A Chinese-speaking cybercrime group has expanded its targeting to the European space, deploying previously undocumented malware and the Atlas backdoor. […]
Tag: Cybercrime
AI, china, Europe, Global Security News, malware
China-Linked TA4922 Hackers Target UK, Europe With New SilentRunLoader Malware
Proofpoint says TA4922, a suspected China aligned cybercrime group, is targeting UK and European organisations with tax, payroll and benefits themed malware campaigns.
AI, Global Security News
Infosecurity Europe: AI-Powered Cybercrime Tools Surge on Dark Web
Halcyon’s Cynthia Kaiser lifts the lid on the dark web market for AI cybercrime tools
AI, Data Breaches, Europe, Global Security News, Network Security
ShinyHunters Leaks Charter Communications Data, Potentially Impacting 5 Million Customers
Cybercrime group ShinyHunters leaked data allegedly stolen from Charter Communications, exposing millions of customer records after a failed extortion attempt. The ShinyHunters extortion group has published data allegedly stolen from Charter Communications after the company apparently refused to pay a ransom. Charter Communications is one of the largest telecommunications companies in the United States. It…
Global Security News
OnlyFans user data advertised on cybercrime forum, seller claims no direct breach
A user on a cybercrime forum is selling a database of 340 million records allegedly linked to OnlyFans users for approximately $76,000.
AI, Apps, Endpoint, Exploits, Global Security News, malware, Risk Management
The Underground Malware-Signing-as-a-Service That Makes Ransomware Look “Verified” on Windows
The Core Technical Concept: Code Signing At the center of Microsoft’s disruption of the Fox Tempest cybercrime operation is a foundational trust mechanism that modern operating systems rely on heavily: code signing. Code signing is a cryptographic trust framework used by operating systems such as Windows to verify both the integrity and origin of executable…
Global Security News, Russia
‘First VPN’ service used by cybercriminals dismantled in international operation
First VPN marketed itself on Russian-speaking cybercrime forums as a reliable tool for anonymity, offering features like anonymous payments and concealed infrastructure to help users evade law enforcement.
AI, Europe, Global Security News, Network Security, privacy, Russia
Global law enforcement operation takes First VPN offline
Police seized First VPN in a global crackdown, exposed its cybercrime users, and shut down infrastructure tied to ransomware and data theft. A major international law enforcement operation has taken First VPN offline, a service that had become a quiet staple for ransomware crews, data thieves, and other cybercriminals trying to hide in plain sight. “The coordinated…
Global Security News
Interpol’s ‘Operation Ramz’ Pioneers Cross-Region Collabs in Middle East
While the numbers are modest, the crackdown on cybercrime involved 13 countries in the MENA region, the largest law enforcement collaboration to date.
AI, Apps, china, Exploits, Global Security News, Government & Policy, malware
Microsoft disrupts cybercrime service that abused software verification systems en masse
Microsoft seized infrastructure and disrupted a cybercrime service that created and sold more than 1,000 code-signing certificates that other cybercriminals used to make malware-riddled software appear trusted and legitimate for follow-on cyberattacks, including ransomware, the company said Tuesday. The financially-motivated threat group, which Microsoft tracks as Fox Tempest, provided the malware-signing-as-a-service to multiple ransomware groups,…
AI, Cybersecurity, Exploits, Global Security News, malware, Network Security
Massive MENA cybercrime Operation Ramz disrupts infrastructure and arrests 201 suspects
INTERPOL led Operation Ramz in MENA, resulting in 201 arrests and 382 suspects tied to cybercrime networks. INTERPOL coordinated Operation Ramz across the Middle East and North Africa, leading to 201 arrests and identifying 382 additional suspects. ” A first-of-its-kind cybercrime operation in the MENA region has led to the arrest of 201 individuals, with a…
Global Security News
INTERPOL ‘Operation Ramz’ seizes 53 malware, phishing servers
More than 200 individuals were arrested for cybercrime activities during INTERPOL’s Operation Ramz, which focused on the Middle East and North Africa. […]
AI, Global Security News
INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests
INTERPOL has coordinated a first-of-its-kind cybercrime crackdown across the Middle East and North Africa (MENA) that led to 201 arrests and the identification of an additional 382 suspects. The initiative involved the efforts of 13 countries from the region between October 2025 and February 2026, aiming to investigate and neutralize malicious infrastructure, arrest perpetrators behind…
AI, Global Security News, malware, Network Security
201 arrested in INTERPOL disruption of phishing and fraud networks
Operation Ramz, a cybercrime initiative coordinated by INTERPOL across the MENA region, focused on disrupting phishing campaigns, malware activity, and cyber scams that caused substantial financial losses across the region. The operation resulted in the arrest of 201 individuals and the identification of an additional 382 suspects. Moroccan authorities seized computers, smartphones and external hard…
Global Security News
When ransomware gets physical: cybercriminals turn to threats of violence
Pay up, or we’ll pay someone to pay you a visit. Cybercrime gangs are increasingly turning to real-world threats – and even hiring local muscle to deliver the message. Read more in my article on the Hot for Security blog.
