MAL-2025-41404 Malicious code in react-event-tracker-dpdpoc (npm)

The package communicates with a domain associated with malicious activity...

Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity

Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided. "If a country is unhappy with an internet service, the established practice is to start a legal action against the service itself," Durov said in a 600-word statement on...

Telegram CEO Pavel Durov charged with allowing criminal activity

France has indicted the CEO of the popular messaging app Telegram on charges of complicity in the distribution of child sex abuse images, aiding organized crime, drug trafficking, fraud, and refusing lawful orders to give information to law enforcement. The arrest warrants for Pavel Durov and his...

French Authorities Charge Telegram CEO with Facilitating Criminal Activities on Platform

French prosecutors on Wednesday formally charged Telegram CEO Pavel Durov with facilitating a litany of criminal activity on the popular messaging platform and placed him under formal investigation following his arrest Saturday. Russian-born Durov, who is also a French citizen, has been charged...

FBI Seizes BreachForums Again, Urges Users to Report Criminal Activity

Law enforcement agencies have officially seized control of the notorious BreachForums platform, an online bazaar known for peddling stolen data, for the second time within a year. The website "breachforums.st" has been replaced by a seizure banner stating the clearnet cybercrime forum is under th...

Belarusian National Linked to BTC-e Faces 25 Years for $4 Billion Crypto Money Laundering

A 42-year-old Belarusian and Cypriot national with alleged connections to the now-defunct cryptocurrency exchange BTC-e is facing charges related to money laundering and operating an unlicensed money services business. Aliaksandr Klimenka, who was arrested in Latvia on December 21, 2023, was...

U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals

In what's a case of setting a thief to catch a thief, the U.K. National Crime Agency NCA revealed that it has created a network of fake DDoS-for-hire websites to infiltrate the online criminal underground. "All of the NCA-run sites, which have so far been accessed by around several thousand peopl...

DNA testing company fined after customer data theft

DNA Diagnostics Center DDC, an Ohio-based private DNA testing company, last week reached a settlement deal with the Ohio and Pennsylvania state attorneys general in relation to a 2021 breach that saw the theft of 45,000 residents' personal details. Overall the attack compromised over 2.1 million...

Experts Uncover the Identity of Mastermind Behind Golden Chickens Malware Service

Cybersecurity researchers have discovered the real-world identity of the threat actor behind Golden Chickens malware-as-a-service, who goes by the online persona "badbullzvenom." eSentire's Threat Response Unit TRU, in an exhaustive report published following a 16-month-long investigation, said i...

Most Criminal Cryptocurrency Funnels Through Just 5 Exchanges

The crypto money-laundering market is tighter than at any time in the past decade, and the few big players are moving a “shocking” amount of currency...

A gym heist in London goes cyber

A thief has been stalking London. This past summer, multiple women reported similar crimes to the police: While working out at their local gyms, someone snuck into the locker rooms, busted open their locks, stole their rucksacks and gym bags, and then, within hours, purchased thousands of pounds ...

DEA Investigating Breach of Law Enforcement Data Portal

The U.S. Drug Enforcement Administration DEA says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment...

Europol Ordered to Delete Data of Individuals With No Proven Links to Crimes

The European Union's data protection watchdog on Monday ordered Europol to delete a vast trove of personal data it obtained pertaining to individuals with no proven links to criminal activity. "Datasets older than six months that have not undergone this Data Subject Categorisation must be erased,...

Large-Scale Phishing-as-a-Service Operation Exposed

Microsoft uncovered a large-scale, well-organization and sophisticated phishing-as-a-service PhaaS operation. The turnkey platform allows users to customize campaigns and develop their own phishing ploys so they can then use the PhaaS platform to help with phishing kits, email templates and hosti...

Banning Surveillance-Based Advertising

The Norwegian Consumer Council just published a fantastic new report: "Time to Ban Surveillance-Based Advertising." From the Introduction: The challenges caused and entrenched by surveillance-based advertising include, but are not limited to: privacy and data protection infringements opaque...

Don't Let DDoS Extortionists Deliver a KO Punch

Since mid-August, a variety of threat actors and copycats alike have been targeting organizations across all industries globally, threatening impending DDoS attacks unless Bitcoin is paid out. It's apparent, as the campaign rages on, that some businesses must be paying the extortion demands, --...

Don't Let DDoS Extortionists Deliver a KO Punch

Since mid-August, a variety of threat actors and copycats alike have been targeting organizations across all industries globally, threatening impending DDoS attacks unless Bitcoin is paid out. It's apparent, as the campaign rages on, that some businesses must be paying the extortion demands, --...

Ransomware Attackers Buy Network Access in Cyberattack Shortcut

For prices between $300 and $10,000, ransomware groups have the opportunity to easily buy initial network access to already-compromised companies on underground forums. Researchers warn this opportunity gives groups like Maze or Sodinokibi the ability to more easily kickstart ransomware attacks...

New Bill Targeting ‘Warrant-Proof’ Encryption Draws Ire

Privacy advocates are decrying a new bill, which would force tech companies to unlock encrypted devices if ordered to do so by law enforcement with a court issued warrant. The Lawful Access to Encrypted Data Act was introduced on Tuesday by Senate Judiciary Committee Chairman Lindsey Graham R-SC,...

A Light at the End of Liberty Reserve’s Demise?

In May 2013, the U.S. Justice Department seized Liberty Reserve, alleging the virtual currency service acted as a $6 billion financial hub for the cybercrime world. Prompted by assurances that the government would one day afford Liberty Reserve users a chance to reclaim any funds seized as part o...