cybercrime
Cybercrime ‘crew’ stole $635,000 in Taylor Swift concert tickets
New York prosecutors say that two people working at a third-party contractor for the StubHub online ticket marketplace made $635,000 after almost 1,000 concert tickets and reselling them online. As the prosecutors explain, the vast majority of stolen tickets were for Taylor Swift’s Eras Tour. However, the criminals also targeted other high-value and high-profile events, including […]
Microsoft names cybercriminals behind AI deepfake network
Microsoft has named multiple threat actors part of a cybercrime gang accused of developing malicious tools capable of bypassing generative AI guardrails to generate celebrity deepfakes and other illicit content. An updated complaint identifies the individuals as Arian Yadegarnia from Iran (aka ‘Fiz’), Alan Krysiak of the United Kingdom (aka ‘Drago’), Ricky Yuen from Hong Kong, China […]
Suspected Desorden hacker arrested for breaching 90 organizations
A suspected cyber criminal believed to have extorted companies under the name “DESORDEN Group” or “ALTDOS” has been arrested in Thailand for leaking the stolen data of over 90 organizations worldwide. The suspect was arrested in Bangkok through a law enforcement operation by the Royal Thai Police and the Singapore Police Force, with the help […]
Darcula PhaaS can now auto-generate phishing kits for any brand
The Darcula phishing-as-a-service (PhaaS) platform is preparing to release its third major version, with one of the highlighted features, the ability to create do-it-yourself phishing kits to target any brand. The upcoming release, currently available as a beta, will remove the targeting scope restrictions by offering a finite number of phishing kits and allowing anyone […]
New NailaoLocker ransomware used against EU healthcare orgs
A previously undocumented ransomware payload named NailaoLocker has been spotted in attacks targeting European healthcare organizations between June and October 2024. The attacks exploited CVE-2024-24919, a Check Point Security Gateway vulnerability, to gain access to targeted networks and deploy the ShadowPad and PlugX malware, two families tightly associated with Chinese state-sponsored threat groups. Orange Cyberdefense CERT links […]
Police dismantles HeartSender cybercrime marketplace network
Law enforcement authorities in the United States and the Netherlands have seized 39 domains and associated servers used by the HeartSender phishing gang operating out of Pakistan. Also known as Saim Raza and Manipulators Team, the group has operated online cybercrime marketplaces for over a decade, selling hacking and fraud-enabling tools like phishing kits, malware, and spamming […]
KuCoin to pay nearly $300 million in penalties after guilty plea
KuCoin’s operator, PEKEN Global Limited, pleaded guilty to operating an unlicensed money-transmitting business and agreed to pay $297 million in penalties to settle charges in the U.S. The cryptocurrency exchange was charged in March 2024 for its failure to implement the required anti-money laundering (AML) requirements, allowing cybercriminals to use the platform to launder their proceeds. According […]
Police seizes Cracked and Nulled hacking forum servers, arrests suspects
Europol and German law enforcement confirmed the arrest of two suspects and the seizure of 17 servers in Operation Talent, which took down Cracked and Nulled, two of the largest hacking forums with over 10 million users. Even though some of their members are also engaged in ethical hacking discussions, these hacking forums are best […]
FBI seizes Cracked.io, Nulled.to hacking forums in Operation Talent
Update January 29, 14:15 EST: Seizure banners were added to the cracked[.] io, nulled [.] to, starkrdp [.] io, mysellix [.] io, and sellix [.] io, confirming that the domains had been seized in a joint law enforcement action dubbed “Operation Talent” that included authorities from the United States, Italy, Spain, Europe, France, Greece, Australia, and […]
Hacker infects 18,000 “script kiddies” with fake malware builder
A threat actor targeted low-skilled hackers, known as “script kiddies,” with a fake malware builder that secretly infected them with a backdoor to steal data and take over computers. Security researchers at CloudSEK report that the malware infected 18,459 devices globally, most located in Russia, the United States, India, Ukraine, and Turkey. “A trojanized version […]