OnlyFans performers become unlikely allies of CISOs in securing websites

OnlyFans creators are now acting as unexpected allies to CISOs of government and university organizations by leveraging DMCA takedown notices against malicious actors. These actors were previously exploiting compromised websites to host scams and malware, using stolen adult content to attract victims and monetize traffic.

In Other News: Iran Tracks US Military Phones, CrashStealer macOS Malware, CVD Blueprint

This article covers several disparate cybersecurity and intelligence news items, including Iran's alleged tracking of US military phones, the emergence of CrashStealer malware targeting macOS, and a new blueprint for building secure AI models (CVD Blueprint). It also briefly mentions other stories like OpenClaw AI agents being exploited, ransomware impacting a naval defense firm, and a data breach at Lidl.

Inside the Search for "Clean" Residential Proxies for Carding

Cybercriminals are increasingly finding it difficult to use residential proxies for carding due to enhanced fraud detection. They are now combining proxies with other identity signals like browser fingerprints and device profiles to circumvent these defenses and improve their success rates.

New GoSerpent Malware Targets Southeast Asian Governments and Diplomats for Espionage

Cybersecurity researchers have identified a new malware named GoSerpent, in use since late 2025, specifically targeting government and diplomatic entities in Southeast Asia. The malware, discovered by Kaspersky, is designed for long-term access and intelligence gathering, suggesting a sophisticated espionage campaign.

US charges two over laundering $43 million from investment fraud

U.S. prosecutors have charged a man and a woman in New York for their involvement in a significant crime ring that laundered $43 million obtained through investment fraud scams. The charges stem from their alleged roles in facilitating the movement of illicit funds, which were derived from cyber-enabled investment schemes.

Now, even Russia's most elite hackers are using Clickfix to infect devices

Russia's most sophisticated hacking groups are reportedly adopting the Clickfix social engineering technique to infect devices. This method, previously associated with financially motivated cybercriminals, is now being utilized by elite state-sponsored attackers.

Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack

Two hackers associated with the Scattered Spider group, Owen Flowers and Thalha Jubair, have been sentenced to five and a half years in prison each for their 2024 hack of Transport for London (TfL). The attack rendered 148 TfL systems inoperable and required all 27,000 employees to reset their passwords in person, resulting in significant losses and recovery costs for the transport authority.

Two Scattered Spider Hackers Sentenced to Jail in UK

Two individuals associated with the Scattered Spider hacking group have been sentenced to jail in the UK for a 2024 cyberattack. The attack specifically targeted Transport for London (TfL).

Scattered Spider members behind TfL hack get five years in prison

Two key members of the Scattered Spider cybercrime group have been sentenced to five years and six months in prison each. This sentencing stems from their involvement in the 2024 hack of Transport for London (TfL). The conviction highlights the legal consequences for individuals engaged in sophisticated cyberattacks.

20+ Hijacked Government Websites Became
an Attack Channel

Over 20 Brazilian government websites have been compromised and used as a distribution channel for malware by the PhantomEnigma threat group. The campaign, uncovered by ANY.RUN, also revealed new backdoor functionalities and hidden infrastructure details.

Russian hackers trojanize WebEx, Zoom apps to push Starland malware

A financially motivated Russian threat actor known as UAT-11795 is distributing a new backdoor malware called Starland RAT by trojanizing legitimate WebEx and Zoom applications. This malware is designed to steal user credentials and cryptocurrency from infected systems.

The executive profile your security team isn’t defending

AI tools can now quickly aggregate and synthesize publicly available information about executives, creating a comprehensive profile that attackers can use for targeted social engineering attacks. This significantly reduces the time and effort required for reconnaissance, posing a new challenge for executive protection programs.

Police Disrupt a €140M Cyber Fraud Ring in Spain

Spanish police have dismantled a significant cyber fraud ring that generated an estimated €140 million through various online attacks. The group's activities included phishing, malware distribution, and other forms of cybercrime, with proceeds being laundered through sophisticated financial schemes.

Dutch police bust investment fraud ring stealing over €100 million

Dutch police have arrested suspects in a large-scale investment fraud ring that allegedly defrauded tens of thousands of victims out of over €100 million. The criminal group operated internationally, using fake investment platforms and social media to lure victims. Authorities seized assets and are continuing investigations into the full extent of the operation.

