Cybercrime
-
European Parliament extends temporary CSAM detection exemption until August 2027
The European Parliament extended a temporary ePrivacy derogation allowing voluntary CSAM detection until 3 August 2027. Lawmakers imposed limits and exclusions for end-to-end encryption as they work to negotiate a permanent legal framework.
-
Starbucks says 889 Partner Central accounts were compromised in employee data breach
Attackers accessed 889 Starbucks Partner Central accounts used by employees. Exposed data includes names, Social Security numbers, dates of birth, and bank account information. Impacted partners are being offered two years of identity theft protection and credit monitoring.
-
Authorities dismantle SocksEscort proxy service built from infected residential routers
Court-authorized international law enforcement disrupted the SocksEscort proxy service in March 2026, dismantling a router-based botnet and freezing $3.5 million in cryptocurrency, the U.S. Department of Justice said.
-
Loblaw notifies customers after breach exposes names and contact details
Loblaw notified customers this week that a breach of a contained part of its IT network exposed names phone numbers and email addresses. The company logged customers out and there was no evidence that financial or health data were accessed.
-
Researchers identify suspected AI-assisted Slopoly backdoor used by Hive0163
Researchers identified a suspected AI-generated PowerShell backdoor called Slopoly used by the cybercrime group Hive0163 in early 2026. The backdoor established persistence and beaconed to a command server while analysts examined code patterns.
-
Authorities disrupt SocksEscort proxy network powered by AVRecon on Linux routers
Law enforcement disrupted the SocksEscort proxy network that used AVRecon to compromise Linux routers. Lumen’s Black Lotus Labs reported the network averaged about 20,000 infected devices weekly and authorities seized infrastructure and froze funds.
-
U.S. charges former DigitalMint negotiator in scheme linked to BlackCat ransomware
The Department of Justice charged Angelo Martino, a former DigitalMint ransomware negotiator, with one count of conspiracy to interfere with interstate commerce by extortion after his March 10 surrender. Allegations include sharing negotiation details with BlackCat.
-
Threat actors using modified AuraInspector to mass-scan Salesforce Experience Cloud sites
Salesforce warned that attackers are using a modified AuraInspector to mass-scan public Experience Cloud sites and extract data from overly permissive guest user profiles. Customers should review guest settings and restrict external object access.
-
BeatBanker Android malware poses as Starlink app and hijacks devices in Brazil
BeatBanker is Android malware that combines a banking trojan and Monero miner, uses a fake Starlink Play Store page for delivery and a looping MP3 to stay active. Infections were recorded in Brazil.
-
GitLab analysis exposes North Korean fake IT worker tradecraft
A technical analysis by GitLab found North Korean operators used code repositories to deliver obfuscated malware loaders and that 131 accounts were removed last year. The report lists tradecraft and more than 600 indicators.
