Search This Blog

Popular Posts

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Megalodon Malware Backdoors 5,500+ GitHub Repos in 6-Hour Supply-Chain Attack

  On May 18, 2026, a massive automated supply-chain attack codenamed Megalodon struck GitHub, injecting malicious CI/CD backdoors into more ...

All the recent news you need to know
Holiday Shopping
Cyber Scams Cyber Security Cyberfrauds Digital payment system Digital Scams Digital Security Holiday Shopping

Online Shopping Red Flags That Could Signal Fraud and Financial Scams

 

Shopping online offers convenience and savings, but it also comes with risks. Fraudsters use fake deals, deceptive websites, and misleading advertisements to target consumers. Despite growing awareness, online shopping scams remain widespread. Recognizing warning signs early can help prevent the loss of money and personal information. 

A major red flag appears when a seller requests payment through gift cards, wire transfers, or money orders. Legitimate retailers typically offer secure payment options such as credit cards or trusted digital payment services. Scammers prefer irreversible payment methods because victims have little chance of recovering their funds. 

Text-message scams, known as smishing attacks, are becoming increasingly common. These messages often promote incredible discounts or claim there is an urgent issue with an account. Their goal is to direct users to malicious websites or trick them into revealing sensitive information. Because they frequently imitate trusted brands, careful attention is required to spot them. Fake retail websites are another common threat. 

These sites often copy legitimate logos, images, and designs to appear authentic. Checking the website address carefully can reveal suspicious characters, misspellings, or unusual formatting. Genuine retailers generally use straightforward domains that match their brand names. Unrealistic discounts are also a common warning sign. Offers advertising products at 90% off or more are often designed to lure shoppers into scams. 

Comparing prices across multiple retailers can help determine whether a deal is genuine or suspicious. Legitimate discounts rarely fall dramatically below market value. Phishing emails continue to target online shoppers. These messages may claim there is a problem with an order or offer a limited-time promotion. Clicking links can lead to malware infections or fake websites that steal personal data. Verifying the sender’s address and watching for spelling or grammar mistakes can help identify fraudulent emails. 

Shipping-related scams are also common. Fraudsters send messages pretending to be delivery companies, claiming a package is delayed or requires action. Instead of clicking links, consumers should visit the courier’s official website and check shipment details using legitimate tracking information. Fake coupon offers shared online present another risk. While retailers frequently promote discounts through official channels, scammers create counterfeit vouchers to attract victims. 

Confirming offers directly through a retailer’s website or customer support can help avoid malware and financial fraud. Even shopping on major online marketplaces is not completely risk-free. Third-party sellers sometimes offer counterfeit versions of popular products. Luxury goods, designer items, and branded electronics sold at unusually low prices should be approached cautiously. Deals that appear exceptionally cheap often involve counterfeit or low-quality merchandise. 

By paying attention to these warning signs and verifying offers before making purchases, shoppers can reduce their exposure to scams. A few extra checks can help protect personal information, prevent financial losses, and make online shopping a safer experience.
Read more »
Technology
AI Anthropic Bugs ChatGPT Claude Mythos Preview Technology

Anthropic's Mythos Preview Detects Over 10,000 Software Bugs in Project Glassing


Recently, Anthropic disclosed that its Project Glasswing initiative found over 10,000 critical or high vulnerabilities in system software in its first month of operation.

Claude Mythos Preview finds bugs

Claude and 50 other partners deployed Claude Mythos Preview to find critical software infrastructure. The AI company said the initiative progress is now restricted by the pace at which flaws can be authorized, patched, and disclosed instead of discovery rates. 

The discovery of flaws

Cloudflare detected 2,000 vulnerabilities throughout its critical-path systems, with around 400 labelled as critical or high severity. Claude said that its bug-finding rate surged by over ten times. Various other partners reported the same surges in flaw detection rates.

About bug patches

The UK’s AI Security Institute reported that Mythos Preview has been the only model to patch both of its cyber issues end-to-end. Mozilla detected and patched 271 bugs in Firefox while analyzing Mythos Preview. The number is ten times more than Firefox 148 with Claude Opus 4.6. 