AI, china, Global Security News, malware, Russia
Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia
The China-based cybercrime group known as Silver Fox has been linked to a new campaign targeting organizations in Russia and India with a new malware called ABCDoor. The activity involved using phishing emails that mimic correspondence from the Income Tax Department of India in December 2025, followed by a similar campaign aimed at Russian entities.…
GeekGuyBlog
North Korea’s Cryptocurrency Heists: A Growing Threat
Discover how North Korea’s state-sponsored cybercriminals are increasingly targeting cryptocurrency, posing a significant threat to digital asset security.
Global Security News
45,000 Attacks, 5,300+ Backdoors Tied to China-Linked Cybercrime Operation
SOCRadar researchers have uncovered a massive Chinese cybercrime operation using the OpenClaw and Paperclip systems to automate global attacks.
Cybersecurity, Global Security News
Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks
Cybersecurity researchers are warning of two cybercrime groups that are carrying out “rapid, high-impact attacks” operating almost within the confines of SaaS environments, while leaving minimal traces of their actions. The clusters, Cordial Spider (aka BlackFile, CL-CRI-1116, O-UNC-045, and UNC6671) and Snarky Spider (aka O-UNC-025 and UNC6661), have been attributed to high-speed data theft and
Global Security News
Police bust scam call centres behind €50 million in fraud losses
Authorities have dismantled a cybercrime ring running call centres in Albania and defrauding victims of more than €50 million, arresting 10 suspects and seizing nearly €900,000. Seized cash from the fraud operation (Source: Eurojust) After a spike in victims in Vienna in June 2023, Austrian authorities traced cyber fraud activity to Albanian suspects, triggering a…
AI, Cybersecurity, Global Security News, malware
Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign
A cybercrime group of Brazilian origin has resurfaced after more than three years to orchestrate a campaign that targets Minecraft players with a new stealer called LofyStealer (aka GrabBot). “The malware disguises itself as a Minecraft hack called ‘Slinky,’” Brazil-based cybersecurity company ZenoX said in a technical report. “It uses the official game icon to…
AI, APAC, Data Breaches, Global Security News, Network Security
‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
A 24-year-old British national and senior member of the cybercrime group “Scattered Spider” has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into at least a dozen major technology…
AI, Global Security News
Scattered Spider hacker pleads guilty to stealing $8 million in cryptocurrency
A British national tied to the Scattered Spider cybercrime group pleaded guilty to hacking multiple companies via SMS phishing and stealing over $8 million in virtual currency from US victims. Tyler Robert Buchanan, 24, of Dundee, Scotland, pleaded guilty to conspiracy to commit wire fraud and aggravated identity theft. In November 2024, US authorities unsealed…
Global Security News
British Scattered Spider hacker pleads guilty to crypto theft charges
A British man, believed to be the leader of the Scattered Spider cybercrime collective, has pleaded guilty in the United States to charges of wire fraud and aggravated identity theft. […]
Global Security News
Inside an Underground Guide: How Threat Actors Vet Stolen Credit Card Shops
In cybercrime markets, trust isn’t assumed, it’s verified. Flare reveals how underground guides teach actors to evaluate carding shops based on data quality, reputation, and survivability. […]
AI, Global Security News
New ATHR vishing platform uses AI voice agents for automated attacks
A new cybercrime platform called ATHR can harvest credentials via fully automated voice phishing attacks that use both human operators and AI agents for the social engineering phase. […]
Global Security News
Crypto-exchange Kraken extorted by hackers after insider breach
The Kraken cryptocurrency exchange announced that a cybercrime group is trying to extort the company by threatening to release videos showing internal systems that host client data. […]
AI, Global Security News
W3LL phishing service sold for $500 dismantled by the FBI
The W3LL phishing kit, a cybercrime tool used to impersonate legitimate login pages and steal usernames and passwords, has been dismantled by the FBI and Indonesian law enforcement authorities. Officials estimate the operation was tied to more than $20 million in attempted fraud. (Source: FBI) “For a fee of about $500, users could purchase access…
AI, Global Security News
Alleged German DDoS-for-Hire Kingpin Behind Fluxstress Caught in Thailand
Alleged German cybercrime figure behind Fluxstress and Neldowner arrested in Thailand after years running global DDoS-for-hire services across countries.
