Tag: cybercrime
-
Threat Actors Use VPS Hosting Providers to Deliver Malware and Evade Detection
Cybercriminals are intensifying phishing campaigns to spread the Grandoreiro banking trojan, targeting users primarily in Mexico, Argentina, and Spain. A detailed analysis by Forcepoint X-Labs reveals the sophisticated techniques employed by these attackers to evade detection and deliver malware. Phishing Tactics and Infrastucture The campaign begins with phishing emails purportedly from tax agencies, containing high-importance…
-
Russia arrests CEO of tech company linked to Doppelgänger disinformation campaign
Two other employees at the St. Petersburg-based hosting provider Azea Group were arrested. The company has alleged links to state-sponsored disinformation campaigns and cybercriminal infrastructure. First seen on therecord.media Jump to article: therecord.media/doppelganger-ceo-arrests-russia-tech
-
Scattered Spider’s ‘King Bob’ Pleads Guilty to Cyber Charges
The 20-year-old was arrested in January 2024 alongside four other group members who carried out related cybercriminal acts, earning them similar charges. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/scattered-spider-king-bob-pleads-guilty-charges
-
Scattered Spider member pleads guilty to identity theft, wire fraud charges
Noah Urban, one of five Scattered Spider suspects identified by U.S. authorities, pleaded guilty in Florida to charges related to the cybercrime operation. First seen on therecord.media Jump to article: therecord.media/scattered-spider-member-noah-urban-guilty-plea
-
Autonomous, GenAI-Driven Attacker Platform Enters the Chat
Xanthorox AI provides a modular GenAI platform for offensive cyberattacks, which supplies a model-agnostic, one-stop shop for developing a range of cybercriminal operations. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/autonomous-genai-attacker-platform-chat
-
Threat Actors Exploit Fake CAPTCHAs and Cloudflare Turnstile to Distribute LegionLoader
In a sophisticated attack targeting individuals searching for PDF documents online, cybercriminals are using deceptive CAPTCHA mechanisms combined with Cloudflare’s Turnstile to distribute the LegionLoader malware. According to Netskope Threat Labs, this campaign, which started in February 2025, has affected over 140 customers primarily in North America, Asia, and Southern Europe, with the technology and…
-
HellCat, Rey, and Grep Groups Dispute Claims in Orange and HighWire Press Cases
SuspectFile.com has uncovered a complex web of overlapping claims and accusations within the cybercrime underworld, highlighting a case involving the ransomware groups HellCat, Rey, and grep, along with the controversial group Babuk2. The investigation delves into two significant cyberattacks: one against the telecommunications company >>Orange>HighWire Press.
-
Xanthorox AI The Next Generation of Malicious AI Threats Emerges
The Next Evolution in Black-Hat AI A new player has entered the cybercrime AI landscape Xanthorox AI, a malicious tool that brands itself as the “Killer of WormGPT and all EvilGPT variants.” First spotted in late Q1 2025, Xanthorox began circulating in cybercrime communities across darknet forums and encrypted channels. The system is promoted… First…
-
A member of the Scattered Spider cybercrime group pleads guilty
A 20-year-old man linked to the Scattered Spider cybercrime group has pleaded guilty to charges filed in Florida and California. Noah Urban, a 20-year-old from Palm Coast, pleaded guilty to conspiracy, wire fraud, and identity theft in two federal cases, one in Florida and another in California. >>In the California case, he pleaded guilty to…
-
The controversial case of the threat actor EncryptHub
Microsoft credited controversial actor EncryptHub, a lone actor with ties to cybercrime, for reporting two Windows flaws. Microsoft credited the likely lone actor behind the EncryptHub alias (also known as SkorikARI) for reporting two Windows security flaws, highlighting a >>conflicted
-
Fast Flux is the New Cyber Weapon”, And It’s Hard to Stop, Warns CISA
Tags: advisory, cisa, cyber, cybercrime, cybersecurity, detection, infrastructure, international, maliciousThe U.S. Cybersecurity and Infrastructure Security Agency (CISA), alongside the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and international cybersecurity partners, has issued an urgent advisory titled “Fast Flux: A National Security Threat.” The advisory highlights the growing use of fast flux techniques by cybercriminals and potentially nation-state actors to evade detection…
-
EDR-as-a-Service makes the headlines in the cybercrime landscape
Cybercriminals exploit compromised accounts for EDR-as-a-Service (Emergency Data Requests EDR), targeting major platforms According to a detailed analysis conducted by Meridian Group, an increasingly complex and structured phenomenon, commonly referred to as “EDR-as-a-Service,” is taking hold in the cybersecurity landscape. In a nutshell, some criminal groups are exploiting compromised accounts belonging to law enforcement […]…
-
U.S. Secures Extradition of Rydox Cybercrime Marketplace Admins from Kosovo in Major International Operation
The United States has successfully extradited two Kosovo nationals, Ardit Kutleshi, 26, and Jetmir Kutleshi, 28, from Kosovo to face charges in the Western District of Pennsylvania for their alleged roles as administrators of the Rydox cybercrime marketplace. The Rydox cybercrime marketplace was an illicit online platform that operated as a hub for cybercriminals, facilitating…
-
OPSEC lapse reveals hub for amateur cybercriminals
Tags: cybercrimeFirst seen on scworld.com Jump to article: www.scworld.com/news/hackers-opsec-lapse-reveals-hub-for-amateur-cybercriminals
