top of page
ALL POSTS
Global SocGholish Takedown: Nearly 15,000 WordPress Sites Cleaned in Major Operation
Key Findings Operation EndGame, a coordinated international law enforcement action, dismantled SocGholish infrastructure on June 18, 2026 106 servers and domains taken down globally; 14,971 compromised WordPress sites remediated Law enforcement from Netherlands, Canada, United States, and Germany executed the coordinated takedown with support from Europol SocGholish serves as initial access broker for major ransomware families including LockBit, RansomHub, and WastedLocker Be
Jun 193 min read
Ukrainian Extradited to US Pleads Guilty in Conti Ransomware Operation
Key Findings Ukrainian national Oleksii Lytvynenko pleaded guilty to conspiracy to commit wire fraud for his role in Conti ransomware operations Conti infected over 1,000 computers and networks across 47 U.S. states, 31 countries, and generated at least $150 million in ransom payments by January 2022 Lytvynenko joined the conspiracy in September 2021 and worked on malware development including creating a "loader" for delivering additional malicious tools He possessed stolen d
Jun 142 min read
FBI dismantles massive China-based cybercrime network responsible for $1.9B in losses
Key Findings FBI, Google, and Lumen Technologies dismantled Outsider, a China-based cybercrime network responsible for $1.9 billion in losses across 55 countries Operation Ghost Hook seized multiple domains, admin servers, a Shopify storefront, approximately $100,000 from payment wallets, and thousands of domains Outsider provided phishing kits as a subscription service starting at $88 per week, enabling criminals to target hundreds of thousands of victims The network used AI
Jun 132 min read
Conti Ransomware Member's Guilty Plea Signals Breakthrough in Global Cybercrime Crackdown
Key Findings Ukrainian national Oleksii Oleksiyovych Lytvynenko pleaded guilty to wire fraud conspiracy related to Conti ransomware operations Conti attacked over 1,000 organizations across 47 U.S. states and 31 countries from 2020 to 2022, extorting at least $150 million Lytvynenko joined the conspiracy in September 2021 and developed malware used in the attacks He faces up to 20 years in prison with sentencing scheduled for September 10, 2026 Authorities continue pursuing f
Jun 133 min read
Europol Dismantles AudiA6 Crypto Laundering Network Behind Ransomware Operations
Key Findings Europol dismantled AudiA6, an industrial-scale cryptocurrency laundering service that processed over €336 million (~$389 million) in illicit funds since 2021 Two alleged administrators of Ukrainian and Russian nationality were arrested in Georgia on June 10, 2026 The operation seized over 30 servers, 25 domains, €692,000 in frozen cryptocurrency, and identified more than 6,000 fraudulent money mule accounts AudiA6 operators also ran Dark2Web, a dark web cybercrim
Jun 124 min read
International Law Enforcement Smashes Major Cybercrime Operations
Key Findings French-led international operation dismantled a major counterfeit document production facility in Alicante, Spain Police seized approximately 800 forged European documents, professional production equipment, and a transport vehicle The facility supplied fake credentials to migrant smuggling networks across Europe, enabling border evasion and illegal residence claims Coordinated enforcement action disrupted critical infrastructure used by organized crime groups Eu
Jun 52 min read
China-Linked TA4922 Hackers Deploy SilentRunLoader Malware Against UK and European Targets
Key Findings TA4922, a suspected China-aligned cybercrime group, has expanded operations from East Asia to target organisations in the UK, Germany, Italy, and South Africa The group uses locally-tailored phishing emails impersonating tax authorities, benefits services, and government agencies to increase open rates SilentRunLoader, a new Python-based malware likely developed with LLM assistance, steals Chrome credentials, cookies, and browsing data TA4922 employs a diverse to
Jun 32 min read
Massive 17 Million Device Botnet Successfully Dismantled by Dutch Authorities
Key Findings Dutch authorities dismantled a botnet comprising at least 17 million infected devices across computers, tablets, and smartphones Police seized over 200 servers hosted within the Netherlands that controlled the botnet infrastructure The operation was linked to ASOCKS, a Russia-based residential proxy service used for criminal activities A security researcher's report to the National Cyber Security Centre (NCSC) triggered the investigation The botnet was taken offl
May 302 min read
Global Law Enforcement Dismantles First VPN Used by 25 Ransomware Groups in Historic Takedown
Key Findings First VPN Service, a criminal VPN operating since 2014, was dismantled in a coordinated international operation led by France and the Netherlands At least 25 ransomware groups used the service to conduct attacks, including network reconnaissance, data theft, fraud, and denial-of-service operations The takedown involved 16 countries and resulted in the seizure of 33 servers across 27 countries and the shutdown of associated domains First VPN marketed itself specif
May 223 min read
Kimwolf Botmaster 'Dort' Arrested and Charged in U.S. and Canada
Key Findings 23-year-old Jacob Butler of Ottawa arrested Wednesday on suspicion of operating Kimwolf, a massive IoT botnet that infected millions of devices Kimwolf launched over 25,000 DDoS attacks measuring up to 30 terabits per second, the highest recorded volume, causing financial losses exceeding $1 million for some victims Butler faces charges in both the United States and Canada, with potential 10-year prison sentence if extradited and convicted in U.S. court March 202
May 223 min read
