Tag: cybercrime
-
Over 26,000 Dark Web Discussions Focused on Hacking Financial Organizations
Tags: cyber, cyberattack, cybercrime, cybersecurity, dark-web, finance, hacker, hacking, service, strategy, threat, tool, vulnerabilityRadware’s comprehensive research into the cybersecurity landscape has uncovered significant trends shaping the financial services industry’s vulnerabilities in 2024. The analysis, conducted across 46 deep-web hacker forums, identified over 26,000 threat actors’ discussions that revealed increasingly sophisticated cyberattack methods. The study highlights the adoption of advanced tools and strategies by cybercriminals, underscoring the urgent need…
-
Vincenz Klemm kommentiert Cybercrime-Fälle bei Oracle und Samsung Electronics
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/vincenz-klemm-kommentar-cybercrime-faelle-oracle-samsung
-
Threat Actor Leaks Data from Major Bulletproof Hosting Provider Medialand
Tags: breach, control, cyber, cybercrime, data, data-breach, infrastructure, leak, malware, phishing, ransomware, threatA threat actor disclosed internal data from Medialand, a prominent bulletproof hosting (BPH) provider long associated with Yalishanda, a cybercriminal organization tracked as LARVA-34. The breach has exposed the backend systems and operational infrastructure of Medialand, which has historically facilitated a wide array of illicit cyber activities, including ransomware operations, malware control-and-command systems, phishing campaigns,…
-
Morphing Meerkat: A PhaaS Utilizing DNS Reconnaissance to Generate Targeted Phishing Pages
Originally discovered in 2020 as a Phishing-as-a-Service (PhaaS) platform, Morphing Meerkat has since evolved into a sophisticated cybercriminal tool. Initially capable of mimicking login pages for only five email services, the platform has expanded its capabilities, now encompassing over 100 distinct phishing scams. This advancement highlights its increasing technical sophistication and growing threat to organizations…
-
Smishing Triad Expands Fraud Campaign, Targets Toll Payment Services
A China-based cybercriminal group known as the Smishing Triad is escalating its smishing activities, now targeting consumers in the US and UK with fraudulent text messages related to toll payment services. The Resecurity report reveals that these campaigns involve deceptive text messages that claim unpaid toll bills or payment requests linked to services like FasTrak,…
-
EncryptHub’s dual life: Cybercriminal vs Windows bug-bounty researcher
EncryptHub, a notorious threat actor linked to breaches at 618 organizations, is believed to have reported two Windows zero-day vulnerabilities to Microsoft, revealing a conflicted figure straddling the line between cybercrime and security research. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/encrypthubs-dual-life-cybercriminal-vs-windows-bug-bounty-researcher/
-
Threat Actors Exploit Toll Payment Services in Widespread Hacking Campaign
In a sophisticated cybercrime operation, the Smishing Triad, a China-based group, has been identified as the orchestrator behind a surge in smishing campaigns targeting consumers in the US and UK. These campaigns exploit toll payment services like FasTrak, E-ZPass, and I-Pass, with expectations of expanding globally. The Smishing Triad’s Modus Operandi The group employs fraudulent…
-
Threat Actors Use VPS Hosting Providers to Deliver Malware and Evade Detection
Cybercriminals are intensifying phishing campaigns to spread the Grandoreiro banking trojan, targeting users primarily in Mexico, Argentina, and Spain. A detailed analysis by Forcepoint X-Labs reveals the sophisticated techniques employed by these attackers to evade detection and deliver malware. Phishing Tactics and Infrastucture The campaign begins with phishing emails purportedly from tax agencies, containing high-importance…
-
Russia arrests CEO of tech company linked to Doppelgänger disinformation campaign
Two other employees at the St. Petersburg-based hosting provider Azea Group were arrested. The company has alleged links to state-sponsored disinformation campaigns and cybercriminal infrastructure. First seen on therecord.media Jump to article: therecord.media/doppelganger-ceo-arrests-russia-tech
-
Scattered Spider’s ‘King Bob’ Pleads Guilty to Cyber Charges
The 20-year-old was arrested in January 2024 alongside four other group members who carried out related cybercriminal acts, earning them similar charges. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/scattered-spider-king-bob-pleads-guilty-charges
-
Scattered Spider member pleads guilty to identity theft, wire fraud charges
Noah Urban, one of five Scattered Spider suspects identified by U.S. authorities, pleaded guilty in Florida to charges related to the cybercrime operation. First seen on therecord.media Jump to article: therecord.media/scattered-spider-member-noah-urban-guilty-plea
-
Autonomous, GenAI-Driven Attacker Platform Enters the Chat
Xanthorox AI provides a modular GenAI platform for offensive cyberattacks, which supplies a model-agnostic, one-stop shop for developing a range of cybercriminal operations. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/autonomous-genai-attacker-platform-chat
-
Threat Actors Exploit Fake CAPTCHAs and Cloudflare Turnstile to Distribute LegionLoader
In a sophisticated attack targeting individuals searching for PDF documents online, cybercriminals are using deceptive CAPTCHA mechanisms combined with Cloudflare’s Turnstile to distribute the LegionLoader malware. According to Netskope Threat Labs, this campaign, which started in February 2025, has affected over 140 customers primarily in North America, Asia, and Southern Europe, with the technology and…
-
HellCat, Rey, and Grep Groups Dispute Claims in Orange and HighWire Press Cases
SuspectFile.com has uncovered a complex web of overlapping claims and accusations within the cybercrime underworld, highlighting a case involving the ransomware groups HellCat, Rey, and grep, along with the controversial group Babuk2. The investigation delves into two significant cyberattacks: one against the telecommunications company >>Orange>HighWire Press.
