All CosmicBytez Labs articles tagged #Cybercrime, across news, security advisories, how-to guides, and projects.
A threat actor has deployed an AI-generated ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response solutions, marking a new escalation in AI-assisted cybercrime.
Dutch authorities seized command-and-control servers tied to a botnet of 17 million infected computers, smartphones, and tablets that was allegedly used to power a residential proxy network and facilitate widespread cybercrime.
A Canadian man received a 33-year US federal sentence after using fake online identities on social media to manipulate children into sending sexually...
A reported breach of 5.8M Uruguayan records is the latest in a growing pattern of attackers monetizing Latin American government citizen data.
FBI warns the Silent Ransom Group is targeting law firms by physically arriving on-site and social-engineering access to sensitive client databases.
The ShinyHunters extortion gang stole the personal information of over 185,000 customers after breaching convenience store giant 7-Eleven in April 2026, with.
Two former executives of a call-tracking and analytics company have pleaded guilty to concealing a years-long tech support fraud scheme that victimized...
Dutch financial crime investigators (FIOD) arrested two men and seized 800 servers from a hosting company that provided bulletproof infrastructure...
The FBI and international partners have disrupted First VPN, a criminal VPN service used by dozens of ransomware groups for network reconnaissance and...
Canadian authorities arrested a 23-year-old Ottawa man suspected of building and operating Kimwolf, an IoT botnet that enslaved millions of devices for...
Jacob Butler, a Canadian national, has been arrested and charged in the United States and Canada for running the KimWolf DDoS-for-hire botnet, which...
International authorities have disrupted a criminal VPN service called First VPN that was used by more than 25 ransomware groups to conceal network...
U.S. and Canadian authorities arrested and charged a Canadian man with operating the Kimwolf DDoS botnet, which infected nearly two million devices...
The 2026 Verizon Data Breach Investigations Report highlights how evolving social engineering tactics are making the healthcare sector more vulnerable,...
European law enforcement has taken down First VPN, a privacy service that had been openly advertised on Russian-language cybercrime forums as a tool for...
International law enforcement has dismantled 'First VPN,' a criminal VPN service marketed on Russian-speaking cybercrime forums and used to facilitate...
GitHub has officially confirmed it was breached by the TeamPCP threat actor after the group advertised stolen internal source code on a cybercrime forum....
GitHub is investigating unauthorized access to its internal repositories after the TeamPCP threat actor listed approximately 4,000 GitHub internal repos...
Ukrainian cyberpolice, working with US law enforcement, identified an 18-year-old from Odesa suspected of running an infostealer malware operation that...
Microsoft has disrupted a malware-signing-as-a-service operation that exploited the company's Artifact Signing service to produce fraudulent code-signing...
Verizon's 2026 Data Breach Investigations Report reveals a landmark shift: vulnerability exploitation has surpassed credential abuse as the leading breach...
A Nitrogen ransomware attack on Foxconn's North American facilities is one of more than 600 hits on manufacturers so far in 2026, as ransomware gangs...
Colorado Governor Jared Polis has commuted the nine-year prison sentence of Tina Peters, the election denier convicted of stealing voting system data,...
The non-bank lender discovered a ransomware attack nearly one year ago but only recently completed its investigation, notifying over 123,000 individuals...
THORChain officials confirmed that one of their six vaults was compromised in a security incident, leading to a loss of approximately $10.7 million. The...
Foxconn, the world's largest electronics manufacturer, confirmed a cyberattack on its North American factories claimed by the Nitrogen ransomware gang,...
Electronics manufacturing giant Foxconn has confirmed a cyberattack on its North American operations after the Nitrogen ransomware group claimed...
An OPSEC failure provides a rare window into the inner workings of The Gentlemen ransomware-as-a-service group, exposing their affiliate model, TTPs, and...
West Pharmaceutical Services, a global manufacturer of drug delivery systems and packaging, has taken systems offline worldwide after hackers exfiltrated...
West Pharmaceutical Services filed an SEC disclosure warning that hackers breached the company on May 4, stole data, and encrypted systems — forcing a...
Hundreds of npm packages in the TanStack open source ecosystem have been infected by a fresh wave of Mini Shai-Hulud worm activity from TeamPCP — the same...
Google has disclosed a landmark discovery: an unknown threat actor used an AI system to develop a zero-day exploit in the wild — the first confirmed...
The UK's Information Commissioner's Office fined South Staffordshire Water nearly £1 million after the Cl0p ransomware group maintained undetected access...
Dozens of universities were forced to reschedule final examinations after a cybercriminal group displayed threatening messages through Canvas, the widely...