More about Anthropic patching flaws

Anthropic analyzed over 1,000 open-source projects via Mythos Preview, and found 6,202 estimated high or critical severity bugs out of 23,019. Out of 1,752 critical or high bugs studied by independent security research institutes, 90.6% were acknowledged as valid and 62.4% were confirmed as critical or high severity.

One bug was found in wolfSSL, a cryptographic library that billions of devices use. If successful, the bug would have allowed a threat actor to make fake certificates and host fake sites for email providers or banks. The bus was labelled as CVE-2026-5194 and has been fixed.

Critical vulnerabilities

Anthropic has revealed 530 critical or high bugs to researchers. Seventy-five have been fixed and sixty-five have been given public advisories. Claude said that a high or critical flaw detected by Mythos Preview roughly takes two weeks to fix on average.

In its recent release, Palo Alto Networks added more than five times as many patches as normal. Microsoft stated that it will keep releasing further fixes. Oracle is identifying and resolving vulnerabilities in all of its products many times more quickly than in the past.

Three weeks ago, Anthropic made Claude Security available to clients of Claude Enterprise in a public beta. Claude Opus 4.7 has been used to patch more than 2,100 vulnerabilities.

To help maintainers handle bug reports, the corporation partnered with the Alpha-Omega project of the Open Source Security Foundation. Anthropic has not made Mythos-class models available to the general public, citing the necessity for more robust security measures to stop abuse.
Read more »
US
AT&T CyberCrime scams technology telecom US

U.S. Lawmakers Press Telecom Providers for More Action Against Growing Scam Epidemic

 



A congressional committee is seeking answers from some of the largest telecommunications providers in the United States as financial losses linked to scams continue to rise across the country.

The inquiry comes from the Joint Economic Committee, whose leadership has asked major wireless carriers AT&T, Verizon, and T-Mobile to provide details about the measures they use to detect, monitor, and disrupt fraudulent activity occurring across their networks.

In a letter sent to the companies, committee chairman David Schweikert and ranking member Maggie Hassan said consumers should be able to trust the phone calls and text messages they receive from legitimate sources such as schools, healthcare providers, and other essential services. However, they noted that scam messages have become increasingly convincing, making it harder for people to distinguish fraudulent communications from authentic ones. The lawmakers argued that too much responsibility currently falls on consumers to identify suspicious activity on their own.

As part of the request, the committee is seeking information about how telecom providers gather intelligence on scams, monitor cybercrime-related activity, and respond to malicious actors who abuse communication networks to target the public.

The congressional review reflects broader concern in Washington over the rapid growth of cyber-enabled fraud. Scam operations have become a significant economic issue in recent years, with estimates indicating that Americans lost roughly $200 billion to various forms of fraud and cybercrime during 2024. Criminal groups increasingly use text messages, phone calls, social engineering techniques, and online platforms to reach potential victims at scale.

Telecommunications companies are not the only organizations facing scrutiny. Lawmakers have also examined the role played by satellite internet providers, online dating services, artificial intelligence firms, data brokerage companies, and federal agencies in either facilitating, detecting, or responding to cyber-enabled scams.

Efforts to address fraudulent communications are not new. In 2019, Congress passed the TRACED Act, legislation designed to curb robocalls and caller ID spoofing. The law, together with actions by the Federal Communications Commission, required major carriers to implement caller authentication technologies intended to help verify the origin of calls and improve investigators' ability to identify criminal operators.

Despite those measures, scam campaigns continue to reach consumers in large numbers. Security experts have repeatedly noted that many fraud networks operate across international borders, making enforcement and disruption efforts more difficult.

Industry data highlights both the scale of telecom intervention and the persistence of the problem. According to CTIA, wireless providers blocked approximately 55 billion spam and scam text messages during 2024 while also flagging or blocking around 45 billion suspected scam calls each year. Yet fraudulent communications continue to bypass filtering systems and reach consumers.

Additional industry estimates suggest the volume remains substantial. Robocall monitoring company YouMail reported that Americans received more than 50 billion robocalls during 2025. Separate data from RoboKiller indicated that spam text traffic exceeded 19 billion messages per month throughout 2024.

Federal Trade Commission statistics further illustrate the role of telecommunications channels in scam activity. The agency's data shows that text messages were among the most commonly reported methods used by scammers to contact victims, while phone calls also ranked near the top of reported contact methods.