Microsoft Dismantles Fox Tempest Malware-Signing Network
Key Findings Microsoft's Digital Crimes Unit dismantled Fox Tempest, a malware-signing-as-a-service operation that created over 1,000 fraudulent certificates The service enabled threat actors to sign malware with short-lived Microsoft certificates, making malicious files appear legitimate Fox Tempest charged between $5,000 and $9,000 for access to its signing platform, with higher tiers offering priority service The operation supported major ransomware families including Rhys
May 202 min read
INTERPOL Operation Ramz: Major Cybercrime Crackdown Across MENA Results in 201 Arrests
Key Findings INTERPOL coordinated Operation Ramz across 13 MENA countries from October 2025 to February 2026, resulting in 201 arrests and 382 additional suspects identified Nearly 8,000 intelligence records were shared between participating nations, marking the largest coordinated cybercrime effort INTERPOL has led in the region Authorities identified 3,867 victims and seized 53 servers involved in phishing, malware, and cyber scam operations Private sector partners includin
May 192 min read
Google Thwarted First AI-Generated Zero-Day Exploit Before Attack
Key Findings Google Threat Intelligence Group discovered a zero-day exploit developed entirely by artificial intelligence before attackers could deploy it at scale Code analysis revealed telltale AI artifacts including excessive documentation strings, highly annotated code, and a hallucinated CVSS score that don't match human developer patterns A well-known cybercrime group with a history of high-profile attacks and mass exploitation was preparing to use the exploit for finan
May 122 min read
Two US Men Imprisoned for Aiding North Korean Hackers in Infiltrating American Companies
Key Findings Two US men, Matthew Isaac Knoot and Erick Ntekereze Prince, sentenced to 18 months each for operating "laptop farms" that enabled North Korean hackers to infiltrate approximately 70 US companies The scheme generated over $1.2 million in illicit revenue, primarily funneled to North Korea's weapons of mass destruction programs Knoot's operation ran from July 2022 to August 2023; Prince's farm operated from June 2020 to August 2024 Victims incurred over $1.5 million
May 102 min read
xlabs_v1 Mirai Botnet: Exploiting ADB Across IoT Devices for Large-Scale DDoS Operations
Key Findings New Mirai-derived botnet called xlabs_v1 targets internet-exposed Android Debug Bridge (ADB) services on port 5555 to compromise IoT devices for DDoS attacks Supports 21 flood variants across TCP, UDP, and raw protocols including RakNet and OpenVPN-shaped traffic designed to bypass consumer-grade DDoS protection Operates as a DDoS-for-hire service primarily targeting game servers and Minecraft hosts with bandwidth-tiered pricing Threat actor uses the moniker "Tad
May 73 min read
US Cybersecurity Experts Face Prison Time in Major Ransomware Conspiracy Case
Key Findings Two US cybersecurity professionals, Ryan Goldberg and Kevin Martin, sentenced to four years in prison for supporting BlackCat ransomware attacks Both pleaded guilty to conspiracy and extortion charges related to attacks between April and December 2023 Third accomplice Angelo Martino pleaded guilty and awaits sentencing scheduled for July 9 The trio deployed ALPHV BlackCat ransomware against multiple US victims and extorted approximately $1.2 million in Bitcoin De
May 32 min read
Massive China-Linked Cybercrime Network Deploys 5,300+ Backdoors in 45,000+ Attacks
Key Findings Massive China-linked cybercrime operation discovered using automated systems called Paperclip (backend) and OpenClaw (workflow agent) Approximately 45,000 documented attack attempts with 5,300+ backdoor implants deployed across victims Targets include fintech companies, Web3 platforms, and security vendors Operation maintains centralized control enabling data enrichment and victim prioritization Attackers have compromised thousands of hosts with custom backdoors
May 22 min read
Former Cybersecurity Professionals Sentenced to 4 Years for BlackCat Ransomware Attacks
Key Findings Ryan Goldberg and Kevin Martin sentenced to four years in prison each for facilitating BlackCat ransomware attacks in 2023 Both defendants were employed in legitimate cybersecurity roles at the time of their crimes The pair, along with co-conspirator Angelo Martino, extorted approximately $1.3 million from a medical company in a single attack Goldberg fled to Europe after being interviewed by the FBI but was tracked across 10 countries and arrested in Mexico City
May 13 min read
Ransomware Negotiator Guilty of Secretly Supporting BlackCat Extortion Operations
Key Findings Angelo Martino, 41-year-old ransomware negotiator from Florida, pleaded guilty to assisting the BlackCat ransomware group while employed at a U.S. incident response firm Martino leaked confidential client information including insurance limits and negotiation strategies to BlackCat operators, enabling higher ransom demands across five victim cases starting April 2023 He conspired with two other cybersecurity professionals, Ryan Goldberg and Kevin Martin, to deplo
Apr 213 min read
Scattered Spider Hacker Tyler Buchanan Pleads Guilty to $8M Crypto Theft and Corporate Computer Hacking
Key Findings Tyler Robert Buchanan, 24, from Dundee, Scotland pleaded guilty to hacking dozens of companies and stealing at least $8 million in cryptocurrency Arrested in Spain in May 2024 after entering via Barcelona; extradited to US custody where he has remained since April 2025 Used SMS phishing campaigns targeting corporate employees between 2021 and 2023 to steal login credentials and access systems Employed SIM swap attacks and intercepted two-factor authentication cod
Apr 203 min read
bottom of page
