All CosmicBytez Labs articles tagged #Cybercrime, across news, security advisories, how-to guides, and projects.
This week's security roundup covers Iranian threat actors tracking US military personnel's phones, the newly discovered CrashStealer macOS infostealer, a coordinated vulnerability disclosure blueprint, ransomware targeting naval defense firm TKMS, and more.
Federal prosecutors charged Zhuoying Chen and Haojie Zhang with conspiracy to commit money laundering after the pair allegedly moved $43 million in pig butchering fraud proceeds through 140 bank accounts under 45 shell companies.
The Coca-Cola Company filed an SEC 8-K disclosure after a ransomware attack on its Fairlife dairy subsidiary temporarily suspended all US production of Ultra-Filtered Milk, Core Power Protein Shakes, and Nutrition Plan beverages.
Sophos 2026: 79% of ransomware attacks start with stolen identities. MFA was present in 97% of credential-based cases yet failed to stop every one of them.
A newly identified ransomware group called Spirals has demonstrated alarming operational speed, completing the full attack lifecycle — initial access, lateral movement, data theft, and network-wide encryption — in less than 24 hours.
Owen Flowers, 18, and Thalha Jubair, 20, were each sentenced to five and a half years at Woolwich Crown Court for their roles in the 2024 cyberattack on Transport for London that downed 148 systems and disrupted 27,000 employees.
Dutch Police have announced the arrest of multiple suspects believed to be part of an international investment fraud ring that stole over €100 million from tens of thousands of victims. The operation dismantled fake investment platforms operated by the criminal network across multiple countries.
Federal prosecutors unsealed a 2024 indictment against three Russian nationals who ran Medialand LLC and ML.Cloud LLC — bulletproof hosting services used by LockBit, BlackSuit, and Play ransomware gangs to victimize 44 organizations across 21 US states.
Spanish National Police, coordinating with Europol, Interpol, Portugal, and Panama, have dismantled a sophisticated cybercriminal organization responsible for €140 million in fraud losses across Europe. Four individuals were arrested after raids across Spain, Portugal, and Panama. The ring operated fraudulent investment platforms, CEO impersonation scams, BEC attacks, and fake invoice fraud — laundering proceeds through 120 shell companies and 800+ bank accounts.
The U.S. Treasury's OFAC has designated two individuals and a VPN service provider for enabling ransomware actors and other cybercriminals — marking a significant escalation in targeting the infrastructure that makes ransomware operations possible.
The US Treasury's OFAC sanctioned First VPN Service (1VPNS) and its Ukrainian administrator for providing anonymization cover to ransomware groups attacking US critical infrastructure, causing billions in losses. Action is coordinated with the UK and follows a May 2026 European infrastructure takedown.
Dutch police have identified evidence implicating a local Dutch suspect as an accomplice in the cyberattack on telecom provider Odido, which exposed the personal data of more than 6 million customers earlier this year.
A 41-year-old former cybersecurity professional has been sentenced to 70 months in federal prison for conspiring with the now-defunct BlackCat ransomware group to extort victims and coordinating additional attacks alongside two other cybersecurity professionals.
A Ryuk ransomware operator pleaded guilty in Oregon federal court while a BlackCat/AlphV conspirator received a 70-month prison sentence in Florida,...
Angelo Martino, a former ransomware negotiator turned insider threat, was sentenced to 70 months in federal prison for actively assisting the...
Karen Vardanyan, an Armenian national, has pleaded guilty to federal charges related to Ryuk ransomware attacks and faces up to 15 years in prison with...
A weekly cybersecurity roundup covering the DHS database breach, Adobe accelerating its patch release schedule, Canada's law enforcement disruption of...
A Bulgarian national already serving over 10 years for laundering millions stolen from American fraud victims now faces new charges after allegedly...
The Dutch National Police has found strong indications that Dutch nationals were behind the February 2026 data breach at Odido, one of the Netherlands'...
Angelo Martino, a former cyber recovery specialist at DigitalMint, was sentenced to nearly six years in federal prison after secretly feeding confidential...
A new ransomware strain dubbed 'GodDamn' is leveraging a Microsoft-signed malicious kernel driver through the Bring Your Own Vulnerable Driver technique...