Industry representatives argue that telecom providers are actively engaged in combating the problem. Josh Bercu, senior vice president of policy at USTelecom, said companies support scam prevention efforts through call traceback programs, disruption of unlawful activity, and cooperation with law enforcement investigations. He added that addressing fraud requires coordination across multiple industries rather than action from a single sector alone.

At the same time, some telecommunications providers have introduced paid security-focused services, including advanced call-filtering tools and branded caller identification features. These offerings aim to provide customers with additional protection against unwanted communications.

Consumer advocates, however, believe stronger incentives may be necessary to encourage broader action. Eden Iscil of the National Consumers League argued that companies may not implement the fullest possible protections unless greater accountability or financial consequences are attached to failures in consumer protection.

The discussion reflects a larger challenge facing governments, technology companies, and telecom providers worldwide. As scammers adopt increasingly sophisticated tactics and make greater use of automation, artificial intelligence, and stolen personal data, organizations responsible for digital communications face mounting pressure to strengthen detection systems while ensuring legitimate messages continue to reach consumers without disruption.

Read more »
VPN Takedown
Criminal Infrastructure Cybercrime Investigation Cybercrime Network Data Theft Europol Operation First VPN Ransomware Infrastructure Threat Intelligence VPN Takedown

First VPN Service Taken Offline Following Ransomware and Data Theft Investigation


 

Cybercrime has become increasingly challenging as efforts to disrupt it have shifted beyond the threat actors themselves towards the infrastructure that enables them to operate at scale have increased. First VPN has been dismantled in a significant enforcement action targeting that ecosystem by authorities. First VPN was alleged to be used as a means of concealing malicious activity and evading investigation by ransomware operators, fraud networks, and data thieves. 

Through the coordinated operation, infrastructure spanning dozens of countries was seized, a suspected administrator was identified, and a service disrupted that investigators say had become a recurring element within major cybercrime investigations.

In light of this development, the focus has shifted away from pursuing the individuals responsible for carrying out illicit operations to dismantling the technical foundations which support illicit operations. Despite playing a legitimate role in modern cybersecurity by encrypting internet traffic, masking IP addresses, and facilitating secure communications across untrusted networks, virtual private network services have also been used to conceal malicious activities.

It has been alleged that First VPN developed beyond a conventional privacy service, becoming an integral part of the cybercriminal infrastructure stack, providing threat actors with a means for concealing operating footprints, anonymizing network activity, and complicating attribution. Europol reports that references to the service have surfaced repeatedly throughout nearly every major cybercrime investigation it has assisted, highlighting its extensive use in preventing money laundering, fraud, and identity theft.

On the 19th and 20th of May, authorities conducted a coordinated enforcement action targeting the infrastructure supporting the service, interviewed its suspected administrator, and conducted a house search in Ukraine while at the same time dismantling 33 servers and disrupting global systems thought to facilitate criminal activity. 

Additionally, the operation resulted in the seizure of core domains, including 1vpns.com, 1vpns.net, and 1vpns.org, and associated onion services, effectively removing key access points relied upon by its user base. Further, investigators informed users that the service had been discontinued and that they were being scrutinized by law enforcement.

The platform was taken down as a result of an investigation initiated in December 2021 in which Europol's European Cybercrime Centre and cybersecurity firm Bitdefender assisted authorities in gaining access to the platform's infrastructure and user database. By analysing the collected data, investigators were able to map VPN connections that were believed to facilitate criminal activity, uncovered intelligence on thousands of users, and generated actionable leads related to ransomware campaigns, fraud networks, and other serious cyber-enabled crimes across multiple jurisdictions. 

The investigation has also revealed a fundamental contradiction in the core of criminal anonymity services, namely, that the promise of complete invisibility is very often dependent on the trustworthiness of the very operators who earn their profits from that promise.

It has been alleged that intelligence recovered during Operation Saffron included a database of VPN users which was capable of identifying specific VPN activities and individuals. This raises serious concerns about the extent to which a service that reportedly marketed itself as unreachable by law enforcement retains data. These findings are consistent with a recurring reality within the underground economy, in which threat actors routinely entrust operational trust in infrastructure providers whose internal practices remain opaque and largely undisclosed. 

