Search This Blog

Powered by Blogger.

Blog Archive

Labels

About Me

Showing posts with label Cyber Crime. Show all posts

International Criminal Court Hit by Advanced Cyber Attack, No Major Damage

International Criminal Court Hit by Advanced Cyber Attack, No Major Damage

Swift discovery helped the ICC

Last week, the International Criminal Court (ICC) announced that it had discovered a new advanced and targeted cybersecurity incident. Its response mechanism and prompt discovery helped to contain the attack. 

The ICC did not provide details about the attackers’ intentions, any data leaks, or other compromises. According to the statement, the ICC, which is headquartered in The Hague, the Netherlands, is conducting a threat evaluation after the attack and taking measures to address any injuries. Details about the impact were not provided. 

Collective effort against threat actors

The constant support of nations that have ratified the Rome Statute helps the ICC in ensuring its capacity to enforce its mandate and commitment, a responsibility shared by all States Parties. “The Court considers it essential to inform the public and its States Parties about such incidents as well as efforts to address them, and calls for continued support in the face of such challenges,” ICC said. 

The ICC was founded in 2002 through the Rome Statute, an international treaty, by a coalition of sovereign states, aimed to create an international court that would prosecute individuals for international crimes– war crimes, genocide, terrorism, and crimes against humanity. The ICC works as a separate body from the U.N. International Court of Justice, the latter brings cases against countries but not individuals.

Similar attack in 2023

In 2023, the ICC reported another cybersecurity incident. The attack was said to be an act of espionage and aimed at undermining the Court’s mandate. The incident had caused it to disconnect its system from the internet. 

In the past, the ICC has said that it had experienced increased security concerns as threats against its various elected officials rose. “The evidence available thus far indicates a targeted and sophisticated attack with the objective of espionage. The attack can therefore be interpreted as a serious attempt to undermine the Court's mandate," ICC said. 

The recent notable arrests issued by the ICC include Russian President Vladimir Putin and Israeli Prime Minister Benjamin Netanyahu.

Cybercriminals Shift Focus to U.S. Insurance Industry, Experts Warn

 


Cybersecurity researchers are sounding the alarm over a fresh wave of cyberattacks now targeting insurance companies in the United States. This marks a concerning shift in focus by an active hacking group previously known for hitting retail firms in both the United Kingdom and the U.S.

The group, tracked by multiple cybersecurity teams, has been observed using sophisticated social engineering techniques to manipulate employees into giving up access. These tactics have been linked to earlier breaches at major companies and are now being detected in recent attacks on U.S.-based insurers.

According to threat analysts, the attackers tend to work one industry at a time, and all signs now suggest that insurance companies are their latest target. Industry experts stress that this sector must now be especially alert, particularly at points of contact like help desks and customer support centers, where attackers often try to deceive staff into resetting credentials or granting system access.

In just the past week, two U.S. insurance providers have reported cyber incidents. One of them identified unusual activity on its systems and disconnected parts of its network to contain the damage. Another confirmed experiencing disruptions traced back to suspicious network behavior, prompting swift action to protect data and systems. In both cases, full recovery efforts are still ongoing.

The hacking group behind these attacks is known for using clever psychological tricks rather than just technical methods. They often impersonate employees or use aggressive language to pressure staff into making security mistakes. After gaining entry, they may deploy harmful software like ransomware to lock up company data and demand payment.

Experts say that defending against such threats starts with stronger identity controls. This includes limiting access to critical systems, separating user accounts with different levels of privileges, and requiring strict verification before resetting passwords or registering new devices for multi-factor authentication (MFA).

Training staff to spot impersonation attempts is just as important. These attackers may use fake phone calls, messages, or emails that appear urgent or threatening to trick people into reacting without thinking. Awareness and skepticism are key defenses.

Authorities in other countries where similar attacks have taken place have also advised companies to double-check their security setups. Recommendations include enabling MFA wherever possible, keeping a close eye on login attempts—especially from unexpected locations—and reviewing how help desks confirm a caller’s identity before making account changes.

As cybercriminals continue to evolve their methods, experts emphasize that staying informed, alert, and proactive is essential. In industries like insurance, where sensitive personal and financial data is involved, even a single breach can lead to serious consequences for companies and their customers.

AI Integration Raises Alarms Over Enterprise Data Safety

 


Today's digital landscape has become increasingly interconnected, and cyber threats have risen in sophistication, which has significantly weakened the effectiveness of traditional security protocols. Cybercriminals have evolved their tactics to exploit emerging vulnerabilities, launch highly targeted attacks, and utilise advanced techniques to breach security perimeters to gain access to and store large amounts of sensitive and mission-critical data, as enterprises continue to generate and store significant volumes of sensitive data.

In light of this rapidly evolving threat environment, organisations are increasingly forced to adopt more adaptive and intelligent security solutions in addition to conventional defences. In the field of cybersecurity, artificial intelligence (AI) has emerged as a significant force, particularly in the area of data protection. 

AI-powered data security frameworks are revolutionising the way threats are detected, analysed, and mitigated in real time, making it a transformative force. This solution enhances visibility across complex IT ecosystems, automates threat detection processes, and supports rapid response capabilities by identifying patterns and anomalies that might go unnoticed by human analysts.

Additionally, artificial intelligence-driven systems allow organisations to develop risk mitigation strategies that are scalable as well as aligned with their business objectives while implementing risk-based mitigation strategies. The integration of artificial intelligence plays a crucial role in maintaining regulatory compliance in an era where data protection laws are becoming increasingly stringent, in addition to threat prevention. 

By continuously monitoring and assessing cybersecurity postures, artificial intelligence is able to assist businesses in upholding industry standards, minimising operations interruptions, and strengthening stakeholder confidence. Modern enterprises need to recognise that AI-enabled data security is no longer a strategic advantage, but rather a fundamental requirement for safeguarding digital assets in a modern enterprise, as the cyber threat landscape continues to evolve. 

Varonis has recently revealed that 99% of organisations have their sensitive data exposed to artificial intelligence systems, a shocking finding that illustrates the importance of data-centric security. There has been a significant increase in the use of artificial intelligence tools in business operations over the past decade. The State of Data Security: Quantifying Artificial Intelligence's Impact on Data Risk presents an in-depth analysis of how misconfigured settings, excessive access rights and neglected security gaps are leaving critical enterprise data vulnerable to AI-driven exploitation. 

An important characteristic of this report is that it relies on extensive empirical analysis rather than opinion surveys. In order to evaluate the risk associated with data across 1,000 organisations, Varonis conducted a comprehensive analysis of data across a variety of cloud computing environments, including the use of over 10 billion cloud assets and over 20 petabytes of sensitive data. 