Global Security News
Russia’s ‘Fancy Bear’ APT Continues Its Global Onslaught
Victims don’t need to match the cybercrime group’s technical sophistication, experts say. But patching and some form of zero trust are now non-negotiable.
AI, Exploits, Global Security News
Storm-1175 Deploys Medusa Ransomware at ‘High Velocity’
Microsoft says the financially motivated cybercrime group has exploited N-day and zero-day vulnerabilities in campaigns predicated on speed.
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, malware
Cybercrime losses jumped 26% to $20.9 billion in 2025
Cybercrime remains a booming business. Annual cybercrime losses amounted to almost $20.9 billion last year, reflecting a 26% increase from 2024, the FBI’s Internet Crime Complaint Center (IC3) said in its annual report Tuesday. The comprehensive study exposes a worsening digital crime environment that is driving financial losses, with momentum moving in the wrong direction…
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Microsoft says Medusa-linked Storm-1175 is speeding ransomware attacks
Microsoft has warned that Storm-1175, a cybercrime group linked to Medusa ransomware, is exploiting vulnerable web-facing systems in fast-moving attacks, at times moving from initial access to data theft and ransomware deployment within 24 hours. The company said the group has heavily targeted organizations in healthcare, education, professional services, and finance across Australia, the UK,…
GeekGuyBlog
Emerging Cyber Threat: Venom Stealer MaaS Platform Revolutionizes Information Theft
Discover how the Venom Stealer platform is transforming cybercrime by enabling even novice hackers to launch sophisticated information theft attacks.
Global Security News
Venom Stealer MaaS Platform Commoditizes ClickFix Attacks
A new service on the cybercrime market provides automated capabilities to create persistent information-stealing social engineering attacks.
AI, Global Security News
TrendAI™ Research at RSAC 2026: Advancing Defense Across AI‑Driven and Cyber‑Physical Threats
TrendAI™ Research explored agentic AI cybercrime and EV infrastructure security through two research sessions at RSAC™ 2026.
AI, Global Security News, Russia
LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace
The alleged administrator of the LeakBase cybercrime forum has been arrested by Russian law enforcement authorities, state media reported Thursday. According to TASS and MVD Media, a news website linked to the Russian Interior Ministry, the suspect is a resident of the city of Taganrog. The suspect is said to have been detained for creating…
Global Security News, Network Security, Risk Management
LexisNexis® Risk Solutions’ latest Cybercrime Report reveals key global fraud trends emerging over the past year. Derived from analysis of more than 116 billion online transactions detected through our LexisNexis® Digital Identity Network® in 2025, t
LexisNexis® Risk Solutions’ latest Cybercrime Report reveals key global fraud trends emerging over the past year. Derived from analysis of more than 116 billion online transactions detected through our LexisNexis® Digital Identity Network® in 2025, the report shows a significant 8% rise in global fraud rates driven by attacks targeting the gaming and gambling and ecommerce sectors, cost of living pressures and new emerging fraud tactics.