Considering the investigation of First VPN as part of the cybercrime supply chain, First VPN plays an essential role in enabling malicious actors to maintain operations while minimizing their vulnerability to detection and attribution. The dismantling of its operations aligns with Europol’s broader strategic approach to targeting shared infrastructure rather than individual groups in isolation. 

By disrupting common operational dependencies, multiple criminal networks can be affected simultaneously, resulting in cascading effects. It is evident that this approach has both effectiveness and limitations, as demonstrated by enforcement actions against Safe-Inet in 2020 and VPNLab.net in 2022. 

Cybercriminal operators frequently migrate to alternative providers during such operations; however, the intelligence obtained as a result of such operations frequently exceeds the value of infrastructure seizures over the long run. The investigation into First VPN resulted in a significant amount of operational intelligence obtained by investigators. This information has already been translated into tangible investigation outcomes for the investigation. 

Over 80 intelligence packages have been disseminated globally, 506 known users of the service were identified, and at least 21 investigations have been supported by the information derived from the operation. 

The recovered dataset not only exposes individuals allegedly involved in ransomware campaigns and fraud operations, but also enables law enforcement agencies to map relationships, infrastructure dependencies, and historical activity patterns that would otherwise remain concealed behind layers of anonymity.

According to industry observers, this intelligence-driven approach is increasingly based on the evolving nature of cybercrime disruption, in which not only is it advantageous to eliminate malicious infrastructure but also to turn seized systems into sources of actionable intelligence that can assist law enforcement efforts across jurisdictions in coordinating enforcement efforts. 

Dismantling First VPN illustrates an emerging reality in cybercrime enforcement: it is becoming increasingly necessary to target infrastructure providers and technology companies that enable malicious activity, as well as the actors committing the crime. 

Cybercriminal ecosystems have repeatedly demonstrated the capability to adapt and rebuild, but the information recovered from such operations can serve as a lasting investigative tool that extends beyond the initial takedown. 

As a result of this development, organizations must continuously evaluate the assumptions surrounding trust regarding anonymization services, proxy networks, and other privacy-focused infrastructure within security monitoring strategies, especially since they serve as a reminder. 

Continuing to evolve threat actors' tactics, it is critical to maintain visibility into remote access activity, strengthen identity controls, and apply risk-based authentication. In addition to the increasing efforts of law enforcement and cybersecurity partners against cybercrime's infrastructure layer, the contest is increasingly driven by intelligence, attribution, and operational resilience.
Read more »
U.S. Crypto
CFTC CLARITY Act Cyber Security U.S. Crypto

CLARITY Act Explained: How the 2025 U.S. Crypto Bill Ends a Decade of Regulatory Chaos

 

For over a decade, the U.S. cryptocurrency industry has faced crippling regulatory uncertainty, with the SEC and CFTC locked in a bureaucratic tug-of-war over jurisdiction. The CLARITY Act (Digital Asset Market Clarity Act of 2025) is Washington’s most serious attempt to resolve this conflict by writing clear regulatory rules into federal law. Passed by the House in July 2025 with strong bipartisan support, the bill recently cleared the Senate Banking Committee on May 14, 2026, marking a pivotal turning point for crypto regulation in America. 

The core purpose of the CLARITY Act is to divide crypto oversight between two agencies: the SEC regulates digital assets that behave like securities (investment contracts sold by centralized teams), while the CFTC gains exclusive authority over digital commodities like Bitcoin and Ethereum that operate on decentralized networks. The legislation creates three distinct categories: digital commodities (CFTC), investment contract assets (SEC), and permitted payment stablecoins (joint oversight). This framework ends the legal vapor that has forced companies like Coinbase and Binance to spend millions on litigation instead of building products. 

For crypto businesses and developers, the Act offers transformative benefits including easier compliance, reduced risk of surprise enforcement actions, and expanded innovation opportunities in payments and trading. Crucially, it provides safe harbors for DeFi developers who write open-source code without touching user funds, stopping smart contract publication from being treated as running an unlicensed money transmitter. Banks also gain a legal on-ramp for custody, settlement, and tokenized assets, transforming these from regulatory grenades into normal business lines. 

