cybercrime
FBI: US lost record $16.6 billion to cybercrime in 2024
The FBI says cybercriminals have stolen a record $16,6 billion in 2024, marking an increase in losses of over 33% compared to the previous year. According to the bureau’s annual Internet Crime Complaint Center (IC3) report, IC3 recorded 859,532 complaints last year (256,256 with actual loss), amounting to an average loss of $19,372. The most impacted […]
Cybersecurity firm buying hacker forum accounts to spy on cybercriminals
Swiss cybersecurity firm Prodaft has launched a new initiative called ‘Sell your Source’ where the company purchases verified and aged accounts on hacking forums to to spy on cybercriminals. The goal is to use these accounts to infiltrate cybercrime spaces and communities, collecting valuable intelligence that could lead to the exposure of malicious operations and platforms. […]
EncryptHub’s dual life: Cybercriminal vs Windows bug-bounty researcher
EncryptHub, a notorious threat actor linked to breaches at 618 organizations, is believed to have reported two Windows zero-day vulnerabilities to Microsoft, revealing a conflicted figure straddling the line between cybercrime and security research. The reported vulnerabilities are CVE-2025-24061 (Mark of the Web bypass) and CVE-2025-24071 (File Explorer spoofing), which Microsoft addressed during the March 2025 Patch Tuesday updates, acknowledging the […]
CISA warns of Fast Flux DNS evasion used by cybercrime gangs
CISA, the FBI, the NSA, and international cybersecurity agencies are calling on organizations and DNS providers to mitigate the “Fast Flux” cybercrime evasion technique used by state-sponsored threat actors and ransomware gangs. Although the technique isn’t new, its effectiveness has been documented and proven repeatedly in actual cyberattacks. How Fast Flux helps with evasion Fast Flux is a DNS […]
New Atlantis AIO platform automates credential stuffing on 140 services
A new cybercrime platform named ‘Atlantis AIO’ provides an automated credential stuffing service against 140 online platforms, including email services, e-commerce sites, banks, and VPNs. Specifically, Atlantis AIO features pre-configured modules for these services to perform brute force attacks, bypass CAPTCHAs, automate account recovery processes, and monetize stolen credentials/accounts. Credential stuffing and automation Credential stuffing […]
Police arrests 300 suspects linked to African cybercrime rings
African law enforcement authorities have arrested 306 suspects as part of ‘Operation Red Card,’ an INTERPOL-led international crackdown targeting cross-border cybercriminal networks. Between November 2024 and February 2025, authorities seized 1,842 devices allegedly used in mobile banking, investment, and messaging app scams linked to over 5,000 victims. “Ahead of the operation, countries exchanged criminal intelligence on key targets. This […]
Cybercrime ‘crew’ stole $635,000 in Taylor Swift concert tickets
New York prosecutors say that two people working at a third-party contractor for the StubHub online ticket marketplace made $635,000 after almost 1,000 concert tickets and reselling them online. As the prosecutors explain, the vast majority of stolen tickets were for Taylor Swift’s Eras Tour. However, the criminals also targeted other high-value and high-profile events, including […]
Microsoft names cybercriminals behind AI deepfake network
Microsoft has named multiple threat actors part of a cybercrime gang accused of developing malicious tools capable of bypassing generative AI guardrails to generate celebrity deepfakes and other illicit content. An updated complaint identifies the individuals as Arian Yadegarnia from Iran (aka ‘Fiz’), Alan Krysiak of the United Kingdom (aka ‘Drago’), Ricky Yuen from Hong Kong, China […]
Suspected Desorden hacker arrested for breaching 90 organizations
A suspected cyber criminal believed to have extorted companies under the name “DESORDEN Group” or “ALTDOS” has been arrested in Thailand for leaking the stolen data of over 90 organizations worldwide. The suspect was arrested in Bangkok through a law enforcement operation by the Royal Thai Police and the Singapore Police Force, with the help […]
Darcula PhaaS can now auto-generate phishing kits for any brand
The Darcula phishing-as-a-service (PhaaS) platform is preparing to release its third major version, with one of the highlighted features, the ability to create do-it-yourself phishing kits to target any brand. The upcoming release, currently available as a beta, will remove the targeting scope restrictions by offering a finite number of phishing kits and allowing anyone […]