Global Security News, Network Security, Risk Management
LexisNexis® Risk Solutions’ latest Cybercrime Report reveals key global fraud trends emerging over the past year. Derived from analysis of more than 116 billion online transactions detected through our LexisNexis® Digital Identity Network® in 2025, t
LexisNexis® Risk Solutions’ latest Cybercrime Report reveals key global fraud trends emerging over the past year. Derived from analysis of more than 116 billion online transactions detected through our LexisNexis® Digital Identity Network® in 2025, the report shows a significant 8% rise in global fraud rates driven by attacks targeting the gaming and gambling and ecommerce sectors, cost of living pressures and new emerging fraud tactics.
AI, Global Security News
Paid AI Accounts Are Now a Hot Underground Commodity
AI accounts are becoming part of the cybercrime supply chain, sold like email accounts or VPS access. Flare Systems shows how underground markets bundle and resell premium AI access at scale. […]
AI, Data Breaches, Global Security News, Risk Management
Cybercrime group Lapsus$ claims the hack of pharma giant AstraZeneca
Cybercrime group Lapsus$ claims it hacked AstraZeneca, stealing 3GB of data including credentials, code, and employee information. The Lapsus$ group claims it breached AstraZeneca, stealing about 3GB of sensitive data. The alleged leak includes credentials, tokens, internal code repositories (Java, Angular, Python), and employee information, though the company has not yet confirmed the breach. Even…
GeekGuyBlog
Ransomware’s New Era: Moving at AI Speed
Discover how AI is accelerating ransomware attacks, posing new threats to cybersecurity and emphasizing the urgent need for enhanced protection measures.
china, Global Security News, Network Security
Police Shut Down 373,000 Dark Web Sites in Single-Operator CSAM Network
Police shut down 373K dark web sites in a one-man CSAM and cybercrime network run by a 35-year-old man in China, with global probe ongoing.
AI, Global Security News
Operation Alice Takes Down 370,000+ Dark Web Sites
German-led policing effort against fraud operation disrupts countless CSAM and cybercrime sites
GeekGuyBlog
Warlock Ransomware Group Augments Post-Exploitation Activities
Discover how the Warlock Ransomware Group is enhancing its cyber tactics, making detection harder and impacting organizations across multiple sectors.
GeekGuyBlog
Cyber OpSec Fail: Beast Gang Exposes Ransomware Server
A major security breach reveals the Beast Gang’s ransomware tactics, highlighting vulnerabilities in global cybersecurity measures and backup systems.
GeekGuyBlog
Hackers Target Cybersecurity Firm Outpost24 in Elaborate Phishing Attack
Discover how hackers executed a complex phishing attack on Outpost24, revealing the evolving tactics targeting even top cybersecurity firms.
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management
Washington is right: Cybercrime is organized crime. Now we need to shut down the business model
The recently released executive order targeting cybercrime, fraud, and predatory schemes uses language the federal government has often avoided. Now, for the first time, the Trump administration is echoing what the cybersecurity industry has been shouting for years: cyber-enabled fraud is a product of transnational organized crime. That distinction matters because organized crime requires an…
AI, Cybersecurity, Global Security News, Government & Policy, malware, Network Security
Interpol – Operation Synergia III leads to 45,000 malicious IPs dismantled and 94 arrests worldwide
INTERPOL dismantled 45,000 malicious IPs and servers and arrested 94 suspects in a global cybercrime operation. INTERPOL announced a global cybercrime operation (codenamed Operation Synergia III) involving 72 countries that dismantled 45,000 malicious IP addresses and servers linked to phishing, malware, and ransomware. The international law enforcement operation led to 94 arrests, 110 ongoing investigations,…
GeekGuyBlog
Iran’s MOIS Collaborates with Cybercriminals to Amplify Cyberattacks
Discover how Iran’s intelligence agency is teaming up with cybercriminals, escalating global cyber threats and reshaping the landscape of cyberattacks.