However, three major fights could still derail the legislation before it reaches President Trump’s desk. First, law enforcement groups argue the bill makes illicit finance through DeFi too easy, with Senator Warner negotiating stricter provisions. Second, Senate Democrats demand ethics language preventing officials (including President Trump, who holds significant crypto holdings) from profiting from industry regulation, which the White House opposes. Third, banks panic over stablecoin rewards, with the current compromise blocking direct yield but permitting activity-linked rewards to protect traditional banking deposits. 

If passed, the CLARITY Act would establish the first actual statutory framework for digital assets in the United States, written by Congress and binding on every regulator, exchange, developer, and investor. A merged Senate bill is plausible by late summer 2026, with final passage by year-end realistic if the three open conflicts resolve. For the first time since Satoshi’s Bitcoin whitepaper, crypto purgatory might finally be ending, bringing the U.S. in line with regulatory clarity already enjoyed in Singapore, Switzerland, and Dubai.
Read more »
Digital Token
cryptocurrency Cryptocurrency Cybersecurity Cyber Networks Cyber Security Cyber Vulnerabilities Digital Token

MAPO Token Crashes 96% After Cross-Chain Bridge Exploit Triggers Massive Unauthorized Mint

 

A major shock hit cryptocurrency markets when the MAPO token crashed nearly 96% after a vulnerability in the Butter Network cross-chain bridge was exploited. The attacker created an enormous number of unauthorized tokens, flooding the market with supply far beyond legitimate circulation. 

The sudden imbalance disrupted trading across Ethereum-linked decentralized finance platforms and triggered widespread panic selling. Blockchain security researchers found that the flaw allowed the creation of one quadrillion MAPO tokens, vastly exceeding the project’s intended supply. Investors reacted quickly, dumping holdings as confidence collapsed. 

Within hours, the token’s value fell from nearly $0.003 to around $0.0001, wiping out significant market value and damaging trust in the ecosystem. The attack centered on Butter Network bridge infrastructure. Investigators reported that a newly created external wallet was used to move roughly one billion MAPO tokens into decentralized exchanges. 

During the exploit, nearly 52 ETH, worth about $180,000 at the time, was drained from Uniswap liquidity pools. Analysts traced the activity back to the bridge vulnerability and the attacker’s newly established account. Although a large portion of the unauthorized tokens was sold, researchers noted that the attacker still controlled nearly a trillion MAPO tokens. 

Those remaining holdings continue to threaten liquidity pools and exchanges supporting the token. The incident once again highlights the security challenges facing cross-chain bridges, which remain attractive targets because of their complexity and large asset reserves. The exploit adds to a growing list of attacks affecting blockchain and decentralized finance projects.

Security experts have repeatedly warned that systems connecting multiple networks create additional risks. Vulnerabilities within cross-chain infrastructure can remain hidden until specific conditions trigger them, making these platforms particularly difficult to secure. Following the breach, Map Protocol confirmed that the issue originated within its Solidity-based smart contracts. 

The project temporarily paused mainnet operations and began migration efforts while the investigation continued. Butter Network also suspended ButterSwap services as a precaution, though officials stated that user funds were not directly compromised. The team later announced plans for a new contract deployment and a snapshot of token holdings to support recovery efforts. 

Any assets remaining in attacker-controlled wallets will be invalidated and excluded from future migration or conversion processes. Blockchain records showed that nearly one billion MAPO tokens were transferred to Uniswap shortly after the unauthorized minting occurred. Further analysis revealed that the attacker first submitted a legitimate oracle multisignature message before deploying a malicious smart contract at a carefully selected address. 

A manipulated retry message was then resent with the same transaction hash, making it appear authentic. Because the bridge incorrectly validated the altered message, it approved the creation of the massive token supply. Researchers emphasized that no private keys were stolen and no light-client systems were compromised. 
Instead, the breach resulted from a smart contract validation flaw involving dynamic fields in Solidity code. 
The incident demonstrates how weaknesses in contract logic can create severe consequences, putting liquidity ecosystems, blockchain projects, and investor funds at risk even without traditional network-level compromises.
Read more »
Subscribe to: Posts (Atom)

Featured