-
Senators re-up bill to expand Secret Service’s financial cybercrime authorities
The bipartisan legislation would strengthen the agency’s authorities to investigate criminal activity tied to digital assets. First seen on cyberscoop.com Jump to article: cyberscoop.com/secret-service-financial-cybercrimes-senate-bill/
-
EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures
EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational security (OPSEC) failures and extensive reliance on ChatGPT for its operations. This emerging threat actor has been linked to ransomware campaigns, data theft, and the development of advanced malware tools, including EncryptRAT. However, critical mistakes in their operational infrastructure have…
-
Beware! Fake Unpaid Tolls Messages Used in Phishing Attack to Steal Login Credentials
A surge in phishing text messages claiming unpaid tolls has been linked to a massive phishing-as-a-service (PhaaS) operation. These scams, which have been hitting users’ phones in waves, are part of a sophisticated campaign leveraging a platform called Lucid. Cybercriminals behind this scheme are exploiting legitimate communication technologies like Apple iMessage and Android RCS to…
-
Cybercriminals are trying to loot Australian pension accounts in new campaign
Hackers over the weekend targeted Australian superannuation funds, investment accounts into which portions of employees’ wages are compulsorily placed. First seen on therecord.media Jump to article: therecord.media/cybercriminals-australia-hacking-campaign-pension
-
Malicious PDFs Responsible for 22% of All Email-Based Cyber Threats
Malicious PDF files have emerged as a dominant threat vector in email-based cyberattacks, accounting for 22% of all malicious email attachments, according to a recent report by Check Point Research. With over 87% of organizations relying on PDFs for business communication, the ubiquitous file format has become a prime target for cybercriminals, who exploit its…
-
OPSEC Failure Exposes Coquettte’s Malware Campaigns on Bulletproof Hosting Servers
A novice cybercrime actor has been observed leveraging the services of a Russian bulletproof hosting (BPH) provider called Proton66 to facilitate their operations.The findings come from DomainTools, which detected the activity after it discovered a phony website named cybersecureprotect[.]com hosted on Proton66 that masqueraded as an antivirus service.The threat intelligence firm said it First seen…
-
For healthcare orgs, DR means making sure docs can save lives during ransomware infections
Organizational, technological resilience combined defeat the disease that is cybercrime First seen on theregister.com Jump to article: www.theregister.com/2025/04/02/disaster_recovery_healthcare/
-
CISA warns of Fast Flux DNS evasion used by cybercrime gangs
CISA, the FBI, the NSA, and international cybersecurity agencies are calling on organizations and DNS providers to mitigate the “Fast Flux” cybercrime evasion technique used by state-sponsored threat actors and ransomware gangs. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-fast-flux-dns-evasion-used-by-cybercrime-gangs/
-
3 Leading Computer Monitoring Software for Schools
Cybercriminals commonly target K-12 schools. 71% of UK secondary schools reported a breach or attack in the previous year alone, mirrored by schools across the U.S. This, paired with internal threats, requires schools to adopt advanced computer monitoring tools. In this article, we’ll cover key features to consider in computer monitoring software and three ……
-
Hackerangriff auf Heilbronner Marketing
Hacker haben die IT-Systeme der Heilbronn Marketing verschlüsselt.Laut einem Bericht des Südwestrundfunk (SWR) haben Cyberkriminelle kürzlich die IT-Systeme der Heilbronn Marketing GmbH (HMG) verschlüsselt und einen Erpresserbrief hinterlassen. Bisher ist unklar, ob dabei auch Daten gestohlen wurden. Da das Unternehmen unter anderem Feste und Events für die Stadt Heilbronn organisiert und Tickets verkauft, sind auch…
-
EvilCorp and RansomHub Collaborate to Launch Worldwide Attacks on Organizations
EvilCorp, a sanctioned Russia-based cybercriminal enterprise, has been observed collaborating with RansomHub, one of the most active ransomware-as-a-service (RaaS) operations. This partnership has heightened the threat landscape, as both entities leverage advanced tools and techniques to target organizations across the globe. EvilCorp: A History of Cybercrime EvilCorp, led by Maksim Yakubets, has long been notorious…
-
Hunters International Ransomware Gang Rebranding, Shifting Focus
The notorious cybercrime group Hunters International is dropping ransomware to focus on data theft and extortion. The post Hunters International Ransomware Gang Rebranding, Shifting Focus appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/hunters-international-ransomware-gang-rebranding-shifting-focus/
-
Amateur Hacker Leverages Russian Bulletproof Hosting Server to Spread Malware
The cybercriminal uses the service of Proton66, an infamous Russian-based bulletproof hosting provider, to deploy malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/coquettte-hacker-malware-bph/
-
AI Threats Are Evolving Fast, Learn Practical Defense Tactics in this Expert Webinar
The rules have changed. Again. Artificial intelligence is bringing powerful new tools to businesses. But it’s also giving cybercriminals smarter ways to attack. They’re moving quicker, targeting more precisely, and slipping past old defenses without being noticed.And here’s the harsh truth: If your security strategy hasn’t evolved with AI in mind, you’re already behind.But you’re…