-
Xanthorox AI The Next Generation of Malicious AI Threats Emerges
The Next Evolution in Black-Hat AI A new player has entered the cybercrime AI landscape Xanthorox AI, a malicious tool that brands itself as the “Killer of WormGPT and all EvilGPT variants.” First spotted in late Q1 2025, Xanthorox began circulating in cybercrime communities across darknet forums and encrypted channels. The system is promoted… First…
-
A member of the Scattered Spider cybercrime group pleads guilty
A 20-year-old man linked to the Scattered Spider cybercrime group has pleaded guilty to charges filed in Florida and California. Noah Urban, a 20-year-old from Palm Coast, pleaded guilty to conspiracy, wire fraud, and identity theft in two federal cases, one in Florida and another in California. >>In the California case, he pleaded guilty to…
-
The controversial case of the threat actor EncryptHub
Microsoft credited controversial actor EncryptHub, a lone actor with ties to cybercrime, for reporting two Windows flaws. Microsoft credited the likely lone actor behind the EncryptHub alias (also known as SkorikARI) for reporting two Windows security flaws, highlighting a >>conflicted
-
Fast Flux is the New Cyber Weapon”, And It’s Hard to Stop, Warns CISA
Tags: advisory, cisa, cyber, cybercrime, cybersecurity, detection, infrastructure, international, maliciousThe U.S. Cybersecurity and Infrastructure Security Agency (CISA), alongside the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and international cybersecurity partners, has issued an urgent advisory titled “Fast Flux: A National Security Threat.” The advisory highlights the growing use of fast flux techniques by cybercriminals and potentially nation-state actors to evade detection…
-
EDR-as-a-Service makes the headlines in the cybercrime landscape
Cybercriminals exploit compromised accounts for EDR-as-a-Service (Emergency Data Requests EDR), targeting major platforms According to a detailed analysis conducted by Meridian Group, an increasingly complex and structured phenomenon, commonly referred to as “EDR-as-a-Service,” is taking hold in the cybersecurity landscape. In a nutshell, some criminal groups are exploiting compromised accounts belonging to law enforcement […]…
-
U.S. Secures Extradition of Rydox Cybercrime Marketplace Admins from Kosovo in Major International Operation
The United States has successfully extradited two Kosovo nationals, Ardit Kutleshi, 26, and Jetmir Kutleshi, 28, from Kosovo to face charges in the Western District of Pennsylvania for their alleged roles as administrators of the Rydox cybercrime marketplace. The Rydox cybercrime marketplace was an illicit online platform that operated as a hub for cybercriminals, facilitating…
-
OPSEC lapse reveals hub for amateur cybercriminals
Tags: cybercrimeFirst seen on scworld.com Jump to article: www.scworld.com/news/hackers-opsec-lapse-reveals-hub-for-amateur-cybercriminals
-
Senators re-up bill to expand Secret Service’s financial cybercrime authorities
The bipartisan legislation would strengthen the agency’s authorities to investigate criminal activity tied to digital assets. First seen on cyberscoop.com Jump to article: cyberscoop.com/secret-service-financial-cybercrimes-senate-bill/
-
EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures
EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational security (OPSEC) failures and extensive reliance on ChatGPT for its operations. This emerging threat actor has been linked to ransomware campaigns, data theft, and the development of advanced malware tools, including EncryptRAT. However, critical mistakes in their operational infrastructure have…
-
Beware! Fake Unpaid Tolls Messages Used in Phishing Attack to Steal Login Credentials
A surge in phishing text messages claiming unpaid tolls has been linked to a massive phishing-as-a-service (PhaaS) operation. These scams, which have been hitting users’ phones in waves, are part of a sophisticated campaign leveraging a platform called Lucid. Cybercriminals behind this scheme are exploiting legitimate communication technologies like Apple iMessage and Android RCS to…
-
Cybercriminals are trying to loot Australian pension accounts in new campaign
Hackers over the weekend targeted Australian superannuation funds, investment accounts into which portions of employees’ wages are compulsorily placed. First seen on therecord.media Jump to article: therecord.media/cybercriminals-australia-hacking-campaign-pension
-
Malicious PDFs Responsible for 22% of All Email-Based Cyber Threats
Malicious PDF files have emerged as a dominant threat vector in email-based cyberattacks, accounting for 22% of all malicious email attachments, according to a recent report by Check Point Research. With over 87% of organizations relying on PDFs for business communication, the ubiquitous file format has become a prime target for cybercriminals, who exploit its…
-
OPSEC Failure Exposes Coquettte’s Malware Campaigns on Bulletproof Hosting Servers
A novice cybercrime actor has been observed leveraging the services of a Russian bulletproof hosting (BPH) provider called Proton66 to facilitate their operations.The findings come from DomainTools, which detected the activity after it discovered a phony website named cybersecureprotect[.]com hosted on Proton66 that masqueraded as an antivirus service.The threat intelligence firm said it First seen…
-
For healthcare orgs, DR means making sure docs can save lives during ransomware infections
Organizational, technological resilience combined defeat the disease that is cybercrime First seen on theregister.com Jump to article: www.theregister.com/2025/04/02/disaster_recovery_healthcare/
-
CISA warns of Fast Flux DNS evasion used by cybercrime gangs
CISA, the FBI, the NSA, and international cybersecurity agencies are calling on organizations and DNS providers to mitigate the “Fast Flux” cybercrime evasion technique used by state-sponsored threat actors and ransomware gangs. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-fast-flux-dns-evasion-used-by-cybercrime-gangs/