Symantec's Threat Hunter Team has flagged GodDamn, a new ransomware family that deploys the PoisonX kernel driver to disable endpoint detection and...
Microsoft has dissected GigaWiper, a destructive Windows backdoor that combines three distinct destructive capabilities — full disk wiping, fake...
A 3.5-month INTERPOL-led operation spanning 97 countries resulted in 5,811 arrests, $293 million seized, and 142,000 victims identified — targeting...
A sweeping international law enforcement operation spanning 97 countries resulted in the arrest of 5,811 suspects and the seizure of $293 million in...
Canada's Communications Security Establishment publicly disclosed offensive cyber operations against a ransomware-as-a-service gang, a foreign online...
Security researchers at Sysdig have documented JadePuffer — an agentic threat actor powered entirely by a large language model that independently...
This week's threat roundup covers residential proxy botnets hiding in streaming boxes, browser-based ransomware campaigns, AI agent abuse techniques, and...
Peter Stokes, 19, has been extradited from Finland to face federal charges tied to Scattered Spider's hundred-million-dollar cybercrime spree — the latest...
Threat group JadePuffer leveraged an LLM agent to autonomously execute a multi-stage ransomware-style attack through a critical Langflow vulnerability,...
Peter Stokes, 19, a dual US-Estonian citizen known online as 'Bouquet,' has been extradited from Finland to face federal charges for his alleged role in...
Security researchers have documented what appears to be the first ransomware operation conducted entirely by a large language model agent — JadePuffer...
A roundup of security stories you may have missed: an Anonymous-linked Canadian hacker receives a prison sentence, a researcher drops zero-days in open...
Sysdig researchers documented the first fully autonomous AI-driven ransomware campaign, where threat actor JADEPUFFER used an AI agent to chain Langflow...
SOCRadar uncovered FortiBleed — a large-scale credential-harvesting campaign targeting 11,250 FortiGate portals across 150+ countries, resulting in 110...
Anubis ransomware affiliates are exploiting CVE-2025-5777 (Citrix Bleed 2) for initial access while pairing BYOVD techniques and stolen supply chain...
A ransomware campaign is impersonating Interpol to pressure small and medium-sized businesses into paying extortion demands, using law enforcement...
This week's security roundup covers AI compute theft, a newly discovered Apple Mail vulnerability, the emerging BlueHammer ransomware group, and 14...
Researchers have connected the massive FortiBleed credential-theft operation — which harvested credentials from over 86,000 FortiGate firewalls — directly...
The Blackfield ransomware gang is demanding a $2 million ransom from Nidec Corporation after attacking its Taiwanese subsidiary, Nidec Chaun Choung...
From outsourced labor to tiered pricing models, today's top ransomware groups operate less like rogue hackers and more like Fortune 500 companies — with...
Rising third-party breach incidents are forcing schools and universities to play defense as ransomware gangs and supply chain attackers increasingly...
Nathan Austad of Minnesota, who operated under the alias 'Snoopy,' has been sentenced for his role in the 2022 DraftKings data breach, becoming the third...
New research from Black Kite shows ransomware attacks against European organizations surged 55% in the first four months of 2026 compared to the same...
With tens of billions of dollars flowing into regional economies from cybercrime, scam centers across Southeast Asia continue to flourish despite...
Zscaler researchers exposed 'Edgecution', a rogue Microsoft Edge extension that exploits Chrome's Native Messaging protocol to escape the browser sandbox...
Polish authorities, working alongside the FBI and HSI, have arrested four members of a cybercrime gang that used SIM-swapping attacks to hijack...
Microsoft, Europol, and international law enforcement partners have dismantled infrastructure supporting the Amadey malware loader and StealC infostealer...
Security researchers have identified a new backdoor malware named Mistic being deployed by KongTuke, a ransomware initial access broker, in financially...
A new INTERPOL report reveals a dramatic surge in Asia-Pacific cybercrime, with phishing rates nearly double the global average, ransomware attacks...
This week's threat roundup covers the Usbliter8 iPhone boot exploit, NarwhalRAT spread via fake Microsoft alerts, The Gentlemen ransomware's GentleKiller...
A new Go-based ransomware operation named Prinz Eugen targets recently modified files first, uses ChaCha20-Poly1305 encryption, and communicates with...
