Cybercrime As a Service: A Scoping Review

Cloud computing has drastically altered the ways in which it is possible to deliver information technologies in a service-led structure, however, this has also been reflected in the cybercrime domain. Cybercrime as a Service is an economic model where a technically skilled actor offers a given...

Researchers Uncover Service Providers Fueling Industrial-Scale Pig Butchering Fraud

Cybersecurity researchers have shed light on two service providers that supply online criminal networks with the necessary tools and infrastructure to fuel the pig butchering-as-a-service PBaaS economy. At least since 2016, Chinese-speaking criminal groups have erected industrial-scale scam cente...

CVE-Disclosures

CVE-Disclosures This repository, "CVE Disclosures", serves as...

US Disrupts Massive Cell Phone Array in New York

This is a weird story: The US Secret Service disrupted a network of telecommunications devices that could have shut down cellular systems as leaders gather for the United Nations General Assembly in New York City. The agency said on Tuesday that last month it found more than 300 SIM servers and...

Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods

The U.K. National Crime Agency NCA on Thursday announced that four people have been arrested in connection with cyber attacks targeting major retailers Marks & Spencer, Co-op, and Harrods. The arrested individuals include two men aged 19, a third aged 17, and a 20-year-old woman. They were...

Impressions from PHDays Fest

Impressions from PHDays Fest. The scale was just insane. You walk and walk - and there's action everywhere, and all of it is PHDays, every bit of it. It totally blew my mind, I saw just a tiny fraction of everything that was going on. In the public area, I was impressed by the university pavilion...

Key Takeaways from the Take Command Summit 2025: Inside the Mind of an Attacker

In one of the most anticipated sessions of Take Command 2025, Raj Samani, Chief Scientist at Rapid7, sat down with Trent Teyema, former FBI Special Agent and President of CSG Strategies, for a candid conversation on how threat actors are evolving and what defenders must do to keep up. Moderated b...

Money Laundering 101, and why Joe is worried

Welcome to this week's edition of the Threat Source newsletter. Howdy friends! One of things I learned early on in cyber security is that crime does, in fact, pay. It can pay very well, actually. If it didn't, we wouldn't have ransomware cartels raking in obscene amounts of money year after year...

jj.instituteofjamaica.org.jm Cross Site Scripting vulnerability OBB-4036718

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

U.S. and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network

U.S. and Dutch law enforcement agencies have announced that they have dismantled 39 domains and their associated servers as part of efforts to disrupt a network of online marketplaces originating from Pakistan. The action, which took place on January 29, 2025, has been codenamed Operation Heart...

Illicit HuiOne Telegram Market Surpasses Hydra, Hits $24 Billion in Crypto Transactions

The Telegram-based online marketplace known as HuiOne Guarantee and its vendors have cumulatively received at least $24 billion in cryptocurrency, dwarfing the now-defunct Hydra to become the largest online illicit marketplace to have ever operated. The figures, released by blockchain analytics...

Gift Card Fraud

It's becoming an organized crime tactic: Card draining is when criminals remove gift cards from a store display, open them in a separate location, and either record the card numbers and PINs or replace them with a new barcode. The crooks then repair the packaging, return to a store and place the...

INTERPOL Pushes for "Romance Baiting" to Replace "Pig Butchering" in Scam Discourse

INTERPOL is calling for a linguistic shift that aims to put to an end to the term "pig butchering," instead advocating for the use of "romance baiting" to refer to online scams where victims are duped into investing in bogus cryptocurrency schemes under the pretext of a romantic relationship. "Th...

Encrypted messaging service intercepted, 2.3 million messages read by law enforcement

European law enforcement agencies have taken down yet another encrypted messaging service mainly used by criminals. The Matrix encrypted messaging service was an invite-only service which was also marketed under the names Mactrix, Totalsec, X-quantum, or Q-safe. Dutch and French authorities start...

Meta Finally Breaks Its Silence on Pig Butchering

The company gave details for the first time on its approach to combating organized criminal networks behind the devastating scams...

Did security gaps at Antwerp port enable drug smuggling operations?

TL;DR Why hack shipping? For profit. Criminals have been proven to have hacked port systems to bypass security and facilitate drug smuggling. Evidence of hacking? Rarely reported, but cases like MSC and Glencore’s cobalt theft and the incidents at the Port of Antwerp below provide real examples...

HuiOne Guarantee: The $11 Billion Cybercrime Hub of Southeast Asia

Cryptocurrency analysts have shed light on an online marketplace called HuiOne Guarantee that's widely used by cybercriminals in Southeast Asia, particularly those linked to pig butchering scams. "Merchants on the platform offer technology, data, and money laundering services, and have engaged in...

Indian Government Rescues 250 Citizens Forced into Cybercrime in Cambodia

The Indian government said it has rescued and repatriated about 250 citizens in Cambodia who were held captive and coerced into running cyber scams. The Indian nationals "were lured with employment opportunities to that country but were forced to undertake illegal cyber work," the Ministry of...

gioscorner.nl Improper Access Control vulnerability OBB-3866484

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Pig butchering scams, how they work and how to avoid them

Pig butchering scams are big business. There are hundreds of millions of dollars involved every year. The numbers are not very precise because some see them as a special kind of romance scam, while others classify them as investment fraud. The victims in Pig Butchering schemes are referred to as...