Among them were platforms such as Amazon Web Services, Google Cloud Services, Microsoft Azure Services, Microsoft 365 Services, Salesforce, Snowflake, Okta, Databricks, Slack, Zoom, and Box, which provided a broad and realistic picture of enterprise data exposure in the age of Artificial Intelligence. The CEO, President, and Co-Founder of Varonis, Yaaki Faitelson, stressed the importance of balancing innovation with risk, noting that, even though AI is undeniable in increasing productivity, it also poses serious security issues. 

Due to the growing pressure on CIOs and CISOs to adopt artificial intelligence technologies at a rapid rate, advanced data security platforms are in increasing demand. It is important to take a proactive, data-oriented approach to cybersecurity to prevent AI from becoming a gateway to large-scale data breaches, says Faitelson. It is important to note that researchers are also exploring two critical dimensions of risk as they relate to large language models (LLMs) as well as AI copilots: human-to-machine interaction and machine-to-machine integrity, which are both critical aspects of risk pertaining to AI-driven data exposure. 

A key focus of the study was on how sensitive data, such as employee compensation details, intellectual property rights, proprietary software, and confidential research and development insights able to be unintentionally accessed, leaked, or misused by using just a single prompt into an artificial intelligence interface if it is not protected. As AI assistants are being increasingly used throughout departments, the risk of inadvertently disclosing critical business information has increased considerably. 

Additionally, two categories of risk should be addressed: the integrity and trustworthiness of the data used to train or enhance artificial intelligence systems. It is common for machine-to-machine vulnerabilities to arise when flawed, biased, or deliberately manipulated datasets are introduced into the learning cycle of machine learning algorithms. 

As a consequence of such corrupted data, it can result in far-reaching and potentially dangerous consequences. For example, inaccurate or falsified clinical information could lead to life-saving medical treatments being developed, while malicious actors may embed harmful code within AI training pipelines, introducing backdoors or vulnerabilities to applications that aren't immediately detected at first. 

The dual-risk framework emphasises the importance of tackling artificial intelligence security holistically, one that takes into account the entire lifecycle of data, from acquisition and input to training and deployment, not just the user-level controls. Considering both human-induced and systemic risks associated with generative AI tools, organisations can implement more resilient safeguards to ensure that their most valuable data assets are protected as much as possible. 

Organisations should reconsider and go beyond conventional governance models to secure sensitive data in the age of AI. In an environment where AI systems require dynamic, expansive access to vast datasets, traditional approaches to data protection -often rooted in static policies and role-based access -are no longer sufficient. 

Towards the future of AI-ready security, a critical balance must be struck between ensuring robust protection against misuse, leakage, and regulatory non-compliance, while simultaneously enabling data access for innovation. Organisations need to adopt a multilayered, forward-thinking security strategy customised for AI ecosystems to meet these challenges. 

It is important to note that some key components of a data-tagging and classification strategy are the identification and categorisation of sensitive information to determine how it should be handled depending on the criticality of the information. As a replacement for role-based access control (RBAC), attribute-based access control (ABAC) should allow for more granular access policies based on the identity of the user, context, and the sensitivity of the data. 

Aside from that, organisations need to design data pipelines that are AI-aware and incorporate proactive security checkpoints into them so as to monitor how their data is used by artificial intelligence tools. Additionally, output validation becomes crucial—it involves implementing mechanisms that ensure outputs generated by artificial intelligence are compliant, accurate, and potentially risky before they are circulated internally or externally. 

The complexity of this landscape has only been compounded by the rise of global regulations and regional regulations that govern data protection and artificial intelligence. In addition to the general data privacy frameworks of GDPR and CCPA, businesses will now need to prepare themselves for emerging AI-specific regulations that will put a stronger emphasis on how AI systems access and process sensitive data. As a result of this regulatory evolution, organisations need to maintain a security posture that is both agile and anticipatable.

Matillion Data Productivity Cloud, for instance, is a solution that embodies this principle of "secure by design". As a hybrid cloud SaaS platform tailored to enterprise environments, Matillion has created a platform that is well-suited to secure enterprise environments. 

With its standardised encryption and authentiyoucation protocols, the platform is easily integrated into enterprise networks through the use of a secure cloud infrastructure. This platform is built around a pushdown architecture that prevents customer data from leaving the organisation's own cloud environment while allowing advanced orchestration of complex data workflows in order to minimise the risk of data exposure.

Rather than focusing on data movement, Matillion's focus is on metadata management and workflow automation, providing organisations with a secure, efficient data operation, allowing them to gain insights faster with a higher level of data integrity and compliance. Organisations must move towards a paradigm shift—where security is woven into the fabric of the data lifecycle—as AI poses a dual pressure on organisations. 

A shift from traditional governance systems to more adaptive, intelligent frameworks will help secure data in the AI era. Because AI systems require broad access to enterprise data, organisations must strike a balance between openness and security. To achieve this, data can be tagged and classified and attributes can be used to manage access precisely, attribute-based access controls should be implemented for precise control of access, and AI-aware data pipelines must be built with security checks, and output validation must be performed to prevent the distribution of risky or non-compliant AI-generated results. 

With the rise of global and AI-specific regulations, companies need to develop compliance strategies that will ensure future success. Matillion Data Productivity Cloud is an example of a platform which offers a secure-by-design solution, as it combines a hybrid SaaS architecture with enterprise-grade security and security controls. 

Through its pushdown processing, the customer's data will stay within the organisation's cloud environment while the workflows are orchestrated safely and efficiently. In this way, organisations can make use of AI confidently without sacrificing data security or compliance with the laws and regulations. As artificial intelligence and enterprise data security rapidly evolve, organisations need to adopt a future-oriented mindset that emphasises agility, responsibility, and innovation. 

It is no longer possible to rely on reactive cybersecurity; instead, businesses must embrace AI-literate governance models, advance threat intelligence capabilities, and secure infrastructures designed with security in mind. Data security must be embedded into all phases of the data lifecycle, from creation and classification to accessing, analysing, and transforming it with AI. Developing a culture of continuous risk evaluation is a must for leadership teams, and IT and data teams must be empowered to collaborate with compliance, legal, and business units proactively. 

In order to maintain trust and accountability, it will be imperative to implement clear policies regarding AI usage, ensure traceability in data workflows, and establish real-time auditability. Further, with the maturation of AI regulations and the increasing demands for compliance across a variety of sectors, forward-looking organisations should begin aligning their operational standards with global best practices rather than waiting for mandatory regulations to be passed. 

A key component of artificial intelligence is data, and the protection of that foundation is a strategic imperative as well as a technical obligation. By putting the emphasis on resilient, ethical, and intelligent data security, today's companies will not only mitigate risk but will also be able to reap the full potential of AI tomorrow.

FBI Warns: Millions of Everyday Smart Devices Secretly Hijacked by Cybercriminals

 



The FBI recently raised concerns about a large-scale cybercrime network that has quietly taken control of millions of smart gadgets used in homes across the United States. This cyber threat, known as BADBOX 2.0, targets everyday devices such as TV streaming boxes, digital projectors, tablets, and even entertainment systems in cars.


