Cybercrime
-
iFood confirms data breach affecting 1.2 million users in Brazil
iFood said a December data breach exposed the personal details of 1.2 million users in Brazil, including CPF numbers, but not passwords or payment data. The company and hackers dispute the scale of the incident.
-
French, Spanish police shut fake ID marketplace used by migrant smugglers
French and Spanish authorities shut an online marketplace selling fake identity documents to migrant smuggling rings, arresting one suspect in Spain and seizing about 800 counterfeit IDs and production equipment.
-
China-linked TA4922 widens phishing attacks to Europe and South Africa
China-linked TA4922 has expanded phishing campaigns from East Asia to organizations in the U.K., Germany, Italy and South Africa, using malware such as Atlas RAT, RomulusLoader and SilentRunLoader, according to a Proofpoint technical analysis.
-
Researchers say macOS malvertising campaign is spreading FlutterShell backdoor
Researchers say a macOS malvertising campaign has been spreading a new backdoor called FlutterShell through trojanized desktop apps and ads, with activity seen as recently as March 2026.
-
Fake open-source tool sites used to push malware through gated redirects
Researchers say fake sites impersonating open-source tools such as Ghidra and dnSpy are using gated redirects to push malware, including Remus Stealer, AnimateClipper and SessionGate, after users click download buttons.
-
US-led operation disrupts Southeast Asia crypto scam networks
A U.S.-led operation disrupted Southeast Asia-based crypto scam networks that targeted Americans, taking down millions of accounts and freezing more than $3.8 million in digital assets linked to stolen funds.
-
Malspam campaign uses Google DoubleClick redirect chain to deliver DesckVB RAT
A malspam campaign is using Google DoubleClick redirects and personalized phishing pages to deliver DesckVB RAT, a .NET trojan. The attack chain uses HTML attachments, PowerShell, process hollowing, and anti-analysis checks.
-
WeedHack malware campaign infects more than 116,000 Minecraft systems
A malware campaign called WeedHack has infected more than 116,000 Minecraft systems since January, using fake mods and clients promoted through YouTube and search poisoning to steal credentials and other data.
-
Malicious npm package targets OpenAI Codex users and steals authentication tokens
Researchers say a malicious npm package and related Android apps targeted OpenAI Codex users, stealing local authentication tokens and sending them to an attacker-controlled server, with the package drawing more than 29,000 weekly downloads.
-
Dutch authorities take down botnet tied to 17 million infected devices
Dutch authorities have taken offline a botnet of at least 17 million infected devices and seized more than 200 servers in the Netherlands, according to a joint disclosure from the National Cyber Security Centre and police.