A newly discovered phishing-as-a-service toolkit called Bluekit is emerging on underground forums, offering threat actors an AI assistant for campaign...
A newly disclosed critical vulnerability in cPanel and WHM tracked as CVE-2026-41940 is being mass-exploited by ransomware actors to breach web hosting...
Two cybersecurity incident responders who abused their trusted positions to secretly carry out ransomware attacks against the organizations they were...
Two former cybersecurity incident responders from Sygnia and DigitalMint were each sentenced to four years in federal prison for leveraging their trusted...
The FBI has issued a warning to the transportation and logistics industry about a sharp rise in cyber-enabled cargo theft, with estimated losses reaching...
Ryan Goldberg and Kevin Martin, who worked as incident responders, were sentenced to four years in federal prison after using their trusted access to...
The FBI's new advisory reveals that cyber actors have spent the last two years systematically breaching freight broker and carrier systems, then posing as...
Healthcare organization took nearly one year to publicly disclose a data breach after being targeted by Inc Ransom ransomware, with approximately 170,000...
Austrian and Albanian law enforcement jointly dismantled a large-scale cryptocurrency investment fraud operation estimated to have caused over €50 million...
Swiss and German law enforcement arrested 10 suspected members of the Nigerian criminal network Black Axe, including a regional leader believed to oversee...
The emerging Vect 2.0 ransomware — deployed against TeamPCP supply chain attack victims — permanently destroys files larger than 131KB due to a critical...
Threat hunters warn that VECT 2.0 ransomware contains a critical flaw in its encryption implementation that acts more like a wiper for files over 131KB...
Researchers have found that VECT 2.0 ransomware contains a critical flaw in its nonce handling that causes encryption to permanently destroy large files...
When rival ransomware groups 0APT and KryBit turned on each other, they exposed infrastructure details, operational data, victim lists, and internal...
A California man has been sentenced to more than five years in federal prison for his role in laundering proceeds for a cybercriminal organization that...
Evan Tangeman, 22, of Newport Beach, California, was sentenced to 70 months in federal prison for laundering funds stolen in a $230 million cryptocurrency...
Home security giant ADT confirmed that cybercriminals breached its systems and stole a limited set of customer and prospective customer information. The...
Home security giant ADT has confirmed a data breach after the ShinyHunters extortion group threatened to publish stolen data unless a ransom is paid,...
Recently observed Trigona ransomware attacks are using a bespoke command-line exfiltration tool to steal data from compromised environments faster and...
Angelo Martino, 41, a former employee of cybersecurity incident response firm DigitalMint, has pleaded guilty to targeting U.S. companies with BlackCat...
A new ransomware operation called Kyber is targeting Windows systems and VMware ESXi endpoints, with one variant implementing Kyber1024 post-quantum...
Spanish police have shut down the largest Spanish-language manga piracy platform, which had operated since 2014 and served millions of monthly users...
Angelo Martino, a former ransomware payment negotiator for DigitalMint, has pleaded guilty to helping accomplish extort $75.3 million in ransom from five...
A critical RCE flaw in BeyondTrust Bomgar remote monitoring and management software is being actively exploited to spread ransomware and compromise...
Backups protect your data, but they don't keep your business running during downtime. Understanding the difference between backup and BCDR is critical as...
Researchers have discovered a SystemBC proxy botnet of over 1,570 compromised hosts linked to Gentlemen ransomware operations. The gang's affiliate is...
A ransomware campaign operating since at least 2019 has persistently targeted Turkish home users and small-to-medium businesses, largely evading major...
Two New Jersey men received prison sentences of nine and nearly eight years respectively for operating IT laptop farms that funneled over $5 million to...
Kyrgyzstan-based cryptocurrency exchange Grinex has suspended all operations after a $13.7 million hack, with the platform controversially attributing the...
An international law enforcement operation has dismantled 53 DDoS-for-hire domains, arrested four individuals, and exposed over 3 million criminal...
The Payouts King ransomware group is deploying the QEMU open-source emulator as a covert reverse SSH backdoor, spinning up hidden virtual machines on...
More than 18 months after a ransomware attack crippled hospitals in South East London, at least one NHS trust is still operating without fully restored...
A ransomware attack on Dutch healthcare software vendor ChipSoft has forced hospitals and patients across the Netherlands offline, disrupting the HiX...
A post-mortem of the $280 million Drift Protocol crypto theft reveals a sophisticated six-month North Korean social engineering operation involving fake...
Cybercriminals are stealing millions from Russian companies by compromising accountants' computers and disguising fraudulent transfers as routine salary...
Dutch healthcare software vendor ChipSoft has been struck by a ransomware attack, forcing the company to take its website and digital patient services...
