Corporate Cybercrime
-
Poland detains three Ukrainian nationals over alleged use of advanced hacking equipment
Polish police arrested three Ukrainian nationals, aged 39–43, accusing them of attempting to damage IT systems and obtaining data important to national defence; officers seized hacking equipment including a Flipper device, multiple SIM cards and other electronics, and have detained the men for three months pending trial.
-
U.S. Treasury sanctions eight people and two firms tied to North Korean money‑laundering and cybercrime
The U.S. Treasury has sanctioned eight individuals and two entities alleged to have laundered proceeds from North Korean cybercrime and fraudulent IT‑worker schemes, naming banks, an IT company and several representatives in China and Russia and linking crypto flows to those operations.
-
Council of Europe authorises EU to sign UN cybercrime convention
The Council of Europe authorised the European Commission and member states to sign the UN Convention against Cybercrime, a treaty adopted by the UN General Assembly in December 2024 that sets common rules for criminalising cyber offences and exchanging electronic evidence, with safeguards to protect human rights.
-
Two campaigns push fake Meta Verified extensions to steal Facebook data, researchers say
Cybersecurity researchers uncovered two malvertising campaigns distributing fake Meta Verified browser extensions and rogue Chrome tools aimed at Meta advertisers, stealing Facebook cookies and account data with the goal of selling compromised assets and fueling further malvertising.
-
Ukrainian Network FDN3 Linked to Massive Brute-Force Campaign Against SSL VPNs and RDP Devices
A Ukraine-based IP network, FDN3, is linked to a broad abusive infrastructure conducting large-scale brute-force and password-spraying campaigns against SSL VPN and RDP devices, with activity spanning June to July 2025 and connections to offshore bulletproof hosting groups.
-
Interpol-led Africa cybercrime crackdown nets 1,209 arrests, $97.4 million recovered
Interpol says authorities across 18 African countries arrested 1,209 cybercriminals in the second phase of Operation Serengeti 2.0, recovering $97.4 million and dismantling thousands of illicit infrastructures as part of a broad cross-border crackdown on ransomware, online scams and business email compromise.
-
DaVita ransomware breach exposes data of nearly 2.7 million people, OCR confirms
DaVita disclosed that a ransomware attack compromised the personal and health data of nearly 2.7 million people, with OCR confirming 2,689,826 affected and the company noting a possible 2.4 million. The breach exposed information from DaVita’s labs database, with the company offering credit monitoring to affected individuals as investigations continue.
-
Noodlophile Infostealer Campaign Uses Legal-Threat Phishing to Target Businesses, Researchers Warn
Security researchers warn of a spear-phishing campaign leveraging legal-threat prompts to deploy the Noodlophile infostealer, using DLL side-loading in legitimate applications and malicious archives to exfiltrate cookies, payment data and system information across global targets.
-
Italy hotel data breach: AGID confirms theft claims affecting up to 10 establishments, investigation opened
Italy’s digital agency AGID says claims by a cybercriminal about data thefts targeting hotel booking systems are credible, with ten hotels affected and thousands of guest identity documents potentially stolen. The case prompted a formal investigation by the national data protection authority, which also warned of scams targeting victims.
-
Russia Restricts Voice Calls on WhatsApp, Telegram as Moscow Pushes National Messaging App Max
Russia’s Roskomnadzor has begun restricting voice calls on WhatsApp and Telegram, saying the apps fuel crime and violence, as Moscow presses ahead with a domestic messaging app called Max. WhatsApp and Telegram push back on encryption and moderation efforts, while lawmakers and media reports highlight a broader battle over secure communication and surveillance.