What is BADBOX 2.0?

Unlike common malware that slows down or damages devices, BADBOX 2.0 silently turns these gadgets into part of a hidden network called a residential proxy network. This setup allows cybercriminals to use the victim's internet connection to carry out illegal activities, including online advertising fraud and data theft, without the device owner realizing anything is wrong.


Which Devices Are at Risk?

According to the FBI, the types of devices most affected include:

1. TV streaming boxes

2. Digital projectors

3. Aftermarket car infotainment systems

4. Digital photo frames

Many of these products are imported, often sold under unfamiliar or generic brand names. Some specific models involved in these infections belong to device families known as TV98 and X96, which are still available for purchase on popular online shopping platforms.


How Does the Infection Spread?

There are two main ways these devices become part of the BADBOX 2.0 network:

Pre-installed Malware: Some gadgets are already infected before they are even sold. This happens when malicious software is added during the manufacturing or shipping process.

Dangerous App Downloads: When setting up these devices, users are sometimes directed to install apps from unofficial sources. These apps can secretly install harmful software that gives hackers remote access.

This method shows how BADBOX 2.0 has advanced from its earlier version, which focused mainly on malware hidden deep within the device's firmware.


Signs Your Device May Be Infected

Users should watch for warning signs such as:

• The device asks to disable security protections like Google Play Protect.

• The brand is unfamiliar or seems generic.

• The device promises free access to paid content.

• You are prompted to download apps from unknown stores.

• Unusual or unexplained internet activity appears on your home network.


How to Stay Safe

The FBI recommends several steps to protect your home network:

1. Only use trusted app stores, like Google Play or Apple’s App Store.

2. Be cautious with low-cost, no-name devices. Extremely cheap gadgets are often risky.

3. Monitor your network regularly for unfamiliar devices or strange internet traffic.

4. Keep devices updated by installing the latest security patches and software updates.

5. If you believe one of your devices may be compromised, it is best to disconnect it immediately from your network and report the issue to the FBI through their official site at www.ic3.gov.

6. Be Careful with Cheap Deals


As experts warn, extremely low prices can sometimes hide dangerous risks. If something seems unusually cheap, it could come with hidden cyber threats.

US Seizes $7.7 Million From Crypto Linked to North Korea's IT Worker Scam


The US Department of Justice has filed a civil forfeiture complaint against North Korean IT workers for illegally gaining employment with US businesses, and earning millions for the Korean government, which amounts to violations of sanctions.

The government seized $7.7m in funds in 2023 that involved Sim Hyon Sop- a worker at the North Korean Foreign Trade Bank (FTB) who joined hands with IT workers to launder the money for Pyongyang.

According to the complaint, the North Korean IT workers escaped security via fraud IDs and tactics that hid their real location. The salaries were credited in stablecoins like USDT and USDC.

To launder the money, employees created accounts using fake IDs, transferred funds in small amounts to other blockchains (chain hopping), and/or converted them into other digital currencies (token swapping).

Scammers also bought non-fungible tokens (NFTs) and used US accounts to make their operations look real. Sim worked with Kim Sang Man, the CEO of the “Jinyong IT Cooperation Company,” who served as a middleman between the FTB and the IT workers. 

According to the Justice Department’s National Security Division, North Korea, for years has “exploited global remote IT contracting and cryptocurrency ecosystems to evade US sanctions and bankroll its weapons programs.” 

Department head Sue Bai said, “Today’s multimillion-dollar forfeiture action reflects the Department’s strategic focus on disrupting these illicit revenue schemes. We will continue to use every legal tool available to cut off the financial lifelines that sustain the DPRK and its destabilizing agenda.”

North Korean IT workers have been slithering their way into employment in US firms for many years.  However, the advancement of these operations was exposed in 2024 when security expert KnowBe4 disclosed that even their organization was tricked into hiring an IT specialist from North Korea.

After that, Google has cautioned that US businesses remain a primary target and also warned that the threat actors have nor started focusing their operations at Europan firms.  While few do normal work to get paid, there is also a concern that their organization access allows them to extract important data and use it for extortion.

Mysterious Entity ExposedGang Exposes Cyber Criminals


An anonymous leaker is exposing the identities of the world’s most wanted cybercriminals. 

Recently, a mysterious leaker exposed leaders behind Trickbot and Conti ransomware, hacking groups that are known for some of the biggest extortions in recent times. 

Recently, The Register contacted an anonymous individual known by the alias GangExposed, who is on a personal mission to “fight against an organized society of criminals known worldwide”. GangExposed takes pleasure in thinking he can rid society of at least some of the cybercriminals. "I simply enjoy solving the most complex cases,” he said. 

Stern doxxed

One of the criminals doxxed is Stern, the mastermind of Conti ransomware operations and TrickBot. GangExposed claims Stern is Vitaly Nikolaevich, CySecurity reported about this case recently.

After the doxxing of Stern, GangExposed went after another important criminal, AKA professor, who is a 39-year-old Russian called Vladimir Viktorovich Kvitko. He is living in Dubai. Apart from exposing important individuals, GangExposed also leaked videos, ransom negotiations, and chat logs. 

About GangExposed

The leaker said it was not an “IT guy,” it just observed patterns that other people missed. 

"My toolkit includes classical intelligence analysis, logic, factual research, OSINT methodology, stylometry (I am a linguist and philologist), human psychology, and the ability to piece together puzzles that others don't even notice," the leaker said. 

"I am a cosmopolitan with many homes but no permanent base — I move between countries as needed. My privacy standards are often stricter than most of my investigations' subjects."

Leaked bought info to expose IDs

To expose the IDs of infamous threat actors, GangExposed used information received via “semi-closed databases, darknet services,” and through purchases. It has “access to the leaked FSB border control database.” GangExposed claims it purchased the database from the dark web for $250,000. 

GangExposed could have gotten at least $10 million in bounty from the FBI if it wanted to, but it has decided not to demand money.  This suggests the leakers may be resentful of former members looking for revenge, while some experts think taking the bounty would make them criminal as well. 

CySecurity had earlier reported on this incident, you can read the full story about the international crackdown on cybercrime gangs here

Russian Market Sells Millions of Stolen Credentials

 

The "Russian Market" cybercrime marketplace has developed as one of the most popular places for purchasing and selling credentials stolen by info stealer malware. Although the marketplace has been functioning for almost six years and has grown in popularity by 2022, ReliaQuest believes that the Russian market has lately reached new heights.

Part of this spike in popularity can be attributed to the Genesis Market's demise, which left a significant gap in the market. Although the bulk (85%) of credentials provided on the Russian Market are "recycled" from existing sources, it has attracted enormous cybercrime audiences due to its diverse range of commodities for sale and the availability of logs for as little as $2. 

An infostealer log is typically a text file (or numerous files) written by infostealer malware that contains account passwords, session cookies, credit card data, cryptocurrency wallet data, and system profiling data obtained from an infected device. 

