Cryptocurrency
-
New campaign targets crypto firms with macOS malware and supply chain attacks
A new campaign against cryptocurrency firms and developers used fake recruitment lures, macOS malware and a supply chain attack to steal credentials and target development infrastructure, according to a technical analysis by Wiz.
-
Lazarus Group Uses Memory-Only RemotePE Malware Against Crypto Firms
Researchers say Lazarus Group has used the RemotePE malware family against financial and cryptocurrency targets. The in-memory trojan leaves little forensic evidence and was linked to a multi-stage attack chain with several loaders.
-
UK sanctions Xinbi marketplace linked to Southeast Asian scam centres
The U.K. has sanctioned Xinbi, a Chinese-language marketplace accused of selling stolen data and cryptocurrency services to scam centres in Southeast Asia, and targeted the operators of a large scam compound known as #8 Park, as part of efforts to disrupt crypto-based money laundering and large-scale investment fraud.
-
GoBruteforcer botnet targets crypto and blockchain databases with credential brute force
A technical analysis found GoBruteforcer campaigns since mid 2025 that turn exposed Linux servers into botnet nodes to brute force FTP and database credentials and to probe blockchain accounts for funds.
-
SEC Charges Multiple Firms Over $14 Million Artificial Intelligence Crypto Scam
The U.S. Securities and Exchange Commission has charged several firms and investment clubs in an alleged AI-themed cryptocurrency scam that defrauded retail investors of more than $14 million, accusing operators of using WhatsApp groups and fake trading platforms to solicit funds.
-
FinCEN: Ransomware Payments Fell in 2024 After 2023 Peak, Report Shows
FinCEN reported 4,194 ransomware incidents from 2022–2024 with more than $2.1 billion in payments; activity peaked in 2023 and fell in 2024 after law enforcement disruptions of major gangs.
-
FBI says cybercriminals stole $262 million in account-takeover schemes since January
The FBI said cybercriminals impersonating banks have stolen more than $262 million in account-takeover attacks since January, with the IC3 receiving over 5,100 complaints; attackers use phishing, social engineering and fraudulent websites to capture credentials and move funds to cryptocurrency wallets.
-
U.S. Treasury sanctions eight people and two firms tied to North Korean money‑laundering and cybercrime
The U.S. Treasury has sanctioned eight individuals and two entities alleged to have laundered proceeds from North Korean cybercrime and fraudulent IT‑worker schemes, naming banks, an IT company and several representatives in China and Russia and linking crypto flows to those operations.
-
Microsoft, Cloudflare Lead Disruption of RaccoonO365 Phishing Network, Seizing 338 Domains
Microsoft and Cloudflare led a coordinated takedown of the RaccoonO365 phishing-as-a-service network, seizing 338 domains and disrupting a campaign that had targeted thousands of Microsoft 365 credentials across dozens of countries. The operation highlights how criminal networks leverage legitimate internet infrastructure to facilitate credential theft, with law enforcement pursuing principal operators and affiliates alike.
-
FBI, Dutch police shut down VerifTools fake-ID marketplace; servers seized in Amsterdam
Intl. law-enforcement agencies halted VerifTools, a major fake-ID marketplace, seizing multiple Amsterdam servers and revealing a scheme that generated millions in illicit proceeds and undermined identity verification systems across borders.
