Cybercrime
-
SystemBC C2 server tied to The Gentlemen exposes 1,570 victims
Check Point Research said a SystemBC command-and-control server linked to The Gentlemen ransomware operation exposed more than 1,570 victims worldwide, underscoring how proxy malware can support larger intrusion campaigns.
-
NGate malware campaign targets Brazil through trojanized HandyPay app
Researchers found a new NGate Android malware campaign targeting Brazil since around November 2025. The trojanized HandyPay app can relay NFC payment data, capture PINs and help thieves carry out fraudulent ATM withdrawals.
-
KelpDAO says $290 million crypto heist tied to suspected Lazarus hackers
KelpDAO said a $290 million crypto theft likely tied to North Korea’s Lazarus Group hit its rsETH system on Saturday. The incident also prompted Aave to freeze rsETH-related activity while investigators examined the cross-chain attack.
-
Vercel says breach linked to third-party AI tool exposed limited customer credentials
Vercel said a breach tied to a third-party AI tool exposed access to some internal systems and affected a limited subset of customers. The company said sensitive environment variables were not known to be accessed and urged credential rotation.
-
Global police seize 53 domains in DDoS-for-hire crackdown
Police in 21 countries seized 53 domains and arrested four people in Operation PowerOFF, a crackdown on DDoS-for-hire services used by more than 75,000 cybercriminals and tied to databases with over 3 million accounts.
-
Researchers spot PowMix botnet targeting Czech workers
Researchers said the PowMix botnet has targeted workers in the Czech Republic since at least December 2025. The malware uses phishing-style ZIP files, in-memory execution and jittered command traffic to avoid detection.
-
Researchers link AI-driven Pushpaganda scam to Google Discover ad fraud
Researchers say a new ad fraud campaign used AI-generated content and Google Discover to push users toward notification-based scams. The operation, dubbed Pushpaganda, was tied to 113 domains and about 240 million bid requests in seven days.
-
JanelaRAT malware targets banks in Brazil and Mexico, Kaspersky says
JanelaRAT malware has targeted banks and financial institutions in Brazil and Mexico, with Kaspersky recording more than 26,000 attacks there in 2025. The trojan can steal credentials, track activity and use browser extensions for fraud.
-
Booking.com says hackers accessed reservation data, forces PIN resets
Booking.com said hackers accessed some reservation-related data and forced PIN resets for existing and past bookings. The company notified affected users by email and said it had contained the suspicious activity.
-
APT37 Uses Facebook, Telegram in RokRAT Phishing Campaign
North Korea-linked APT37 used Facebook and Telegram to deliver RokRAT in a multi-stage campaign that relied on fake personas, a trojanized PDF viewer and compromised infrastructure, according to a technical analysis by Genians Security Center.