Each log includes dozens or even thousands of credentials, bringing the total amount of stolen credentials to hundreds of millions or more. Once captured, the logs are sent to an attacker's server, where they are stored for future nefarious action or sold on marketplaces such as Russian Market. 

Infostealers have become a common tactic for attackers, with numerous campaigns now aimed at the enterprise to steal session cookies and corporate credentials. According to ReliaQuest, this is evident in the Russian market, where 61% of stolen logs include SaaS credentials from platforms such as Google Workspace, Zoom, and Salesforce. Additionally, 77% of the logs had SSO (Single Sign-On) credentials.

Lumma stumbles, Acreed rises

ReliaQuest analysed over 1.6 million posts on the Russian market to chart the growth and decrease in popularity of specific info theft malware. Until recently, Lumma stole the majority of logs, accounting for 92% of all credentials sold on the Russian market. 

Lumma ruled the market when Raccoon Stealer collapsed due to law enforcement action. Lumma may face the same fate, as its operations were recently stopped by a global law enforcement operation that resulted in the seizure of 2,300 domain names.

The long-term outcomes of this operation are unknown, but Check Point said that Lumma's creators are already working to rebuild and resume their cybercrime operations. 

Meanwhile, ReliaQuests reports a significant spike in popularity of a new infostealer named Acreed, which is quickly gaining traction following Lumma's elimination. Acreed's rapid rise in the Russian market is evidenced by the over 4,000 logs submitted in its first week of operation, according to Webz. 

Acreed is similar to a conventional info-stealer in that it targets data stored in Chrome, Firefox, and their derivatives, such as passwords, cookies, cryptocurrency wallets, and credit card information. 

Phishing emails, "ClickFix" attacks, premium software malvertising, and YouTube or TikTok videos are all used by info-stealers to infect consumers. To avoid this broad risk, it is recommended that you be vigilant and use good software download habits.

Germany Police Have ID'd the Leader of Trickbot Criminal Gang

Cops in Germany have found cybercrime gang leader

The Federal Criminal Police of Journey “BKA” has claimed that Stern, the leader of TrickBot and Conti cybercrime gangs, is Vitaly Nikolaevich Kovalev, a 36-year-old Russian. 

According to BKA, he is suspected of founding the ‘TrickBot’ group, aka ‘Wizard Spider. ' This was part of Operation Endgame, a collaborative global crackdown against malware infrastructure and hackers behind it. The gang used TrickBot and other malware, such as SystemBC, Bazarloader, Ryuk, Diavol, Conti, and IcedID. 

Most wanted in Germany

According to Interpol, Kovalev is wanted in Germany. He is charged with being the mastermind of an unnamed criminal gang.

This is not the first time Kovalev has been charged with participating in a cybercrime organization. In 2023, he was one of seven Russians charged in the US for their connections to the Conti and TrickBot cybercrime gangs. 

At that time, he was only charged as a senior member of the TrickBot gang using the aliases “Bergen,” “Ben,” “Bentley,” and “Alex Konor.”

Leaks led to the identification

The sanctions were announced after massive information leaks from Conti and TrickBot members called ContiLeaks and TrickLeaks.

Contileaks gave access to the gang’s inside conversations and source code, and TrickLeaks even leaked the identities, and personal information of TrickBot members, and online accounts on X (former Twitter).

These chats revealed that Kovalev aka “Stern” was heading the TriickBot operation and Conti and Ryuk ransomware groups. The chats revealed members asking Stern permission before launching attacks or getting lawyers for TrickBot members captured in the U.S. 

The leaks led to a speedy crackdown on Conti, the gang members switching to other operations or forming new criminal groups such as BlackCat, LockBit, Royal, Black Basta, AvosLocker, Zeon, and DagonLocker. 

BKA’s investigation revealed that the “TrickBot group consisted of more than 100 members. It works in an organized and hierarchically structured manner and is project and profit-oriented.” 

BKA said that the “group is responsible for the infection of several hundred thousand systems in Germany and worldwide; through its illegal activities, it has obtained funds in the three-digit million range. Its victims include hospitals, public facilities, companies, public authorities, and private individuals."

Kovalev is in hiding and German police believe that he may be in Russia. The police have asked for any info that could lead to his arrest. 

Vanta Customer Data Exposed Due to Code Bug at Compliance Firm


 

It was discovered today that Vanta, one of the leading providers of compliance automation solutions, experienced a critical product malfunction that resulted in the accidental exposure of confidential customer data. The issue stemmed from a software bug introduced during a recent modification to the company's product code, which inadvertently enabled certain clients to access private information belonging to other customers on the platform.

There has been widespread concern regarding the robustness of the firm's internal safeguards in light of this incident, which reportedly affected hundreds of Vanta's enterprise users. Given its role in assisting businesses with managing and maintaining their own cybersecurity and compliance postures, this incident has raised questions over the firm's internal controls. In response, Vanta's internal teams began investigating the issue on May 26 and implemented containment measures immediately.

The company has confirmed that remediation efforts were fully completed by June 3. Despite this, the incident continues to prompt scrutiny from observers and affected customers regarding the failure of a platform designed to protect sensitive corporate data. The event has also raised concerns about the quality of Vanta's code review protocols, real-time monitoring systems, and overall risk management practices-especially with regard to the scalability of automation technologies in trusted environments.

According to a statement released by Vanta, there was no external attack or intrusion involved, and the incident did not constitute a breach. Rather, the data exposure resulted entirely from an internal product code error that inadvertently compromised data privacy. The company confirmed that the bug led to the unintended sharing of customer data across accounts, particularly within certain third-party integrations. Approximately 20% of the affected integrations were used to streamline compliance with security standards followed by clients.

Vanta, which automates security and compliance workflows for over 10,000 businesses globally, detected the anomaly through its internal monitoring systems on May 26. It launched an immediate investigation and moved quickly toward resolution. The full remediation process was completed by June 3. Jeremy Epling, Vanta's Chief Product Officer, stated that less than 4% of Vanta's customers were affected by the exposure.

All affected clients have been notified and informed of the details of the incident, along with the steps being taken to prevent similar occurrences in the future. Although the exact number of affected organizations has not been disclosed, the scope of the customer base suggests several hundred may have been impacted.

Even though this mid-level data exposure was not widespread, it is a notable incident considering Vanta's role in managing sensitive compliance-related data. It highlights the importance of rigorous safeguards when deploying code changes to live production environments.

To inform impacted clients that employee account data was inadvertently shared across customer environments, Vanta has begun direct outreach. The company explained that certain user data was mistakenly imported into unrelated Vanta instances, leading to accidental data exposure across some organizations.

This internally caused cross-contamination of data raises serious concerns about the reliability of centralized compliance platforms, even in the absence of malicious activity. It underscores that automation platforms, while helpful, can still introduce risk through unexpected internal changes.