US charges alleged operators of Russian bulletproof hosting service

U.S. federal prosecutors have charged three Russian nationals for allegedly operating a bulletproof hosting service that supported ransomware gangs. This service is believed to have facilitated criminal activities resulting in over $62 million in damages to victims globally.

Cribl Adds Agentic Detection Engineering & Boosts SecOps With CardinalOps Deal

Cribl has acquired CardinalOps, a company specializing in detection engineering. This integration aims to enhance Cribl's platform by enabling customers to map detection rules and security controls to the MITRE ATT&CK framework, thereby identifying coverage gaps and operationalizing threat intelligence for SecOps teams.

Spanish Police take down €140 million cyber fraud ring, arrest four

Spanish police have dismantled a sophisticated cybercrime ring that defrauded victims out of €140 million through investment scams and business email compromise (BEC) attacks. Four individuals have been arrested as part of the operation, which also targeted money laundering activities associated with the illicit gains.

US sanctions VPN, malware providers for enabling ransomware attacks

The U.S. Treasury Department has sanctioned two individuals and one entity for providing services that facilitated ransomware attacks. These sanctioned entities allegedly supplied VPN and malware services, thereby enabling cybercriminals to target U.S. organizations.

Microsoft Maps Year-Long ShinyHunters-Linked Salesforce Data Theft Across Three Paths

Attackers linked to the ShinyHunters group have been stealing data from Salesforce environments for the past year by exploiting existing trust relationships, primarily through OAuth connections, rather than exploiting platform vulnerabilities. This tactic allowed them to access corporate data by leveraging integrations with third-party vendors and applications.

Governments to enterprises: Improve your router security hygiene

Global security agencies have issued an advisory warning enterprises about the continued exploitation of poorly secured routers by Russian government-sponsored attackers. These actors leverage outdated SNMP protocols and weak authentication to gain access to device configurations, which can contain sensitive information.

US authorities warn of Russian attacks on critical infrastructure

US authorities including the NSA, FBI, and CISA have issued a warning about recent Russian cyberattacks targeting critical infrastructure in North America and Europe. The attackers are exploiting vulnerabilities and misconfigurations in routers, emphasizing the importance of timely security patching.

Weak Security Continues to Fuel Russian Cyberattacks

The UK and EU have jointly imposed sanctions on Russian individuals and entities, marking the first time such actions have been taken together. These sanctions are a response to alleged cyberattacks and disinformation campaigns conducted by Russia in the region. This coordinated action signifies a significant diplomatic move to hold Russia accountable for its cyber activities.

UK charges suspects linked to Russian Coms call spoofing platform

UK authorities have charged five individuals linked to Russian Coms, a platform used to spoof caller ID for fraudulent purposes. The platform facilitated over 1.8 million scam calls originating from Russia, with many targeting UK citizens. The investigation was conducted by the National Crime Agency (NCA).

Improve Router Hygiene to Protect Against Russian State-Sponsored Targeting

Russian FSB cyber actors are exploiting poorly configured and vulnerable networking devices to compromise critical infrastructure networks globally. This advisory provides updated tactics, techniques, and procedures (TTPs) to help defenders understand and counter this ongoing threat, building on previous FBI alerts.

EU sanctions Russian GRU military hackers over cyberattacks

The European Union and the United Kingdom have jointly imposed sanctions on numerous Russian individuals and entities. These sanctions are in response to Russia's alleged coordination of hacking groups responsible for cyberattacks across Europe.

US and allies warn of Russian critical infrastructure attacks

The US and eight allied nations have issued a joint warning about Russian state-sponsored hackers targeting vulnerable and misconfigured routers. These attacks aim to infiltrate critical infrastructure networks. The advisory highlights specific tactics used by these threat actors.

Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns

Cybersecurity researchers have uncovered persistent cyber espionage campaigns targeting Pakistani law enforcement, with suspected China- and India-aligned threat actors exploiting the Balochistan Police portal. The attackers gained access to servers managing police and citizen data, including criminal records, between February 2024 and April 2026.

Ghost Accounts Abuse GitHub API in Mass Recon Campaign

Multiple ongoing campaigns are exploiting ghost accounts to abuse the GitHub API for mass reconnaissance. These campaigns are designed to map GitHub organizations, including their repositories and member lists, potentially to identify targets for further exploitation.