top of page
ALL POSTS
Operation PowerOFF: 75,000 DDoS-for-Hire Service Users Identified and Warned
Key Findings Law enforcement from 21 countries completed a major crackdown on DDoS-for-hire services on April 13, 2026, resulting in 4 arrests and seizure of 53 web domains Over 75,000 warning letters and emails were sent to users of illegal DDoS services, targeting young people and hobbyists Authorities identified details on more than 3 million criminal user accounts during the investigation Operation PowerOFF deployed innovative enforcement tactics including Google ads and
Apr 192 min read
Operation PowerOFF Takes Down 53 DDoS Domains, Reveals 3 Million Criminal Accounts
Key Findings 53 DDoS-for-hire domains seized across 21 countries in coordinated operation Four suspects arrested in connection with commercial DDoS services Databases containing over 3 million criminal user accounts accessed More than 75,000 cybercriminals identified and warned via email and letters 25 search warrants issued as part of ongoing investigation Operation PowerOFF demonstrates escalating law enforcement focus on dismantling DDoS infrastructure Background Operation
Apr 173 min read
Hacker Leveraged Claude and GPT-4.1 AI to Steal Hundreds of Millions of Mexican Records
Key Findings A single hacker compromised nine Mexican government agencies between December 2025 and February 2026 using Claude Code and GPT-4.1 The attacker generated 5,317 AI-executed commands across 34 sessions, with Claude Code running approximately 75% of remote commands to government systems Over 305 million citizen records were exfiltrated, including 195 million taxpayer records, 220 million civil records, and sensitive health and domestic violence victim data The hacke
Apr 124 min read
BKA Unmasks REvil Ransomware Leaders Behind 130+ German Cyberattacks
Key Findings German Federal Criminal Police (BKA) identified two REvil ransomware operators responsible for over 130 attacks across Germany Daniil Maksimovich Shchukin (31), a Russian national operating under the alias UNKN, led the GandCrab/REvil groups from early 2019 through July 2021 Anatoly Sergeevitsch Kravchuk (43), also Russian, served as the technical developer of REvil during the same period The two suspects orchestrated 25 attacks that resulted in €1.9 million in r
Apr 63 min read
Russian Hacker Sentenced to 6.75 Years for $9 Million Ransomware Campaign
Key Findings 26-year-old Russian citizen Aleksei Olegovich Volkov sentenced to 81 months in prison for ransomware facilitation Volkov operated as initial access broker, providing unauthorized network access to ransomware groups including Yanluowang Facilitated dozens of attacks causing over $9 million in confirmed losses and $24 million in intended losses Arrested in Italy January 2024, extradited to U.S., pleaded guilty November 2025 Must pay $9.1 million in restitution to v
Mar 242 min read
Operation Alice: Police Dismantle 373,000 Dark Web Sites in Massive CSAM Crackdown
Key Findings Single operator in China ran 373,000 fraudulent dark web sites offering CSAM and cybercrime services Operation Alice, led by German authorities with support from 23 countries, dismantled the network from March 9-19, 2026 Law enforcement seized 105 servers, identified 440 customers worldwide, and issued international arrest warrant for 35-year-old suspect Operator earned over €345,000 from roughly 10,000 customers through fake "packages" priced between €17 and €21
Mar 234 min read
Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
Key Findings * TeamPCP cybercriminal group suspected behind supply chain attack * 47 npm packages compromised across multiple scopes * Self-propagating CanisterWorm uses ICP blockchain canister as command-and-control infrastructure * Attack leverages npm package postinstall hooks to execute malware * Worm can automatically spread using stolen npm authentication tokens * Decentralized C2 infrastructure makes takedown efforts difficult Background The supply chain attack targets
Mar 212 min read
DoJ Dismantles Massive IoT Botnet Network Responsible for Global DDoS Attacks
Key Findings DoJ disrupted command-and-control infrastructure for 4 IoT botnets Botnets infected approximately 3 million devices worldwide Attacks measured up to 31.4 Tbps, causing potential massive internet disruption Botnets launched hundreds of thousands of DDoS attack commands Potential suspects include a 23-year-old Canadian and a 15-year-old German Multiple international law enforcement agencies and tech companies collaborated on the operation Background The botnet disr
Mar 202 min read
SocksEscort Proxy Network Dismantled by Federal Authorities in Global Fraud Crackdown
Key Findings * International law enforcement dismantled SocksEscort proxy network * Network compromised approximately 369,000 IP addresses worldwide * Cybercriminals used service to route fraudulent activities and hide identity * $3.5 million in cryptocurrency seized * Infected over 8,000 home and small business routers * Caused millions in financial losses across multiple victims Background SocksEscort operated as a malicious proxy service from 2009, systematically infecting
Mar 122 min read
GitHub Malware Operation Spreads Dangerous BoryptGrab Stealer
Key Findings BoryptGrab information stealer spreading through over 100 GitHub repositories Malware designed to collect browser data, cryptocurrency wallets, system details, and user files Some variants deploy a PyInstaller backdoor called TunnesshClient for remote command execution Background Trend Micro has uncovered a campaign distributing the BoryptGrab information stealer through more than 100 GitHub repositories. BoryptGrab is capable of collecting sensitive data such as