The Gentlemen ransomware-as-a-service operation distributes a sophisticated EDR-killing toolkit called GentleKiller to affiliates, capable of terminating...
Mackay Sugar, one of Australia's largest sugar producers, is working urgently to restore harvesting and milling operations after The Gentlemen ransomware...
The Gentlemen ransomware-as-a-service operation is actively developing and maintaining a suite of EDR killer tools to help affiliates evade detection and...
Cybersecurity researchers have charted the evolution of INC ransomware from a nascent RaaS operation to one of the most prolific cybercrime groups in...
The INC ransomware group has risen to prominence not through exotic exploits but by relentlessly targeting sectors — particularly healthcare — where...
Security researchers have uncovered a DragonForce ransomware attack deploying a new Go-based backdoor that uses Microsoft Teams relay infrastructure for...
New analysis reveals the 'Lorem Ipsum' malware campaign has adopted ClickFix social engineering as its primary delivery mechanism, leveraging compromised...
DragonForce ransomware operators deployed a custom implant called Backdoor.Turn to camouflage command-and-control communications inside legitimate...
A joint FBI and Google operation took down the Outsider Enterprise phishing platform — responsible for over 9,000 fake sites, nearly 4 million stolen...
Oleksii Lytvynenko, a 44-year-old Ukrainian national, has pleaded guilty to participating in the prolific Conti ransomware group after being arrested in...
The FBI, Google, and Black Lotus Labs jointly dismantled Outsider Enterprise, a massive Chinese phishing-as-a-service platform that operated over one...
A former IT worker at an Iowa school district was sentenced to 21 months in federal prison after conducting a sustained cyberattack campaign against his...
Europol has dismantled AudiA6, a cryptocurrency laundering service described as a key financial pipeline for ransomware gangs and cybercriminal networks...
A Ukrainian national extradited from Ireland to the United States has pleaded guilty to conspiracy charges tied to the Conti ransomware operation, which...
Law enforcement has dismantled the AudiA6 cryptocurrency laundering service used by ransomware actors and cybercriminals to clean more than $380 million...
A new analysis of The Gentlemen ransomware operation reveals the financially motivated group has claimed 478 victims and evolved a worm-like...
Attackers increasingly favor stolen credentials over exploits, and infostealers have become the primary access broker feeding ransomware and cybercrime...
KrebsOnSecurity investigates the identity and structure behind The Gentlemen, the second most active ransomware gang of 2026, known for offering...
A California man was sentenced to over 26 years in federal prison for trafficking fentanyl and meth through Nemesis Market, a major dark web drug marketplace.
Law enforcement agencies and major technology companies have jointly dismantled infrastructure tied to Southeast Asia-based scammers, disrupting more than 1.4…
A coordinated international law enforcement operation has dismantled nine organized crime groups and arrested 29 suspects in a major crackdown targeting…
The U.S. Treasury's OFAC has sanctioned Nobitex, Iran's largest cryptocurrency exchange, for facilitating payments linked to terrorist activities and…
A threat actor has deployed an AI-generated ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and…
Dutch authorities seized command-and-control servers tied to a botnet of 17 million infected computers, smartphones, and tablets that was allegedly used to…
A Canadian man received a 33-year US federal sentence after using fake online identities on social media to manipulate children into sending sexually...
A reported breach of 5.8M Uruguayan records is the latest in a growing pattern of attackers monetizing Latin American government citizen data.
FBI warns the Silent Ransom Group is targeting law firms by physically arriving on-site and social-engineering access to sensitive client databases.
The ShinyHunters extortion gang stole the personal information of over 185,000 customers after breaching convenience store giant 7-Eleven in April 2026, with.
Two former executives of a call-tracking and analytics company have pleaded guilty to concealing a years-long tech support fraud scheme that victimized...
Dutch financial crime investigators (FIOD) arrested two men and seized 800 servers from a hosting company that provided bulletproof infrastructure...
The FBI and international partners have disrupted First VPN, a criminal VPN service used by dozens of ransomware groups for network reconnaissance and...
Canadian authorities arrested a 23-year-old Ottawa man suspected of building and operating Kimwolf, an IoT botnet that enslaved millions of devices for...
