DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets

The U.S. Department of Justice DoJ on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency fraud targeting Americans. The "Disruption Week" operation began May 18, 2026, leading to the...

CVE-2026-44826

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positi...

Malicious code in money-badger-open-rpc-test-bugbount (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35c3ecacb08f3cfb0b165eadaafd3a0d6acfffc34898a6149370c8cc9ba3843e The package money-badger-open-rpc-test-bugbount was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3399 Malicious code in money-badger-open-rpc-test-bugbount (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 35c3ecacb08f3cfb0b165eadaafd3a0d6acfffc34898a6149370c8cc9ba3843e The package money-badger-open-rpc-test-bugbount was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3353 Malicious code in money-badger-open-rpc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a9d70a5231934ee14ab33334a3de0db40d5520fb4ef092a5a24cbdffff9751e The package money-badger-open-rpc was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in money-badger-open-rpc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a9d70a5231934ee14ab33334a3de0db40d5520fb4ef092a5a24cbdffff9751e The package money-badger-open-rpc was found to contain malicious code. Source: ossf-package-analysis...

Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M

A coordinated international operation involving U.S. and Chinese authorities has arrested at least 276 suspects and shut down nine scam centers used for cryptocurrency investment fraud schemes targeting Americans, resulting in millions of dollars in losses. The crackdown was led by the Dubai...

Astra Linux - уязвимость в rails

The PostgreSQL adapter in Active Record before versions 6.1.2.1, 6.0.3.5, and 5.2.4.5 is vulnerable to a regular expression denial of service REDoS vulnerability. Carefully crafted inputs can cause the input validation for the money type in the PostgreSQL adapter in Active Record to spend too muc...

Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks

The U.S. Department of Justice DoJ on Thursday announced the sentencing of two cybersecurity professionals to four years each in prison for their role in facilitating BlackCat ransomware attacks in 2023. Ryan Goldberg , 40, of Georgia, and Kevin Martin , 36, of Texas, were accused of deploying th...

Stablecoins: Always-On Money Needs Always-On Controls

Stablecoins are becoming the money layer for the always-on economy...

$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims

Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it's suspending operations after it blamed Western intelligence agencies for a $13.74 million hack. The exchange said it fell victim to what it described as a large-scale cyber attack tha...

CVE-2026-39650

Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiements-mobile-money allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnitechPay: from n/a through = 1.0.2...

EUVD-2026-20316

Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiements-mobile-money allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnitechPay: from n/a through = 1.0.2...

CVE-2026-39650

Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiements-mobile-money allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnitechPay: from n/a through = 1.0.2...

CVE-2026-39650

Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiements-mobile-money allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnitechPay: from n/a through = 1.0.2...

CVE-2026-39650 WordPress UnitechPay plugin <= 1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiements-mobile-money allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnitechPay: from n/a through = 1.0.2...

CVE-2026-39650

CVE-2026-39650 affects the WordPress UnitechPay plugin (unitechpay-paiements-mobile-money) and is described as a Missing Authorization / Broken Access Control vulnerability due to incorrectly configured access control. The issue is stated to affect UnitechPay versions from n/a up to and including...

PT-2026-31214

Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiements-mobile-money allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnitechPay: from n/a through = 1.0.2...

The democratisation of business email compromise fraud

Welcome to this week's edition of the Threat Source newsletter. Last weekend, I witnessed a crime. Not a notable crime that you might read about in the press, but an unremarkable fraud attempt that nevertheless illustrates how new threat actor capabilities are emerging. I imagine that most people...

DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams

The U.S. Department of Justice DoJ this week announced the seizure of $61 million worth of Tether that were allegedly associated with bogus cryptocurrency schemes known as pig butchering. The confiscated funds were traced to cryptocurrency addresses used for the laundering of criminally derived...