The FBI received over 1 million complaints of malicious activity in 2025, with investment scams, business email compromise, and tech support fraud causing...
The FBI's Internet Crime Complaint Center reports that U.S. victims lost nearly $21 billion to cyber-enabled crimes in 2025 — an all-time record — driven...
Storm-1175 runs sub-24-hour Medusa ransomware campaigns using zero-days; the FBI IC3 reports a record $21 billion in US cybercrime losses for 2025; North...
Germany's Federal Criminal Police Office has publicly unmasked the real identity of "UNKN," the primary operator behind the now-defunct REvil and GandCrab...
Germany's Federal Police have publicly named two Russian nationals as the leaders of the GandCrab and REvil ransomware operations, linking them to at...
A joint operation by the US Department of Justice, Canada, and Germany has dismantled the infrastructure behind four highly disruptive IoT botnets that...
German authorities have publicly identified the elusive "UNKN," the operator behind the GandCrab and REvil ransomware groups, as 31-year-old Russian...
Modern ransomware has evolved far beyond simple file encryption. Multi-extortion tactics — combining encryption, data theft, and public leak threats —...
The Qilin ransomware group has claimed responsibility for an attack against German political party Die Linke, forcing an IT systems outage and threatening...
This week's security stories you may have missed: a ChatGPT conversation data leak, a new Android rootkit on Google Play, a municipal water facility taken...
U.S. prosecutors have charged a Maryland man with hacking DeFi protocol Uranium Finance twice and laundering over $53 million through cryptocurrency mixers.
Iranian APT groups are increasingly blurring the lines between state-sponsored cyber espionage and financially motivated cybercrime, deploying destructive...
A new underground platform called Leak Bazaar positions itself as a data-processing business, offering to monetize stolen records on behalf of ransomware...
A new report reveals how industrialized credential theft has become the common thread connecting ransomware campaigns, SaaS platform breaches, and...
Pro-Ukrainian hacktivist group Bearlyfy has conducted over 70 cyberattacks against Russian companies since January 2025, recently deploying a custom...
The pro-Ukrainian hacktivist group Bearlyfy has conducted over 70 cyberattacks against Russian businesses in the past year and is escalating operations...
Russian authorities have detained a suspected administrator of LeakBase, a major stolen-data marketplace with over 147,000 subscribers, just weeks after...
Russian law enforcement has arrested the alleged administrator of LeakBase — a credential marketplace operating since 2021 with 142,000 members and...
Ilya Angelov, co-leader of the TA551/Mario Kart cybercrime group, was sentenced to two years in prison for operating a phishing botnet that sent 700,000...
New research from Flare Systems reveals that premium AI platform access — including ChatGPT Plus, Claude Pro, and raw API keys — has been systematically...
This week: the DarkSword iOS exploit chain published on GitHub threatens to democratize nation-state-grade iPhone hacking; CanisterWorm turns the Trivy...
Aleksei Volkov, a Russian initial access broker who sold unauthorized access to U.S. companies for the Yanluowang ransomware group, has been sentenced to...
Former incident responder Ryan Goldberg and ransomware negotiator Kevin Martin admitted to running ALPHV/BlackCat ransomware operations against five US...
The U.S. Department of Justice, in coordination with Germany and Canada, has dismantled the C2 infrastructure of four major IoT botnets — AISURU, Kimwolf,...
The LeakNet ransomware gang is using ClickFix social engineering for initial access and a Deno-based malware loader to execute fileless payloads from...
England Hockey, the national governing body for field hockey in England, is investigating a potential data breach after the AiLock ransomware group listed...
Microsoft-tracked threat actor Velvet Tempest is deploying Termite ransomware via a ClickFix social-engineering chain that loads DonutLoader and installs...
Spanish and Ukrainian law enforcement dismantled a criminal organization that recruited war-displaced Ukrainian women to open bank accounts used to...
Evgenii Ptitsyn, 43, a Russian national who administered the Phobos ransomware-as-a-service operation, pleaded guilty to wire fraud conspiracy in the U.S....
An international coalition led by Europol and Microsoft has taken down Tycoon2FA, a phishing-as-a-service platform responsible for 87.5 million phishing...
A threat actor has published a database allegedly containing 19,000 user records from WormGPT, the underground AI platform marketed for offensive hacking...
Cybersecurity Ventures forecasts ransomware damage costs will surge to $74 billion globally in 2026, up from $57 billion in 2025, as attacks grow more...
Security researchers identify 14 active RaaS platforms operating sophisticated affiliate programs, with entry costs as low as $40 per month lowering the...
Threat intelligence reports show 8 active ransomware groups claimed 26 victims on February 2nd alone, with major corporations including BASF and Honeywell...