For a company positioned as a leader in providing security and compliance services, this incident extends beyond a technical fault-it calls into question the foundation of trust on which such services are built. It also serves as a reminder that automated systems, while efficient, are not immune to the cascading consequences of a single faulty update.

This event highlights the need for organizations to evaluate their reliance on automated compliance systems and to adopt a proactive, layered approach to vendor risk management. While automation enhances efficiency and regulatory alignment, it must be supported by engineering diligence, transparent reporting, and continuous oversight of internal controls.

Businesses should demand greater accountability from service providers-requiring fail-safe mechanisms, rollback strategies, code audit procedures, and more. This incident serves as a key reminder for companies to maintain independent visibility into data flow, integration points, and vendor performance by conducting regular audits and contingency planning.

As the compliance landscape continues to evolve rapidly, trust must be earned not only through innovation and growth but also through demonstrated commitment to customer security, ethical responsibility, and long-term resilience.

Vanta has committed to publishing a full root cause analysis (RCA) by June 16.

FBI Cracks Down on Dark Web Drug Dealers

 


A major criminal network operating on the dark web has been disrupted in a large international operation led by the FBI. Over 270 individuals have been arrested for their involvement in the online trade of dangerous illegal drugs such as fentanyl, meth, and cocaine. This operation involved law enforcement teams from the United States, Europe, South America, and Asia.


What is the dark web?

The dark web is a hidden part of the internet that isn’t available through standard search engines or browsers. It requires special tools to access and is often used to hide users’ identities. While it can offer privacy to those in danger or under surveillance, it is also known for being a place where criminals carry out illegal activities — from drug dealing to selling stolen data and weapons.


What was Operation RapTor?

The FBI’s mission, called Operation RapTor, focused on stopping the sale of illegal drugs through online black markets. Authorities arrested hundreds of people connected to these sites — not just the sellers, but also the buyers, website managers, and people who handled the money.

One of the most alarming parts of this case was the amount of fentanyl recovered. Authorities seized more than 317 pounds of it. According to FBI estimates, just 2 pounds of fentanyl could potentially kill about 500,000 people. This shows how serious the danger was.


Why this matters

These drug sellers operated from behind screens, often believing they were untouchable because of the privacy the dark web provides. But investigators were able to find out who they were and stop them from doing more harm. According to FBI leaders, these criminals contributed to drug addiction and violence in many communities across the country.

Aaron Pinder, a key official in the FBI’s cybercrime unit, said the agency has improved at identifying people hiding behind dark web marketplaces. Whether someone is managing the site, selling drugs, moving money, or simply buying drugs, the FBI is now better equipped to track them down.


What’s next?

While this operation won’t shut down the dark web completely, it will definitely make a difference. Removing major players from the drug trade can slow down their operations and make it harder for others to take their place — at least for now.

This is a strong reminder that the dark web, no matter how hidden, is not out of reach for law enforcement. And efforts like these could help save many lives by cutting off the supply of deadly drugs.

Account Takeover Fraud Surges as Cybercriminals Outpace Traditional Bank Defenses

 

As financial institutions bolster their fraud prevention systems, scammers are shifting tactics—favoring account takeover (ATO) fraud over traditional scams. Instead of manipulating victims into making transactions themselves, fraudsters are bypassing them entirely, taking control of their digital identities and draining funds directly.

Account takeover fraud involves unauthorized access to an individual's account to conduct fraudulent transactions. This form of cybercrime has seen a sharp uptick in recent years as attackers use increasingly advanced techniques—such as phishing, credential stuffing, and malware—to compromise online banking platforms. Conventional fraud detection tools, which rely on static behavior analysis, often fall short as bad actors now mimic legitimate user actions with alarming accuracy.

According to NICE Actimize's 2025 Fraud Insights U.S. Retail Payments report, the share of account takeover incidents has increased in terms of the total value of fraud attempts between 2023 and 2024. Nevertheless, scams continue to dominate, making up 57% of all attempted fraud transactions.

Global financial institutions witnessed a significant spike in ATO-related incidents in 2024. Veriff's Identity Fraud Report recorded a 13% year-over-year rise in ATO fraud. FinCEN data further supports this trend, revealing that U.S. banks submitted more than 178,000 suspicious activity reports tied to ATO—a 36% increase from the previous year. AARP and Javelin Strategy & Research estimated that ATO fraud was responsible for $15.6 billion in losses in 2024.

Experts emphasize the need to embrace AI-powered behavioral biometrics, which offer real-time identity verification by continuously assessing how users interact with their devices. This shift from single-point login checks to ongoing authentication enables better threat detection while enhancing user experience. These systems adapt to variables such as device type, location, and time of access, supporting the NIST-recommended zero trust framework.

"The most sophisticated measurement approaches now employ AI analytics to establish dynamic baselines for these metrics, enabling continuous ROI assessment as both threats and solutions evolve over time," said Jeremy London, director of engineering for AI and threat analytics at Keeper Security.

Emerging Fraud Patterns
The growth of ATO fraud is part of a larger evolution in cybercrime tactics. Cross-border payments are increasingly targeted. Although international wire transfers declined by 6% in 2024, the dollar value of fraud attempts surged by 40%. Fraudsters are now focusing on high-value, low-volume transactions.

One particularly vulnerable stage is payee onboarding. Research shows that 67% of fraud incidents were linked to just 7% of transactions—those made to newly added payees. This finding suggests that cybercriminals are exploiting the early stages of payment relationships as a critical vulnerability.

Looking ahead, integrating multi-modal behavioral signals with AI-trained models to detect sophisticated threats will be key. This hybrid approach is vital for identifying both human-driven and synthetic fraud attempts in real-time.

Crypto Crime Shocker: DOJ Charges 27 In $263 Million Crypto Theft

 

A multi-national cryptocurrency fraud ring that allegedly defrauded victims worldwide over a quarter of a billion dollars has come under increased scrutiny from the US Department of Justice (DOJ). 

The case now has 27 defendants in total after the charges were filed under the Racketeer Influenced and Corrupt Organisations Act (RICO). Malone Lam, a 20-year-old who is at the centre of the investigation, is charged with planning one of the biggest individual cryptocurrency thefts in American history. 

Lam is suspected of stealing over 4,100 Bitcoin, or about US $230 million, from a single victim in Washington, DC. Lam, who went by multiple internet aliases such as "Anne Hathaway" and "$$$," is accused of collaborating with Jeandiel Serrano (also known as "VersaceGod") to carry out a complex social engineering attack on a guy identified as an extremely wealthy early crypto investor. 

After bombarding the victim with phoney Google security warnings warning of unauthorised login attempts, Lam and Serrano are said to have called the guy and impersonated Google support professionals. Investigators say they misled the victim into revealing multi-factor authentication codes, allowing them to access his accounts and steal a fortune in cryptocurrency. 

