Google confirmed it had detected and swiftly disabled a fraudulent account in its Law Enforcement Request System (LERS) after threat actors claimed they could access both LERS and the FBI’s eCheck verification portal. According to BleepingComputer, the FBI declined to comment. Google emphasized that no legal requests were issued from the fake profile and no … Read more

The US Department of Justice has sentenced former content supply chain employee Stephen Hale to 57 months in federal prison for stealing hundreds of unreleased DVDs and Blu‑rays, circumventing DRM, and distributing high‑quality pirate rips online. The case spotlights how pre‑release film assets—and the studios that monetize them in theaters and on physical media—remain vulnerable … Read more

Researchers at Kaspersky have identified a new wave of attacks by the cybercrime group known as RevengeHotels (also tracked as TA558) targeting the hospitality sector. The campaign blends polished phishing with JavaScript/PowerShell loaders to deliver VenomRAT, and, notably, shows signs of large language model (LLM)-assisted code generation that improves speed, scale, and evasion. Who TA558 … Read more

Google has removed 224 malicious Android apps from Google Play linked to the SlopAds ad‑fraud operation. According to Satori Threat Intelligence at HUMAN, these apps amassed over 38 million installs and generated up to 2.3 billion ad requests per day. The operation relied on a blend of obfuscation, steganography, and dynamic code loading to evade … Read more

A federal appeals court has vacated a previously lenient sentence and imposed a three‑year prison term on 22‑year‑old Connor Brian Fitzpatrick, known online as Pompompurin, the former administrator of the BreachForums cybercrime marketplace. The earlier sentence—20 years of supervised release and just 17 days in custody—was found inadequate and the case returned for resentencing. Appeals … Read more

Security researchers at SEC Consult (Eviden) uncovered a critical flaw in certain KioSoft prepaid NFC cards that power self-service payments in laundromats, vending machines, arcades, and car washes. Tracked as CVE-2025-8699, the issue allowed attackers to raise a card’s stored balance without payment. The coordinated disclosure spanned more than a year, with fixes reportedly shipped … Read more

Microsoft’s Digital Crimes Unit (DCU) and Cloudflare have jointly disrupted the RaccoonO365 phishing-as-a-service (PhaaS) operation used to steal Microsoft 365 credentials. In early September 2025, the teams seized 338 phishing sites and Cloudflare Workers accounts tied to the service, breaking a key infrastructure chain that attackers used to evade detection and harvest passwords at scale. … Read more

FinWise Bank has disclosed a data security incident dated May 31, 2024, in which a former employee accessed confidential information after employment ended. According to a notice filed with the Maine Attorney General on behalf of partner American First Finance (AFF), the breach involved consumers whose loans or lease-to-own products were originated by FinWise for … Read more

Researchers at Kaspersky have observed a fresh wave of targeted intrusion activity by the Head Mare threat group against organizations in Russia and Belarus. The actors have shifted from single backdoors to a resilient, multi‑stage toolchain that blends diverse technologies and execution paths, improving evasion and persistence across victim environments. Initial access: spearphishing with polyglot … Read more

A new wave of targeted phishing in the CIS is being attributed to the threat group ComicForm. Active since at least April 2025 and ongoing, the operation blends malware delivery with credential harvesting and exhibits a curious signature: hidden links to superhero GIFs inside malicious attachments. The campaign primarily targets organizations in Russia, Belarus, and … Read more