ALL POSTS

Key Findings Attackers are impersonating LastPass in an active phishing campaign that aims to steal users' master passwords. The phishing emails claim there is urgent LastPass maintenance and urge users to back up their password vaults within 24 hours. The malicious emails use subject lines referencing infrastructure updates, vault security, and missed deadlines to trick victims. The phishing links lead to an Amazon S3–hosted page that redirects to a fake LastPass site design

Key Findings Microsoft, in collaboration with law enforcement authorities, has taken coordinated legal action to disrupt the cybercrime subscription service called RedVDS, which has allegedly fueled millions in fraud losses. RedVDS provided criminals with access to disposable virtual computers running unlicensed software, enabling them to operate anonymously and carry out various illicit activities, including phishing, business email compromise (BEC), and financial fraud. Sin

Here is an article in the requested format: Key Findings Cybersecurity researchers have uncovered two service providers that supply online criminal networks with tools and infrastructure to fuel the pig butchering-as-a-service (PBaaS) economy. Since 2016, Chinese-speaking criminal groups have established industrial-scale scam centers across Southeast Asia, creating special economic zones devoted to fraudulent investment and impersonation operations. These compounds host thous

Europol Raids Disrupt Black Axe Cybercrime Ring in Spain Key Findings: International law enforcement agencies have dealt a major blow to the criminal network known as Black Axe. 34 people were arrested across Spain, with the majority in Seville. Black Axe is a large, organized criminal group originating in West Africa, with an estimated 30,000 members worldwide. The group is known for online fraud schemes, including romance scams, phishing, and business email compromise (BEC)

Background Fraud has long been perceived as a cost of doing business, a nuisance to be absorbed by banks and consumers. This perception is outdated, as modern fraud blends geopolitics with advanced technical tactics, carried out through criminal proxies to target businesses and the public. Key Findings The global response to fraud has remained piecemeal, reactive, and inadequate, despite it being a global security threat. Industrialized fraud integrates aspects of asymmetric

Key Findings The fraudulent investment scheme known as Nomani has witnessed a 62% increase, according to ESET. Nomani campaigns have expanded beyond Facebook to include other social media platforms, such as YouTube. ESET blocked over 64,000 unique URLs associated with the Nomani threat this year, with the majority of detections originating from Czechia, Japan, Slovakia, Spain, and Poland. Nomani leverages social media malvertising, company-branded posts, and AI-powered video

Key Findings The U.S. Justice Department (DoJ) seized the domain web3adspanels[.]org, which was used as a backend web panel to host and manipulate illegally harvested bank login credentials. The criminal group behind the scheme used fraudulent advertisements on search engines like Google and Bing to redirect users to fake bank websites, where their login credentials were harvested through malicious software. The stolen credentials were then used by the criminals to access vic

Key Findings Zahid Hasan, a 29-year-old Bangladeshi national, has been indicted on a nine-count federal charge for operating a sophisticated network of websites selling digital templates for fake government documents, including U.S. passports and Montana driver's licenses. Hasan allegedly ran businesses like Techtreek.com, Egiftcardstorebd.com, and Idtempl.com from 2021 to 2025, selling these templates to over 1,400 customers worldwide and generating over $2.9 million in reve

Key Findings The U.S. Department of Justice has indicted 54 individuals over a multi-million-dollar ATM jackpotting fraud scheme. The crimes are linked to the cybercrime group Tren de Aragua (TdA), including charges of fraud, money laundering, and material support to a terrorist organization. ATM jackpotting is a type of cyber-enabled bank robbery where criminals infect an ATM with malware or use physical access to force it to dispense cash. The conspiracy used a malware stra

Key Findings: Artem Aleksandrovych Stryzhak, a 35-year-old Ukrainian national, pleaded guilty to multiple crimes stemming from his involvement in a string of ransomware attacks targeting U.S. and Europe-based organizations from mid 2018 to late 2021. Stryzhak faces up to 10 years in jail for conspiracy to commit fraud, including extortion. Authorities are still looking for Stryzhak's alleged co-conspirator Volodymyr Tymoshchuk and announced a $11 million reward for informatio

Key Findings India's Department of Telecommunications (DoT) has ordered messaging apps to work only with active SIM cards linked to users' phone numbers to prevent fraud and misuse. The amendment to the 2024 Telecom Cyber Security Rules aims to curb fraudulent activities such as phishing, scams, and cyber fraud by preventing the misuse of telecom identifiers. Messaging apps have 90 days to implement the changes and 120 days to report compliance. Background The DoT has observe

Key Findings New Android banking trojan called Sturnus enables credential theft and full device takeover for financial fraud Key differentiator is ability to bypass encrypted messaging on apps like WhatsApp, Telegram, and Signal Captures content directly from device screen after decryption, allowing monitoring of private communications Stages overlay attacks to steal banking credentials and leverages accessibility services for extensive device control Blocks uninstallation at