Following the theft, Lam and Serrano are accused of laundering the stolen funds in a variety of ways and using their wealth to fund a lavish lifestyle. Lam is claimed to have bought at least 31 expensive cars, including custom Lamborghinis, Ferraris, Porsches, Mercedes G Waggons, a Rolls-Royce, and a McClaren, some of which were worth more than $3 million. He also rented many high-end residences in Los Angeles and Miami, some for up to $68,000 per month, and spent hundreds of thousands of dollars on nightclub trips. 

Now, the DOJ has revealed that more defendants have been indicted in connection with the racketeering scheme. According to court documents, the defendants, who met through online gaming platforms, performed a variety of roles, including database hackers, organisers, target identifiers, callers, money launderers, and burglars who physically broke into victims' homes to steal their hardware cryptocurrency wallets. 

According to court documents, one of the defendants, 21-year-old Joel Cortes of Laguna Niguel, California, assisted members of the gang by "changing stolen virtual currency into fiat currency and shipping the currency across the United States, hidden in squishmallow stuffed animals, each containing approximately $25,000 apiece.” 

When it came to drawing attention to themselves, other gang members allegedly adopted Lam's strategy by, among other things, renting private jets, buying luxury handbags valued at tens of thousands of dollars to give to young women they deemed attractive, and paying up to US $500,000 per night for nightclub services.

Lam is accused of continuing to engage with the group even after his arrest in September 2024, assisting them in stealing cryptocurrencies and arranging for his claimed associates to purchase luxury Hermes Birkin handbags for his girlfriend in Miami, Florida. 

This case serves as a stark reminder of the ever-increasing confluence of cyber fraud and psychology. While the crypto technology is new, the scam is old as time: acquire trust, play the long game, and walk away with the loot.

North Korean Operatives Posing as Remote IT Workers Infiltrate U.S. Tech Firms

 

A rising number of top-tier tech companies in the U.S. have unknowingly employed North Korean cyber agents disguised as remote IT professionals, with the operatives channeling lucrative tech salaries back to Pyongyang to support the regime's weapons program.

Cybersecurity leaders warn that the scope of the deception is broader than previously believed, impacting numerous Fortune 500 firms. The trend is driven by a national shortage of cybersecurity talent and the ongoing popularity of remote work arrangements following the pandemic.

These North Korean agents are constantly refining their tactics—using advanced AI tools and enlisting U.S.-based collaborators to set up operations across the country—raising serious concerns among Chief Information Security Officers (CISOs) and technology executives.

Though it's hard to pinpoint the exact number of companies affected, many industry leaders are now publicly sharing their experiences. Law enforcement agencies continue to investigate and expose the intricate tactics being used.

“I’ve talked to a lot of CISOs at Fortune 500 companies, and nearly every one that I’ve spoken to about the North Korean IT worker problem has admitted they’ve hired at least one North Korean IT worker, if not a dozen or a few dozen,”
— Charles Carmakal, CTO, Google Cloud’s Mandiant

Interviews with a dozen leading cybersecurity experts reveal that the threat is serious and growing. Several experts acknowledged that their own companies had been targeted and were struggling to contain the damage. During the same briefing, Iain Mulholland, Google Cloud’s CISO, confirmed that North Korean operatives had been spotted “in our pipeline,” although he didn’t specify whether they had been screened out or hired.

SentinelOne, a cybersecurity firm, has been vocal about its experience. In a recent report, the company revealed it had received nearly 1,000 job applications tied to the North Korean scheme.

“The scale and speed of this operation, as used by the North Korean government to generate funds for weapons development, is unprecedented,”
— Brandon Wales, former executive director at CISA and current VP at SentinelOne

Experts outline a repeated pattern: Operatives build fake LinkedIn profiles, impersonate U.S. citizens using stolen data such as addresses and Social Security numbers, and apply for high-paying roles in bulk. At the interview stage, they deploy AI-powered deepfake technology to mimic the real person in real-time.

“There are individuals located around the country who work in software development whose personas are being used,”
— Alexander Leslie, Threat Intelligence Analyst, Recorded Future

Once hired, these agents navigate onboarding using stolen credentials and request laptops to be shipped to U.S. addresses. These addresses often lead to "laptop farms"—homes filled with dozens of work devices operated by Americans paid to assist the scheme.

CrowdStrike began tracking this infiltration trend in 2022 and identified 30 affected companies within the first week of launching a monitoring program. Since early 2024, advancements in AI have only strengthened these operatives’ capabilities. According to an interagency advisory from the FBI, Treasury, and State Department, each operative can earn as much as $300,000 annually.

“This money is directly going to the weapons program, and sometimes you see that money going to the Kim family,”
— Meyers

In one significant case, American citizen Christina Chapman pleaded guilty in February to collaborating with North Korean agents for three years, helping them steal identities and manage a $17 million laptop farm operation that employed North Koreans at more than 300 U.S. companies.

“It’s hard for us to say how many humans are actually operating these personas, but somewhere in the thousands of unique personas,”
— Greg Schloemer, Senior Threat Analyst, Microsoft

In January, the U.S. Justice Department charged two Americans for enabling another North Korean scheme that brought in over $800,000 from more than 60 companies over six years.

FBI Special Agent Elizabeth Pelker explained at the RSA Conference in San Francisco that once one operative is in, they often refer others, leading to networks of up to 10 imposters within the same organization.

Even after dismissal, many operatives leave behind malware or backdoor access, extorting companies for ransom or stealing sensitive data.

“This is very adaptive,” Pelker said. “Even if [the hackers] know they’re going to get fired at some point, they have an exit strategy for them to still … have some sort of monetary gain.”

Authorities are targeting U.S.-based "laptop farm" operators as a key strategy to dismantle the scam’s infrastructure.

“If the FBI goes and knocks on that door and puts that person in cuffs and takes all the laptops away, they’ve lost 10 to 15 jobs, and they’ve lost a person who they’ve already invested in that relationship with,”
— Schloemer

The scheme is expanding internationally. CrowdStrike reports similar patterns in the U.K., Poland, Romania, and other European nations. Recorded Future has also traced activity in South Asian regions.

Still, legal and compliance fears prevent many companies from speaking up.

“That North Korean IT worker has access to your whole host of web development software, all the assets that you’ve been collecting. And then that worker is being paid by you, funneled back into the North Korean state, and is conducting espionage at the same time,”
— Leslie

“We don’t want there to be a stigma to talking about this,”
— Wales
“It is really important that everyone be open and honest, because that is the way that we’re going to deal with this, given the scale of what we are facing.”

Cybercriminals Are Now Focusing More on Stealing Credentials Than Using Ransomware, IBM Warns

 



A new report from IBM’s X-Force 2025 Threat Intelligence Index shows that cybercriminals are changing their tactics. Instead of mainly using ransomware to lock systems, more hackers are now trying to quietly steal login information. IBM studied over 150 billion security events each day from 130+ countries and found that infostealers, a type of malware sent through emails to steal data, rose by 84% in 2024 compared to 2023.

