michael Kleist, Area Vice President CEE bei CyberArk Das aktuelle »Bundeslagebild Cybercrime 2024« des Bundeskriminalamts hat es nochmal bestätigt: Die Gefährdungslage durch Cyberkriminalität bleibt in Deutschland unverändert hoch, teilweise ist sogar von steigenden Gefahren auszugehen [1]. Ein Grund dafür ist die zunehmende KI-Nutzung durch Angreifer. Auch das Lagebild kommt zum Schluss, dass KI verstärkt……
-
Phishing lässt sich auch durch SecureMail-Gateways nicht aufhalten
Phishing hat sich zu einem der gefährlichsten Einfallstore moderner Cyberkriminalität entwickelt und dabei vor allem eines bewiesen: Anpassungsfähigkeit. Wo Unternehmen auf ausgereifte Schutzmaßnahmen wie Secure-E-Mail-Gateways (SEGs) setzen, nutzen Angreifer gezielt deren Schwächen aus. Die Angriffsmethoden werden immer raffinierter und dynamischer deshalb ist jetzt an der Zeit ist, über neue Verteidigungsstrategien nachzudenken. Wie […] First seen…
-
Scattered Spider Exploiting VMware vSphere
Hacking Tactics Linked to Retail, Airline Compromises. The loosely connected band of adolescent cybercriminals tracked as Scattered Spider has joined the VMware hypervisor hacking bandwagon, pivoting into virtual servers through corporate instances of Active Directory. vSphere integration with Active Directory adds a yet another layer of insecurity. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/scattered-spider-exploiting-vmware-vsphere-a-29059
-
Hackers Exploit Google Forms to Trick Victims into Stealing Cryptocurrency
Cybercriminals are increasingly using Google Forms to plan cryptocurrency theft in a sophisticated evolution of phishing assaults, taking advantage of the platform’s built-in credibility and smooth integration with Google’s ecosystem. This tactic allows malicious actors to bypass traditional email security filters, delivering deceptive messages directly to victims’ inboxes. By masquerading as legitimate notifications from cryptocurrency…
-
The Young and the Restless: Young Cybercriminals Raise Concerns
National governments warn that many hacker groups attract young people through a sense of community, fame, or the promise of money and the perception of a lack of risk of prosecution. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/young-cybercriminals-raise-concerns
-
Phishing Attack Spoofs Facebook Login Page to Capture Credentials
Cybercriminals are using a variety of dishonest tactics in a sophisticated phishing effort aimed at Facebook users in order to obtain login information. The attack begins with a malicious redirect that leads victims to a fraudulent website mimicking legitimate Facebook interfaces. Here, users encounter a fake CAPTCHA prompt designed to appear as a standard security…
-
Multiple Hacker Groups Exploit SharePoint 0-Day Vulnerability in the Wild
Tags: cve, cyber, cybercrime, exploit, flaw, group, hacker, microsoft, remote-code-execution, threat, vulnerability, zero-dayMicrosoft has confirmed that a pair of zero-day vulnerabilities in on-premises SharePoint Server, collectively dubbed ToolShell, are under active exploitation by diverse threat actors ranging from opportunistic cybercriminals to sophisticated nation-state advanced persistent threat (APT) groups. ToolShell encompasses CVE-2025-53770, a critical remote code execution (RCE) flaw allowing unauthenticated attackers to execute arbitrary code on vulnerable…
-
BlackSuit Ransomware Infrastructure Seized by Authorities
International law enforcement agencies delivered a significant blow to cybercriminals this week with the successful takedown of critical infrastructure belonging to the BlackSuit ransomware gang. The coordinated operation, dubbed >>Operation Checkmate,
-
Supply chain attack compromises npm packages to spread backdoor malware
Tags: attack, authentication, backdoor, control, cybercrime, cybersecurity, data, defense, email, linux, macOS, malicious, malware, mfa, phishing, software, supply-chain, threat, tool, update, vulnerability, windowsis npm JavaScript type testing utility with malware that went unnoticed for six hours. The bad news was delivered by maintainer Jordan Harband in a post on Bluesky:”Heads up that v3.3.1 of npmjs.com/is has malware in it, due to another maintainer’s account being hijacked,” he wrote.The infected version was removed by npm admins and v3.3.0…
-
Law Enforcement Cracks Down on XSS, but Will It Last?
