FBI’s 2025 Internet Crime Report

The 2025 Internet Crime Report was published a few weeks ago, but I only just saw it. Lots of interesting statistics. Press release. News articles...

Researchers left AI agents alone in a virtual town and watched it all unravel

Tech leaders have spent the past year telling everyone that AI agents are about to run financial systems, file your tax returns, and quietly buy your groceries. Just leave them alone, the rhetoric goes; they'll handle it. But a New York startup left ten of them alone in a virtual town for two...

A Ransomware Negotiator Was Working for a Ransomware Gang

Someone pleaded guilty to secretly working for a ransomware gang as he negotiated ransomware payments for clients...

IWCC 2026 Call for Papers

The 15th International Workshop on Cyber Crime, or IWCC, 2026 call for papers has been announced. It will be held this year in conjunction with the International Conference on Availability, Reliability and Security ARES 2026 in Link�ping, Sweden, August 24th through the 27th, 2026...

ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes. The supply chain is messy. Packages you did not check are stealing data, adding backdoors, and spreading. Attacking the...

Cybercrime As a Service: A Scoping Review

Cloud computing has drastically altered the ways in which it is possible to deliver information technologies in a service-led structure, however, this has also been reflected in the cybercrime domain. Cybercrime as a Service is an economic model where a technically skilled actor offers a given...

A week in security (March 23 – March 29)

Last week on Malwarebytes Labs: Criminals are renting virtual phones to bypass bank security Bogus Avast website fakes virus scan, installs Venom Stealer instead Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka GlassWorm attack installs fake browser extension for...

Hackers claim to have accessed data tied to millions of crime tipsters

Millions of crime tips may have been exposed after a hacker group claims to have compromised systems used by Crime Stoppers programs and other organizations worldwide. The incident centers on P3 Global Intel, a Texas-based provider of cloud-based tip and intelligence management software owned by...

Substack Breach: 662,752 User Records Leaked on Cybercrime Forum

Substack confirms a breach after hacker accessed internal user records now circulating on crime forums, exposing emails, phone numbers, and account metadata...

CVE-2021-47846 Digital Crime Report Management System 1.0 - SQL Injection

Digital Crime Report Management System 1.0 contains a critical SQL injection vulnerability affecting multiple login pages that allows unauthenticated attackers to bypass authentication. Attackers can exploit the vulnerability by sending crafted SQL injection payloads in email and password...

CVE-2021-47846

Digital Crime Report Management System 1.0 contains a critical SQL injection vulnerability affecting multiple login pages that allows unauthenticated attackers to bypass authentication. Attackers can exploit the vulnerability by sending crafted SQL injection payloads in email and password...

CVE-2021-47846 Digital Crime Report Management System 1.0 - SQL Injection

Digital Crime Report Management System 1.0 contains a critical SQL injection vulnerability affecting multiple login pages that allows unauthenticated attackers to bypass authentication. Attackers can exploit the vulnerability by sending crafted SQL injection payloads in email and password...

CVE-2021-47846

Technical details (affected products/versions/root cause/exploitability) are not publicly provided in the supplied documents. Monitor for updates from official advisories.

Digital Crime Report Management System SQL Injection Vulnerability

The Digital Crime Report Management System is an open-source system developed by I Want Source Codes for digital crime reporting and management. Version 1.0 of the Digital Crime Report Management System has a SQL injection vulnerability. This vulnerability stems from multiple login pages that are...

MiracleLinux 3 : openssl-0.9.8e-26.AXS3.1 (AXSA:2013-126:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-126:01 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries...

MiracleLinux 4 : openssl-1.0.0-27.AXS4.2 (AXSA:2013-168:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-168:01 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries...

Trump Warned of a Tren de Aragua ‘Invasion.’ US Intel Told a Different Story

Hundreds of records obtained by WIRED show thin intelligence on the Venezuelan gang in the United States, describing fragmented, low-level crime rather than a coordinated terrorist threat...

Researchers Uncover Service Providers Fueling Industrial-Scale Pig Butchering Fraud

Cybersecurity researchers have shed light on two service providers that supply online criminal networks with the necessary tools and infrastructure to fuel the pig butchering-as-a-service PBaaS economy. At least since 2016, Chinese-speaking criminal groups have erected industrial-scale scam cente...

Europol Arrests 34 Black Axe Members in Spain Over €5.9M Fraud and Organized Crime

Europol on Friday announced the arrest of 34 individuals in Spain who are alleged to be part of an international criminal organization called Black Axe. As part of an operation conducted by the Spanish National Police, in coordination with the Bavarian State Criminal Police Office and Europol, 28...

CVE-2022-37253

Persistent cross-site scripting XSS in Crime Reporting System 1.0 allows a remote attacker to introduce arbitary Javascript via manipulation of an unsanitized POST parameter...