This change means that instead of damaging systems right away, attackers are sneaking into networks to steal passwords and other sensitive information. Mark Hughes, a cybersecurity leader at IBM, said attackers are finding ways into complex cloud systems without making a mess. He also advised businesses to stop relying on basic protection methods. Instead, companies should improve how they manage passwords, fix weaknesses in multi-factor authentication, and actively search for hidden threats before any damage happens.

Critical industries such as energy, healthcare, and transportation were the main targets in the past year. About 70% of the incidents IBM helped handle involved critical infrastructure. In around 25% of these cases, attackers got in by taking advantage of known flaws in systems that had not been fixed. Many hackers now prefer stealing important data instead of locking it with ransomware. Data theft was the method in 18% of cases, while encryption-based attacks made up only 11%.

The study also found that Asia and North America were attacked the most, together making up nearly 60% of global incidents. Asia alone saw 34% of the attacks, and North America had 24%. Manufacturing businesses remained the top industry targeted for the fourth year in a row because even short outages can seriously hurt their operations.

Emerging threats related to artificial intelligence (AI) were also discussed. No major attacks on AI systems happened in 2024, but experts found some early signs of possible risks. For example, a serious security gap was found in a software framework used to create AI agents. As AI technology spreads, hackers are likely to build new tools to attack these systems, making it very important to secure AI pipelines early.

Another major concern is the slow pace of fixing vulnerabilities in many companies. IBM found that many Red Hat Enterprise Linux users had not updated their systems properly, leaving them open to attacks. Also, ransomware groups like Akira, Lockbit, Clop, and RansomHub have evolved to target both Windows and Linux systems.

Lastly, phishing attacks that deliver infostealers increased by 180% in 2024 compared to the year before. Even though ransomware still accounted for 28% of malware cases, the overall number of ransomware incidents fell. Cybercriminals are clearly moving towards quieter methods that focus on stealing identities rather than locking down systems.


Identity Theft Concerns Rise as USPS Flags Suspicious Package Deliveries

 


Recently, the United States Postal Service (USPS) issued an advisory in which it advised citizens to be more vigilant in light of an increase in sophisticated mail fraud schemes. In addition to the deceptive activities that have notably increased across the country, particularly during the recent holiday season, consumers' financial and personal security have been threatened significantly as a result of these deceptive activities. In addition to traditional phishing emails and fraudulent text messages, the USPS reports that these scams are now taking a more sophisticated form. 

As the number of unsolicited packages delivered is on the rise, criminals are using increasingly inventive methods to deceive the recipients of their mail to exploit them. This makes it more difficult to tell a genuine email from a fraudulent email. There has been an increase in the number of individuals who are being affected, and as a result, the USPS has intensified its anti-fraud initiatives, reinforcing its commitment to maintaining the integrity of the national postal system in the long run. 

A collaboration between the agency and law enforcement agencies, and consumer protection agencies is being undertaken to track these schemes as well as educate the public about identifying and reporting suspicious activity. There has been a noticeable rise in text message fraud scams impersonating the United States Postal Service (USPS), posing an urgent threat to public data security. In these fraudulent communications, the recipient often receives an alleged pending package and is requested to take additional action to make sure that it is delivered by taking steps to ensure its delivery. 

Even though the message appears authentic, there is a malicious intent behind it, designed to deceive individuals into disclosing sensitive financial and personal information. The most alarming aspect of these scams is their sophisticated presentation. In most cases, the messages are designed to evoke a sense of urgency and legitimacy by using language that sounds official and even replicating USPS logos and branding. 

The victim is usually directed to click on links in the emails, which lead to fake websites that harvest personal information such as banking credentials, ID numbers, and other private data, utilising embedded links. To avoid falling victim to these unscrupulous tactics, it is important to recognise and resist them. In an era of increasingly advanced cyber threats, individuals are advised to maintain vigilance to protect themselves against identity theft and financial exploitation. 

As a result of this, individuals should scrutinise unexpected delivery notifications, refrain from engaging with suspicious links, and report any suspicious messages to the appropriate authorities. During the past few years, cybercriminals have become increasingly sophisticated with regards to the USPS-related text message scams, posing as automated postal service notifications. Under the pretence of facilitating package redelivery, these deceptive messages are designed to convince recipients that they have missed a delivery, causing them to confirm their personal information or click on embedded links. 

While these texts may seem innocuous at first glance, they are a deliberate attempt to compromise the privacy and security of individuals, as well as their financial security. Social engineering plays a significant role in the strategy behind these scams. In a first method, known as pretexting, a plausible narrative, usually a delayed or incomplete delivery, is used to trick the recipient into providing sensitive information in exchange for a fee. 

The second method of attack, SMS spoofing, allows attackers to conceal their true identity by modifying the sender's information to disguise the fraudulent message's origin, thereby appearing as though it has been sent by an official United States Postal Service. In general, these schemes are referred to as smishing, a type of phishing that involves sending text messages in exchange for a reward. Typically, the victims are directed to counterfeit websites that look remarkably similar to official USPS interfaces. 

When users get there, they will be prompted to provide personally identifiable information (PII) as well as their contact information, under the false assumption that this information is necessary to redeliver or verify their package. Many malicious websites out there are not only designed to gather sensitive information, but also to use fraudulent payment services to charge a small transaction fee. Often, the stolen data can be sold on illegal marketplaces or used directly to commit identity theft and financial fraud.

Individuals must be aware of the threats that continue to evolve regarding delivery-related messages and verify any requests that they make through official USPS channels to avoid harm. It has become increasingly apparent that crime has become increasingly sophisticated and frequent in the country's postal infrastructure, as the number and nature of criminal activity have increased. In response to this crime wave, the United States Postal Service (USPS) has intensified its efforts to improve its operations to combat these crimes. 

To implement this initiative, the Government of the United States has decided to implement a comprehensive 10-year strategy, Delivering for America, a $40 billion investment which is intended to transform the postal system into a secure, efficient, and financially sustainable institution that will meet the needs of future generations, thereby transforming the entire postal system. Project Safe Delivery was initiated as part of this larger strategy by USPS, in partnership with the US Postal Inspection Service, as a targeted enforcement campaign to combat crimes aimed at ensuring the safety of mail services and ensuring their integrity. 

It has been more than two years since this joint operation was launched, but since then, it has been able to achieve tangible results, such as more than 2,400 arrests and a significant decrease in mail carrier robberies by more than 27%. This program has been proving to be an effective tool for deterring and prosecuting postal crime, with over 1,200 people apprehended in 2024 alone for mail-related theft, thus demonstrating the program's effectiveness in deterring and prosecuting it. USPS has taken extensive measures to further enhance the security of its delivery network. 