Jacob Butler, a Canadian national, has been arrested and charged in the United States and Canada for running the KimWolf DDoS-for-hire botnet, which...
International authorities have disrupted a criminal VPN service called First VPN that was used by more than 25 ransomware groups to conceal network...
U.S. and Canadian authorities arrested and charged a Canadian man with operating the Kimwolf DDoS botnet, which infected nearly two million devices...
The 2026 Verizon Data Breach Investigations Report highlights how evolving social engineering tactics are making the healthcare sector more vulnerable,...
European law enforcement has taken down First VPN, a privacy service that had been openly advertised on Russian-language cybercrime forums as a tool for...
International law enforcement has dismantled 'First VPN,' a criminal VPN service marketed on Russian-speaking cybercrime forums and used to facilitate...
GitHub has officially confirmed it was breached by the TeamPCP threat actor after the group advertised stolen internal source code on a cybercrime forum....
GitHub is investigating unauthorized access to its internal repositories after the TeamPCP threat actor listed approximately 4,000 GitHub internal repos...
Ukrainian cyberpolice, working with US law enforcement, identified an 18-year-old from Odesa suspected of running an infostealer malware operation that...
Microsoft has disrupted a malware-signing-as-a-service operation that exploited the company's Artifact Signing service to produce fraudulent code-signing...
Verizon's 2026 Data Breach Investigations Report reveals a landmark shift: vulnerability exploitation has surpassed credential abuse as the leading breach...
A Nitrogen ransomware attack on Foxconn's North American facilities is one of more than 600 hits on manufacturers so far in 2026, as ransomware gangs...
Colorado Governor Jared Polis has commuted the nine-year prison sentence of Tina Peters, the election denier convicted of stealing voting system data,...
The non-bank lender discovered a ransomware attack nearly one year ago but only recently completed its investigation, notifying over 123,000 individuals...
THORChain officials confirmed that one of their six vaults was compromised in a security incident, leading to a loss of approximately $10.7 million. The...
Foxconn, the world's largest electronics manufacturer, confirmed a cyberattack on its North American factories claimed by the Nitrogen ransomware gang,...
Electronics manufacturing giant Foxconn has confirmed a cyberattack on its North American operations after the Nitrogen ransomware group claimed...
An OPSEC failure provides a rare window into the inner workings of The Gentlemen ransomware-as-a-service group, exposing their affiliate model, TTPs, and...
West Pharmaceutical Services, a global manufacturer of drug delivery systems and packaging, has taken systems offline worldwide after hackers exfiltrated...
West Pharmaceutical Services filed an SEC disclosure warning that hackers breached the company on May 4, stole data, and encrypted systems — forcing a...
Hundreds of npm packages in the TanStack open source ecosystem have been infected by a fresh wave of Mini Shai-Hulud worm activity from TeamPCP — the same...
Google has disclosed a landmark discovery: an unknown threat actor used an AI system to develop a zero-day exploit in the wild — the first confirmed...
The UK's Information Commissioner's Office fined South Staffordshire Water nearly £1 million after the Cl0p ransomware group maintained undetected access...
Dozens of universities were forced to reschedule final examinations after a cybercriminal group displayed threatening messages through Canvas, the widely...
A newly discovered phishing-as-a-service toolkit called Bluekit is emerging on underground forums, offering threat actors an AI assistant for campaign...
A newly disclosed critical vulnerability in cPanel and WHM tracked as CVE-2026-41940 is being mass-exploited by ransomware actors to breach web hosting...
Two cybersecurity incident responders who abused their trusted positions to secretly carry out ransomware attacks against the organizations they were...
Two former cybersecurity incident responders from Sygnia and DigitalMint were each sentenced to four years in federal prison for leveraging their trusted...
The FBI has issued a warning to the transportation and logistics industry about a sharp rise in cyber-enabled cargo theft, with estimated losses reaching...
Ryan Goldberg and Kevin Martin, who worked as incident responders, were sentenced to four years in federal prison after using their trusted access to...
The FBI's new advisory reveals that cyber actors have spent the last two years systematically breaching freight broker and carrier systems, then posing as...
Healthcare organization took nearly one year to publicly disclose a data breach after being targeted by Inc Ransom ransomware, with approximately 170,000...
