Cybercrime
-
FBI warns Silent Ransom Group is targeting US law firms in in-person data theft attacks
The FBI warned that Silent Ransom Group is targeting U.S. law firms with phishing, callback scams and, if needed, in-person access to steal data. The gang may use remote tools or connect external drives to victim computers.
-
Lazarus Group Uses Memory-Only RemotePE Malware Against Crypto Firms
Researchers say Lazarus Group has used the RemotePE malware family against financial and cryptocurrency targets. The in-memory trojan leaves little forensic evidence and was linked to a multi-stage attack chain with several loaders.
-
Europol says it took down First VPN in cybercrime crackdown
European authorities shut down First VPN, a service used by cybercriminals to hide activity, and arrested the alleged administrator in Ukraine, Europol said. Officials also seized servers and domains and identified thousands of users linked to crime.
-
Ukraine says it identified 18-year-old suspect in infostealer case tied to 28,000 accounts
Ukraine said it identified an 18-year-old suspect in Odesa in an infostealer case tied to 28,000 customer accounts, with 5,800 used for unauthorized purchases totaling about $721,000.
-
Hackers bypass SonicWall VPN MFA after incomplete patching
Threat actors bypassed MFA on SonicWall Gen6 SSL-VPN appliances in attacks between February and March, exploiting a flaw that stayed open on devices that were updated but not fully remediated, according to a ReliaQuest analysis.
-
GitHub investigates claim of internal repository theft after TeamPCP listing
GitHub said it is investigating unauthorized access to internal repositories after TeamPCP claimed it was selling source code and internal data. The company said it has no evidence of customer impact outside internal repositories.
-
Microsoft disrupts malware-signing service tied to ransomware groups
Microsoft said it disrupted a malware-signing service that abused its Artifact Signing platform to issue more than 1,000 fraudulent certificates used by ransomware gangs and other cybercriminals.
-
Trapdoor Android ad fraud scheme hit millions of devices, researchers say
Researchers said Trapdoor used Android utility apps, hidden WebViews and HTML5 cashout domains to drive ad fraud at scale. Google removed the identified apps after disclosure, and the campaign had reached millions of downloads.
-
Compromised Nx Console VS Code extension targeted developers in supply chain breach
A compromised Nx Console VS Code extension spread credential-stealing malware to developers after being published on the Microsoft marketplace. The incident affected more than 2.2 million installations and prompted update and credential-rotation warnings.
-
INTERPOL says MENA cybercrime operation leads to 201 arrests
INTERPOL said a five-month crackdown across the Middle East and North Africa led to 201 arrests, 382 additional suspects and 53 server seizures in an operation targeting phishing, malware and online scams.