AI, Data Breaches, Exploits, Global Security News, malware, Risk Management
AI-Powered Cybercrime Surges 1,500%, Report Finds
Cybercrime is entering a new phase where machines, not humans, increasingly run the attacks. A new 2026 Global Threat Intelligence Report from Flashpoint suggests that threat actors are rapidly adopting AI-powered automated systems to execute entire cyberattack chains with minimal human input. Threat actors adopt AI tools as cyberattacks become cheaper to automate One of…
AI, Global Security News
The people behind cyber extortion are often in their forties
Many cybercrime investigations end with arrests or indictments that reveal little about the people behind the operations. When authorities do disclose demographic details, the pattern that emerges does not match the common assumption that cyber offenders are mostly very young. Analysis in the Security Navigator 2026 report from Orange Cyberdefense points to a different age…
Global Security News
LeakBase Cybercrime and Hacker Forum Seized
Europol seizes LeakBase cybercrime and hacker forum used to trade stolen data, disrupting a global platform with over 140,000 members.
Global Security News
Europol Operation Seizes LeakBase Data Breach Site
A global operation has resulted in the takedown of popular cybercrime forum LeakBase
AI, Data Breaches, Europe, Global Security News, malware
Operation Leak: FBI and Europol dismantle LeakBase Cybercrime forum
The Federal Bureau of Investigation seized the LeakBase cybercrime forum in an international crackdown led by Europol. The Federal Bureau of Investigation seized the LeakBase cybercrime forum (leakbase[.]la), a platform used to trade hacking tools and stolen data. The action formed part of “Operation Leak,” an international effort coordinated by Europol involving authorities from 14…
AI, Data Breaches, Global Security News
LeakBase cybercrime forum with 142,000 users taken down in global operation
LeakBase, an open-web cybercrime forum facilitating the trade of leaked databases and “stealer logs” containing stolen credentials, has been taken down in an international law enforcement operation coordinated by Europol and involving authorities from 14 countries. Police in action (Source: Europol) Active since 2021, LeakBase hosted a large archive of breached databases and compromised credentials…
Global Security News
FBI seizes LeakBase cybercrime forum, data of 142,000 members
The FBI has seized the LeakBase cybercrime forum, a major online forum used by cybercriminals buy and sell hacking tools and stolen data. […]
Global Security News
Cloudflare 2026 Threat Intelligence Report: Nation-State Actors and Cybercriminals Shift from ‘Breaking In’ to ‘Logging In’
GUEST RESEARCH: New insights demonstrate that the barrier to entry for sophisticated cybercrime has collapsed
AI, Apps, Data Breaches, Europe, Exploits, Global Security News, Network Security, Risk Management
Europol Operation Targets Online Network Exploiting Minors
A yearlong international crackdown has led to 30 arrests tied to “The Com,” a decentralized cybercrime collective accused of targeting children and teenagers across digital platforms. Coordinated by Europol and involving law enforcement agencies from 28 countries, the operation — codenamed Project Compass — resulted in the arrest of 30 suspects, linked 179 additional individuals…
AI, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Network Security
ShinyHunters leaked the full Odido dataset
Cybercrime group ShinyHunters leaked the full Odido dataset, the Netherlands is facing the biggest data leak in its history. Odido is a Dutch telecommunications company and one of the largest mobile network operators in the Netherlands. It was formed when T-Mobile Netherlands and Tele2 were rebranded as Odido in 2023 after private equity firms Apax Partners and Warburg Pincus…
AI, Global Security News
SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks
The notorious cybercrime collective known as Scattered LAPSUS$ Hunters (SLH) has been observed offering financial incentives to recruit women to pull off social engineering attacks. The idea is to hire them for voice phishing campaigns targeting IT help desks, Dataminr said in a new threat brief. The group is said to be offering anywhere between…
Cybersecurity, Global Security News
Operation Red Card 2.0 Leads to 651 Arrests in Africa
In the latest operation targeting cybercrime groups, African law enforcement agencies cooperated with Interpol and cybersecurity firms to recover more than USD 4.3 million.