In addition, over 49,000 high-security mailboxes have been installed across the country, designed to prevent tampering and unauthorised entry. Also, advanced electronic locking mechanisms are being installed in the mail carriers' offices to replace the traditional mechanical locks they were using in the past. These upgrades are essential for preventing the widespread theft of carrier keys, which have become frequent targets of criminal activity. It is also vital for the USPS's security framework to emphasise the importance of encouraging public cooperation. 

A substantial monetary reward program has been instituted, and individuals providing credible information that leads to arrests in postal robberies can now receive up to $150,000 for providing credible information. It is also possible for the agency to pay up to $100,000 for actionable tips that lead to the arrests of mail thieves, a practice that reinforces the agency's commitment to protecting both mail workers and the American public. According to Secretary of State Sherry Patterson, the United States Postal Service (USPS) is committed to confronting and dismantling any schemes that attempt to exploit the postal system to maximise revenue. 

USPS has released a set of precautionary guidelines for individuals to follow when receiving suspicious or unsolicited package deliveries, an increasingly common tactic used by identity thieves and fraudsters, as part of its public safety outreach program. When an unrequested parcel is received by a recipient, it is strongly recommended that the recipient refrain from engaging with any embedded links, QR codes, or digital prompts that may accompany the delivery or related notification.

There is a high probability that these elements will act as a gateway to malicious websites that will be used to harvest personal information or to install malware, so it is recommended that users report questionable mail or packages directly to the USPS using their official website. Also, recipients need to maintain ongoing vigilance, monitoring their financial accounts for any anomalies or unauthorised transactions that may suggest fraudulent activity. 

In addition to taking care of users' credit profiles as a precautionary measure, it is also advised that they review them periodically and consider freezing their credit profiles temporarily as an added measure of security. The proactive approach taken by the Post Office is one of the most effective methods of preventing unauthorised credit activity since it can help prevent a crime from potentially occurring, especially in the aftermath of an identity theft. Together, these measures form one of the most effective lines of defence against postal-related scams.

QR Code Frauds Growing Fast in the UK: What You Should Know

 



A new kind of digital scam is spreading across the UK, where criminals trick people using fake QR codes. This type of scam is called “quishing,” and it has been growing quickly. In 2023, there were over 1,300 reports of this scam, compared to only 100 cases in 2019, showing just how fast it's increasing.


How These Scams Work

Scammers take advantage of everyday places where QR codes are used for payments or information. This includes locations like parking spots or restaurant tables where you scan codes to pay or view menus. What these scammers do is cover the real QR codes with fake ones that they control.

When someone scans the fake code, it sends them to a fake website. The site may ask them to enter payment details, thinking it's a normal payment page. In some cases, clicking the link may even install harmful software on the person’s phone without them knowing.


Why It’s Hard to Notice

These scams can be hard to detect. Unlike large frauds that take big sums of money at once, these scams often take small amounts over time, making it less likely for someone to notice. The charges might look like monthly fees or parking payments, so they often go unnoticed.

Cyber experts say that what makes this scam dangerous is how real the fake websites appear. The links that come up after scanning look just like real ones, so people don’t think twice before entering their card numbers or other personal information.


What You Can Do to Stay Safe

Here are some simple steps to protect yourself:

1. Only scan QR codes that you trust. If the code looks tampered with or placed unevenly, avoid using it.

2. Never enter sensitive information like card numbers on a website you reached through a QR code unless you’re sure it’s safe.

3. Before submitting any details, double-check the website’s name or URL for spelling errors or anything unusual.

4. Use a reliable security app on your phone that can detect harmful links or files.


QR codes were created to make daily tasks faster and more convenient. But now, scammers are misusing them to steal people’s information and money. As these scams become more common, the best defense is to be alert and avoid scanning any QR code that looks even slightly suspicious.


Serious Flaw Found in Popular File-Sharing Tool Used by IT Providers

 



A major security problem has been found in a widely used file-sharing platform, and hackers have already started taking advantage of it. This tool, called CentreStack, is often used by IT service providers to help businesses manage and share files.

The issue is being tracked under the name CVE-2025-30406. It is considered a serious flaw and has been actively misused since March, though it was only officially revealed to the public in early April.

The problem is related to how the platform protects certain types of information. A key used to secure data was either left exposed or was built into the software in a way that made it easy to find. If someone with bad intentions gets hold of this key, they can send fake data that the system will wrongly accept as safe. This can allow the attacker to run harmful code on the servers, potentially giving them full control.

This becomes even more concerning because CentreStack is especially popular among managed service providers (MSPs). These companies use the platform to support several clients at once. If one provider is hacked, all of their customers could be at risk too. This kind of setup, known as multi-tenancy, means a single breach could affect many organizations.

The U.S. government’s cybersecurity team, CISA, officially added this bug to their list of known threats on April 9. They have given federal agencies until April 29 to fix the problem. The software maker, Gladinet, confirmed that the bug has already been used in real attacks.

Experts in the field warn that this bug allows cybercriminals to run programs on affected systems without permission. That’s why it’s extremely important for all users of the platform to install the latest updates right away.

Over the past few years, hackers have increasingly focused on software used by IT service providers. In one past incident, a separate tool used by providers was attacked, leading to the spread of ransomware to many businesses.

Businesses that rely on CentreStack are strongly advised to apply all updates and follow the safety steps recommended by the company. Taking action quickly can prevent much larger problems down the line.


Cybercriminal Group's Website Taken Over by Unknown Hacker

 


A criminal group known for using ransomware was recently caught off guard when its own website was tampered with. The website, which the gang normally uses to publish stolen data from their victims, was replaced with a short message warning against illegal activity. The message read: “Don’t do crime. CRIME IS BAD. xoxo from Prague.” What a sneaky way to reference gossip girl, isn't it? 

At the time of this report, the website remained altered. It is not yet known if the person or group behind the hack also accessed any files or data belonging to the ransomware gang.

The group, known by the name Everest, has been involved in several cyberattacks since it first appeared in 2020. It is believed to be based in Russia. Over the years, Everest has taken credit for stealing large amounts of data, including information from a popular cannabis store chain, which affected hundreds of thousands of customers. Government agencies in the United States and Brazil have also been listed among their victims.

Ransomware attacks like these are designed to scare companies and organizations into paying money in exchange for keeping their private information from being made public. But recent reports suggest that fewer victims are giving in to the demands. More businesses have started refusing to pay, which has made these attacks less profitable for criminals.

While international law enforcement agencies have had some success in shutting down hacking groups, Everest has managed to stay active. However, this incident shows that even experienced cybercriminals are not safe from being attacked themselves. Some believe this could have been done by a rival group, or possibly even someone from within the gang who turned against them.

It’s also not the first time that cybercrime groups have been sabotaged. In the past few years, other well-known ransomware gangs have faced setbacks due to both police actions and internal leaks.

This unusual case is forces us to face the inevitable reality that no one is completely untouchable online. Whether it’s a company or a hacker group, all digital systems can have weak points. People and organizations should always keep their online systems protected and stay alert to threats.