Austrian and Albanian law enforcement jointly dismantled a large-scale cryptocurrency investment fraud operation estimated to have caused over €50 million...
Swiss and German law enforcement arrested 10 suspected members of the Nigerian criminal network Black Axe, including a regional leader believed to oversee...
The emerging Vect 2.0 ransomware — deployed against TeamPCP supply chain attack victims — permanently destroys files larger than 131KB due to a critical...
Threat hunters warn that VECT 2.0 ransomware contains a critical flaw in its encryption implementation that acts more like a wiper for files over 131KB...
Researchers have found that VECT 2.0 ransomware contains a critical flaw in its nonce handling that causes encryption to permanently destroy large files...
When rival ransomware groups 0APT and KryBit turned on each other, they exposed infrastructure details, operational data, victim lists, and internal...
A California man has been sentenced to more than five years in federal prison for his role in laundering proceeds for a cybercriminal organization that...
Evan Tangeman, 22, of Newport Beach, California, was sentenced to 70 months in federal prison for laundering funds stolen in a $230 million cryptocurrency...
Home security giant ADT confirmed that cybercriminals breached its systems and stole a limited set of customer and prospective customer information. The...
Home security giant ADT has confirmed a data breach after the ShinyHunters extortion group threatened to publish stolen data unless a ransom is paid,...
Recently observed Trigona ransomware attacks are using a bespoke command-line exfiltration tool to steal data from compromised environments faster and...
Angelo Martino, 41, a former employee of cybersecurity incident response firm DigitalMint, has pleaded guilty to targeting U.S. companies with BlackCat...
A new ransomware operation called Kyber is targeting Windows systems and VMware ESXi endpoints, with one variant implementing Kyber1024 post-quantum...
Spanish police have shut down the largest Spanish-language manga piracy platform, which had operated since 2014 and served millions of monthly users...
Angelo Martino, a former ransomware payment negotiator for DigitalMint, has pleaded guilty to helping accomplish extort $75.3 million in ransom from five...
A critical RCE flaw in BeyondTrust Bomgar remote monitoring and management software is being actively exploited to spread ransomware and compromise...
Backups protect your data, but they don't keep your business running during downtime. Understanding the difference between backup and BCDR is critical as...
Researchers have discovered a SystemBC proxy botnet of over 1,570 compromised hosts linked to Gentlemen ransomware operations. The gang's affiliate is...
A ransomware campaign operating since at least 2019 has persistently targeted Turkish home users and small-to-medium businesses, largely evading major...
Two New Jersey men received prison sentences of nine and nearly eight years respectively for operating IT laptop farms that funneled over $5 million to...
Kyrgyzstan-based cryptocurrency exchange Grinex has suspended all operations after a $13.7 million hack, with the platform controversially attributing the...
An international law enforcement operation has dismantled 53 DDoS-for-hire domains, arrested four individuals, and exposed over 3 million criminal...
The Payouts King ransomware group is deploying the QEMU open-source emulator as a covert reverse SSH backdoor, spinning up hidden virtual machines on...
More than 18 months after a ransomware attack crippled hospitals in South East London, at least one NHS trust is still operating without fully restored...
A ransomware attack on Dutch healthcare software vendor ChipSoft has forced hospitals and patients across the Netherlands offline, disrupting the HiX...
A post-mortem of the $280 million Drift Protocol crypto theft reveals a sophisticated six-month North Korean social engineering operation involving fake...
Cybercriminals are stealing millions from Russian companies by compromising accountants' computers and disguising fraudulent transfers as routine salary...
Dutch healthcare software vendor ChipSoft has been struck by a ransomware attack, forcing the company to take its website and digital patient services...
The FBI received over 1 million complaints of malicious activity in 2025, with investment scams, business email compromise, and tech support fraud causing...
The FBI's Internet Crime Complaint Center reports that U.S. victims lost nearly $21 billion to cyber-enabled crimes in 2025 — an all-time record — driven...
Storm-1175 runs sub-24-hour Medusa ransomware campaigns using zero-days; the FBI IC3 reports a record $21 billion in US cybercrime losses for 2025; North...