AI, Global Security News
1Campaign platform helps malicious Google ads evade detection
A newly identified cybercrime service known as 1Campaign is enabling threat actors to run malicious Google Ads that remain online for extended periods while evading scrutiny from security researchers. […]
AI, Global Security News
Police seize 100,000 stolen Facebook credentials in cybercrime raid
Officers from Poland’s Central Bureau for Combating Cybercrime (CBZC) dismantled an organized group that used phishing to seize Facebook accounts and extract BLIK payment codes from victims. Arrest (Source: Poland’s Central Bureau for Combating Cybercrime) Eleven members of an organized criminal group operating in Poland and Germany between May 2022 and May 2024 were identified.…
AI, Global Security News
INTERPOL Operation Red Card 2.0 Arrests 651 in African Cybercrime Crackdown
An international cybercrime operation against online scams has led to 651 arrests and recovered more than $4.3 million as part of an effort led by law enforcement agencies from 16 African countries. The initiative, codenamed Operation Red Card 2.0, took place between December 8, 2025 and January 30, 2026, according to INTERPOL. It targeted infrastructure…
AI, Global Security News, Government & Policy, malware, Network Security
Nigerian man sentenced to 8 years in prison for running phony tax refund scheme
A 37-year-old Nigerian man was sentenced to eight years in prison for participating in a five-year cybercrime spree to steal money from the U.S. government through fraudulent tax returns, the Justice Department said Wednesday. Matthew Abiodun Akande was living in Mexico when he and at least four co-conspirators broke into the networks of tax preparation…
AI, Cybersecurity, Data Breaches, Global Security News, Government & Policy, malware, Network Security, Risk Management
Shocking 12 Recent Major Cyber Attacks 2026 That Are Reshaping Global Security
The year 2026 has already witnessed an alarming rise in cybercrime activity worldwide. From large-scale ransomware incidents to sophisticated nation-state espionage campaigns, the recent major cyber attacks 2026 highlight a rapidly evolving digital threat landscape. Businesses, governments, healthcare systems, and even critical infrastructure have become prime targets. For a domain like CyberCrimesWatch.com, reporting on verified…
AI, Data Breaches, Global Security News, Government & Policy, malware, Network Security, Russia
Polish cybercrime Police arrest man linked to Phobos ransomware operation
Officers from Poland’s Central Bureau of Cybercrime Control (CBZC) police arrested a 47-year-old man linked to the Phobos ransomware operation. Polish authorities arrested a 47-year-old man suspected of involvement in cybercrime and linked him to the Phobos ransomware operation. Police said they discovered evidence of illegal activities on his seized devices. “Officers from the Central…
AI, Global Security News
Phobos ransomware affiliate arrested in Poland
Officers from Poland’s Central Bureau for Combating Cybercrime (CBZC) detained a 47-year-old man suspected of creating, acquiring, and sharing computer programs used to unlawfully obtain information stored in computer systems. He faces a potential prison sentence of up to five years. The arrest took place in the Małopolska Voivodeship as part of a joint operation…
AI, Global Security News
The $17 Billion Wake-Up Call: Securing Crypto in the Age of AI Scams
AI-driven crypto scams surge as cybercrime hits $17B, with deepfakes, fraud kits, and industrial social engineering reshaping digital asset threats and defenses.
Global Security News
Police arrests distributor of JokerOTP password-stealing bot
The Dutch National Police arrested a 21-year-old man from Dordrecht as part of a cybercrime investigation by Team Cybercrime Oost-Brabant. The suspect is believed to have distributed a tool known as JokerOTP, a bot used to intercept one-time passwords (OTPs) used to secure online accounts and financial transactions. Police suspect the Dordrecht resident of selling…
AI, Cybercrime, DDoS, EU, Global Security News, law enforcement, News
Police shut down global DDoS operation, arrest 20-year-old
Police officers from Poland’s Central Bureau for Combating Cybercrime (CBZC) have arrested a 20-year-old man suspected of carrying out global DDoS attacks targeting high-profile and strategically important websites. Arrest (Source: Poland’s Central Bureau for Combating Cybercrime) The suspect faces six criminal charges, including disrupting IT systems and obtaining specialized software designed to conduct cyberattacks. If…