44 matches found
New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials
Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that's being advertised on the Rehub Russian cybercrime forum for $1,600 by a threat actor called "darkworm." The backdoor is designed as a Pluggable Authentication Module PAM-based post-exploitation toolkit...
Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M
A coordinated international operation involving U.S. and Chinese authorities has arrested at least 276 suspects and shut down nine scam centers used for cryptocurrency investment fraud schemes targeting Americans, resulting in millions of dollars in losses. The crackdown was led by the Dubai...
Vercel Breach Linked to Context.ai, ShinyHunters Says It’s Not Involved
Vercel confirms a breach linked to Context.ai as a hacker lists alleged data for $2M. ShinyHunters denies involvement and flags imposters...
This old-school scam is still working
When we read about this new malware tactic, or that novel social engineering approach, it’s easy to forget that there are scammers out there making a living from ancient methods. Recently, one of our researchers received this variation on the good old Nigerian advance-fee scam. From: Mrs.Inga-Bri...
FBI Atlanta and Indonesian National Police Take Down W3LLSTORE Phishing Marketplace
FBI Atlanta and Indonesian National Police dismantle W3LLSTORE phishing market linked to $20M fraud, seizing domains and detaining developer...
Sextortion “I recorded you” emails reuse passwords found in disposable inboxes
Our malware removal support team recently flagged a new wave of sextortion emails, with the subject line: “You pervert, I recorded you!” If the message sounds familiar, that's because it's a variation of the long-running "Hello pervert" scam. The email claims the target’s device has been infected...
CVE-2026-28470
OpenClaw versions prior to 2026.2.2 contain an exec approvals must be enabled allowlist bypass vulnerability that allows attackers to execute arbitrary commands by injecting command substitution syntax. Attackers can bypass the allowlist protection by embedding unescaped $ or backticks inside...
EUVD-2026-9916
OpenClaw versions prior to 2026.2.2 contain an exec approvals must be enabled allowlist bypass vulnerability that allows attackers to execute arbitrary commands by injecting command substitution syntax. Attackers can bypass the allowlist protection by embedding unescaped $ or backticks inside...
Reclaim Security Raises $26M to Eliminate the 27-Day Remediation Gap
New York, USA, 4th March 2026, CyberNewswire...
PT-2026-23545
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.2 Description The software contains a flaw in its exec approvals allowlist, which can be bypassed when command substitution syntax is used. Specifically, attackers can execute arbitrary commands by injecting...
Rewiring Democracy Ebook is on Sale
I just noticed that the ebook version of Rewiring Democracy is on sale for $5 on Amazon, Apple Books, Barnes & Noble, Books A Million, Google Play, Kobo, and presumably everywhere else in the US. I have no idea how long this will last. Also, Amazon has a coupon that brings the hardcover price dow...
US Sentences Chinese National for Role in $36.9 Million Crypto Scam
A Chinese national has been sentenced for his role in a massive $36.9 million cryptocurrency scam operated from…...
TikTok narrowly avoids a US ban by spinning up a new American joint venture
TikTok may have found a way to stay online in the US. The company announced late last week that it has set up a joint venture backed largely by US investors. TikTok announced T ikTok USDS Joint Venture LLC on Friday in a deal valued at about $14 billion , allowing it to continue operating in the...
Pwn2Own: Researchers Earn $1 Million for 76 Zero-Days
Discover how TrendAI Zero Day Initiative ZDI identified critical vulnerabilities across connected vehicles, EV chargers, and automotive systems...
ICE Details a New Minnesota-Based Detention Network That Spans 5 States
Internal ICE planning documents propose spending up to $50 million on a privately run network capable of shipping immigrants in custody hundreds of miles across the Upper Midwest...
INTERPOL Arrests 574 in Africa; Ukrainian Ransomware Affiliate Pleads Guilty
A law enforcement operation coordinated by INTERPOL has led to the recovery of $3 million and the arrest of 574 suspects by authorities from 19 countries, amidst a continued crackdown on cybercrime networks in Africa. The coordinated effort, named Operation Sentinel, took place between October 27...
Samourai Wallet Founders Jailed in $237M Crypto Laundering Case
Samourai Wallet founders Keonne Rodriguez and William Hill were sentenced to 4 and 5 years for laundering $237M via their crypto mixer...
1 million victims, 17,500 fake sites: Google takes on toll-fee scammers
A Phishing-as-a-Service PhaaS platform based in China, known as “Lighthouse,” is the subject of a new Google lawsuit. Lighthouse enables smishing SMS phishing campaigns, and if you’re in the US there is a good chance you've seen their texts about a small amount you supposedly owe in toll fees...
Social Engineering People’s Credit Card Details
Good Wall Street Journal article on criminal gangs that scam people out of their credit card information: Your highway toll payment is now past due, one text warns. You have U.S. Postal Service fees to pay, another threatens. You owe the New York City Department of Finance for unpaid traffic...
Scammers Steal $1 Million in Crypto Using Fake Delta and AMC Sites
Cybersecurity firm Netcraft has discovered a new task scam cluster that has stolen over $1 million in crypto.…...