Germany's Federal Criminal Police Office has publicly unmasked the real identity of "UNKN," the primary operator behind the now-defunct REvil and GandCrab...
Germany's Federal Police have publicly named two Russian nationals as the leaders of the GandCrab and REvil ransomware operations, linking them to at...
A joint operation by the US Department of Justice, Canada, and Germany has dismantled the infrastructure behind four highly disruptive IoT botnets that...
German authorities have publicly identified the elusive "UNKN," the operator behind the GandCrab and REvil ransomware groups, as 31-year-old Russian...
Modern ransomware has evolved far beyond simple file encryption. Multi-extortion tactics — combining encryption, data theft, and public leak threats —...
The Qilin ransomware group has claimed responsibility for an attack against German political party Die Linke, forcing an IT systems outage and threatening...
This week's security stories you may have missed: a ChatGPT conversation data leak, a new Android rootkit on Google Play, a municipal water facility taken...
U.S. prosecutors have charged a Maryland man with hacking DeFi protocol Uranium Finance twice and laundering over $53 million through cryptocurrency mixers.
Iranian APT groups are increasingly blurring the lines between state-sponsored cyber espionage and financially motivated cybercrime, deploying destructive...
A new underground platform called Leak Bazaar positions itself as a data-processing business, offering to monetize stolen records on behalf of ransomware...
A new report reveals how industrialized credential theft has become the common thread connecting ransomware campaigns, SaaS platform breaches, and...
Pro-Ukrainian hacktivist group Bearlyfy has conducted over 70 cyberattacks against Russian companies since January 2025, recently deploying a custom...
The pro-Ukrainian hacktivist group Bearlyfy has conducted over 70 cyberattacks against Russian businesses in the past year and is escalating operations...
Russian authorities have detained a suspected administrator of LeakBase, a major stolen-data marketplace with over 147,000 subscribers, just weeks after...
Russian law enforcement has arrested the alleged administrator of LeakBase — a credential marketplace operating since 2021 with 142,000 members and...
Ilya Angelov, co-leader of the TA551/Mario Kart cybercrime group, was sentenced to two years in prison for operating a phishing botnet that sent 700,000...
New research from Flare Systems reveals that premium AI platform access — including ChatGPT Plus, Claude Pro, and raw API keys — has been systematically...
This week: the DarkSword iOS exploit chain published on GitHub threatens to democratize nation-state-grade iPhone hacking; CanisterWorm turns the Trivy...
Aleksei Volkov, a Russian initial access broker who sold unauthorized access to U.S. companies for the Yanluowang ransomware group, has been sentenced to...
Former incident responder Ryan Goldberg and ransomware negotiator Kevin Martin admitted to running ALPHV/BlackCat ransomware operations against five US...
The U.S. Department of Justice, in coordination with Germany and Canada, has dismantled the C2 infrastructure of four major IoT botnets — AISURU, Kimwolf,...
The LeakNet ransomware gang is using ClickFix social engineering for initial access and a Deno-based malware loader to execute fileless payloads from...
England Hockey, the national governing body for field hockey in England, is investigating a potential data breach after the AiLock ransomware group listed...
Microsoft-tracked threat actor Velvet Tempest is deploying Termite ransomware via a ClickFix social-engineering chain that loads DonutLoader and installs...
Spanish and Ukrainian law enforcement dismantled a criminal organization that recruited war-displaced Ukrainian women to open bank accounts used to...
Evgenii Ptitsyn, 43, a Russian national who administered the Phobos ransomware-as-a-service operation, pleaded guilty to wire fraud conspiracy in the U.S....
An international coalition led by Europol and Microsoft has taken down Tycoon2FA, a phishing-as-a-service platform responsible for 87.5 million phishing...
A threat actor has published a database allegedly containing 19,000 user records from WormGPT, the underground AI platform marketed for offensive hacking...
Cybersecurity Ventures forecasts ransomware damage costs will surge to $74 billion globally in 2026, up from $57 billion in 2025, as attacks grow more...
Security researchers identify 14 active RaaS platforms operating sophisticated affiliate programs, with entry costs as low as $40 per month lowering the...
Threat intelligence reports show 8 active ransomware groups claimed 26 victims on February 2nd alone, with major corporations including BASF and Honeywell...