The arrest of a suspected administrator for the popular cybercrime forum was one of several enforcement actions in the past week targeting malicious activity. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/law-enforcement-cracks-down-xss
-
Breach Roundup: Suspected XSS Cybercrime Forum Admin Arrested
Also: Clorox Sues IT Vendor Over Password Blunder. This week, XSS forum admin arrested, Clorox sued Cognizant, Lumma Stealer is back, NY regulates water, U.S. maritime cybersecurity rules in effect, new Coyote banking Trojan, a hacker nabbed details of Mexico City auxiliary police, Latin America cyberattacks, and World Leaks stole synthetic data. First seen on…
-
Mutmaßlicher Betreiber von großem Cybercrime-Forum geschnappt
Der mutmaßliche Betreiber einer großen Plattform für Cyberkriminalität wurde festgenommen.Der mutmaßliche Betreiber einer großen russischsprachigen Plattform für Cyberkriminalität ist in der Ukraine festgenommen worden. Das Forum sei seit 2013 aktiv gewesen und einer der zentralen Orte für Cyberkriminalität weltweit gewesen, teilte die Staatsanwaltschaft Paris mit, die seit Jahren gegen die Plattform ermittelt. Der Verdächtige sei…
-
Mutmaßlicher Betreiber von großem Cybercrime-Forum geschnappt
Der mutmaßliche Betreiber einer großen Plattform für Cyberkriminalität wurde festgenommen.Der mutmaßliche Betreiber einer großen russischsprachigen Plattform für Cyberkriminalität ist in der Ukraine festgenommen worden. Das Forum sei seit 2013 aktiv gewesen und einer der zentralen Orte für Cyberkriminalität weltweit gewesen, teilte die Staatsanwaltschaft Paris mit, die seit Jahren gegen die Plattform ermittelt. Der Verdächtige sei…
-
Key Operator of World’s Largest XSS Dark Web Platform Detained
International law enforcement agencies have dismantled one of the world’s most influential Russian-speaking cybercrime platforms following the arrest of its suspected administrator in a coordinated operation spanning France, Ukraine, and broader European cooperation. The takedown of xss.is represents a significant blow to global cybercriminal networks that have operated with relative impunity on the dark web…
-
Smashing Security podcast #427: When 2G attacks, and a romantic road trip goes wrong
Graham warns why it is high time we said goodbye to 2G – the outdated mobile network being exploited by cybercriminals with suitcase-sized SMS blasters. From New Zealand to London, scammers are driving around cities like dodgy Uber drivers, spewing phishing texts to thousands at once. First seen on grahamcluley.com Jump to article: grahamcluley.com/smashing-security-podcast-427/
-
3 China Nation-State Actors Target SharePoint Bugs
Hackers and cybercrime groups are part of a virtual feeding frenzy, after Microsoft’s recent disclosure of new vulnerabilities in on-premises editions of SharePoint Server. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/3-china-nation-state-actors-sharepoint-bugs
-
UK government wants ransomware victims to report breaches so it can carry out ‘targeted disruptions’ against hackers
Experts applauded the proposed change, which would require ransomware victims to notify authorities when paying a hacker’s ransom, arguing that this information can help catch cybercriminals and stop their activities. First seen on techcrunch.com Jump to article: techcrunch.com/2025/07/22/uk-government-wants-ransomware-victims-to-report-cyberattacks-so-it-can-disrupt-the-hackers/
-
XSS.IS Cybercrime Forum Seized After Admin Arrested in Ukraine
XSS.IS has been seized after its admin was arrested in Ukraine, however its dark web and mirror domains only show a 504 Gateway Timeout error. First seen on hackread.com Jump to article: hackread.com/xss-is-cybercrime-forum-seized-ukraine-arrested-admin/
-
Suspected Admin of XSS.IS Cybercrime Forum Arrested in Ukraine
Suspected admin of XSS.IS, a major Russian-language cybercrime forum, arrested in Ukraine after years of running malware and data trade operations. First seen on hackread.com Jump to article: hackread.com/suspected-xss-is-admin-cybercrime-forum-arrest-ukraine/
-
French Authorities confirm XSS.is admin arrested in Ukraine
French authorities announced the arrest in Ukraine of an alleged administrator of the long-running cybercrime forum XSS.is. A joint investigation conducted by French police, Ukrainian authorities, and Europol led to the arrest of the suspected administrator of the major Russian-speaking cybercrime forum xss.is. >>The Paris prosecutor’s office announced on Wednesday, July 23, that an individual…
-
Mastermind behind Russian-speaking cybercrime hub arrested in Ukraine
The suspected administrator of xss.is, one of the world’s most influential Russian-speaking cybercrime forums, was arrested in Kyiv, Ukraine, on 22 July. The takedown followed … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/23/europol-cybercrime-operation-xss-is-admin-arrest/
-
The password that sank a 158-year-old business
The 2023 collapse of the 158-year old UK logistics company KNP resulted in the loss of 700 jobs. The devastating cyber attack that shuttered the company has returned to the spotlight this week with a BBC Panorama documentary examining the real-world consequences of ransomware and the rapidly evolving scale of cybercrime in the UK. The…