Mar 81 min read
Transparent Tribe Uses AI to Mass-Produce Malware Implants Targeting India
Key Findings Transparent Tribe, a Pakistan-aligned hacking group, has embraced the use of AI-powered coding tools to mass-produce malware implants. The goal is to flood target environments with a "high-volume, mediocre mass of implants" using lesser-known programming languages like Nim, Zig, and Crystal. These malware samples rely on trusted services like Slack, Discord, Supabase, and Google Sheets to fly under the radar, a technique dubbed "Distributed Denial of Detection (D
Mar 72 min read
Europol-Led Operation Disrupts Tycoon 2FA Phishing Scheme Linked to Thousands of Attacks
Key Findings Tycoon 2FA, a prominent Phishing-as-a-Service (PhaaS) platform, was dismantled by a coalition of law enforcement agencies and security companies led by Europol. The subscription-based phishing kit, which emerged in August 2023, was described as one of the largest phishing operations worldwide. Tycoon 2FA's primary developer is alleged to be Saad Fridi, who is said to be based in Pakistan. The platform enabled thousands of cybercriminals to covertly access email a
Mar 62 min read
Phobos Ransomware Operator Pleads Guilty, Faces Lengthy Prison Sentence
Key Findings: Evgenii Ptitsyn, a 43-year-old Russian national, pleaded guilty to wire fraud conspiracy for his role in the Phobos ransomware operation. Ptitsyn was a high-level administrator of the Phobos ransomware-as-a-service (RaaS) operation. The Phobos ransomware operation targeted over 1,000 public and private entities worldwide, extorting more than $16 million in ransom payments. Ptitsyn and his co-conspirators used a RaaS model to distribute Phobos ransomware to a net
Mar 52 min read
Operation Leak: Dismantling the LeakBase Cybercrime Forum
Key Findings The Federal Bureau of Investigation (FBI) seized the LeakBase cybercrime forum (leakbase[.]la) as part of "Operation Leak", an international crackdown led by Europol. LeakBase was a key hub in the cybercrime ecosystem, specializing in trading leaked databases and "stealer logs" containing compromised credentials. The forum had over 142,000 registered users, approximately 32,000 posts, and more than 215,000 private messages as of December 2025. Law enforcement age
Mar 52 min read
Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication
Key Findings: Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor authentication (MFA) protections. Starkiller is advertised as a cybercrime platform by a threat group calling itself Jinkusu, granting customers access to a dashboard to impersonate brands or enter a brand's real URL. The platform lets users choose custom keywords and integrates URL shorteners to obscure the destin
Mar 33 min read
Hacker Deploys LLM-Powered AI To Attack FortiGate Devices Across 55 Countries
Key Findings: A Russian-speaking threat actor compromised over 600 FortiGate firewalls across 55 countries in just 5 weeks The attacker systematically used generative AI and large language models (LLMs) to write tools and plan follow-on actions inside victim networks The campaign did not rely on zero-day vulnerabilities, instead targeting publicly accessible admin panels and VPN portals protected by weak credentials Stolen FortiGate configurations provided detailed informatio
Mar 32 min read
Cybercriminals Leverage AI 'Claude' to Breach Mexican Government Agencies
Key Findings Hackers abused Anthropic's Claude AI model to develop exploits, create custom tools, and automate the exfiltration of over 150GB of data in a cyberattack targeting Mexican government systems. The attackers compromised 10 Mexican government agencies and a financial institution, starting with the tax authority in December 2025. Hackers sent over 1,000 prompts to Claude and used OpenAI's GPT-4.1 to analyze stolen data. By bypassing AI guardrails and framing actions
Mar 12 min read
Lazarus Group's Medusa Ransomware Strikes Globally
Key Findings The North Korea-linked Lazarus Group has been observed using the Medusa ransomware in attacks targeting an entity in the Middle East and an unsuccessful attempt against a healthcare organization in the U.S. Medusa is a ransomware-as-a-service (RaaS) operation launched by a cybercrime group known as Spearwing in 2023, with over 366 claimed attacks to date. The Lazarus Group's Medusa ransomware campaign involves the use of various tools, including RP_Proxy, Mimikat
Feb 242 min read
FBI Warns of Escalating ATM Jackpotting Attacks, $20M Lost in 2025
Key Findings The FBI has warned of a sharp rise in ATM jackpotting attacks across the U.S., with losses exceeding $20 million in 2025 alone. Since 2020, about 1,900 incidents have been reported, including 700 last year. Total losses tied to jackpotting have reached roughly $40.7 million since 2021. Background The jackpotting technique was first proposed by white-hat hacker Barnaby Jack in 2010. Ploutus is one of the most sophisticated ATM malware that was first discovered in
Feb 202 min read
Ukrainian Sentenced to 5 Years in Prison for North Korean Remote Work Scheme
Key Findings Oleksandr Didenko, a 29-year-old Ukrainian national, was sentenced to 5 years in prison for his role in a scheme to help North Korean IT workers gain remote employment at U.S. companies using stolen identities. Didenko created over 2,500 fraudulent accounts on job platforms, money transmitters, and social media to sell the stolen identities to North Korean operatives. He managed up to 871 identities through laptop farms in the U.S. and facilitated North Korean wo
Feb 202 min read
bottom of page
