All posts tagged: cybercrime

Man who hacked US Supreme Court filing system sentenced to probation

Man who hacked US Supreme Court filing system sentenced to probation

Published by skeptic

Nicholas Moore, who pleaded guilty to hacking the U.S. Supreme Court’s electronic document filing system dozens of times over several months, was sentenced on Friday to a year of probation. Moore had also hacked into the network of AmeriCorps, a government agency that runs stipend volunteer programs, and the systems of the Department of Veterans Affairs, which provides healthcare and welfare to military veterans.  The man bragged about his feats on an Instagram account named @ihackedthegovernment, where he posted the personal information of the people he had hacked. Moore used one of his victim’s credentials to then access the U.S. Supreme Court’s electronic document filing system, AmeriCorps, and the Department of Veteran Affairs. He was facing a year in prison and a fine of $100,000 in damages. Prosecutors later asked for only probation.  “I made a mistake,” Moore said during the sentencing hearing on Friday, according to The Hill. “I am truly sorry. I respect laws, and I want to be a good citizen.”  Source link

The Feds Took Down a ‘Full-Service Cybercrime Platform’ Behind M in Phishing

The Feds Took Down a ‘Full-Service Cybercrime Platform’ Behind $20M in Phishing

Published by skeptic

Cybercrime is a big business, driving nearly $21 billion in fraud and theft in 2026 alone. The FBI and the Indonesian National Police took a chunk out of that late last week when the pair took down infrastructure vital to the W3LL phishing kit, a piece of software that could steal someone’s account credentials and data to bypass multi-factor authentication.  The W3LL phishing kit was best known for targeting Microsoft 365 accounts, but a crook could purchase it for $500 online and target any number of services. They could then deploy a website that captures a user’s login information and session data, giving the criminal access to the account without going through multi-factor authentication.  Read more: Best Password Manager in 2025 The cybersecurity firm Group-IB, which first documented the W3LL phishing kit in 2023, described it as an all-in-one phishing tool capable of making custom phishing tools, providing email lists, and granting access to compromised servers. Its developer also made a couple of bulk email spam tools called PunnySender and W3LL Sender before the W3LL phishing …

Booking.com confirms hackers accessed customers’ data

Booking.com confirms hackers accessed customers’ data

Published by skeptic

Booking.com confirmed Monday that hackers may have accessed customers’ personal data, including names, emails, physical addresses, phone numbers, and booking details. The global travel and hotel reservation giant notified customers this past week of the breach, according to several online posts.  “We’re writing to inform you that unauthorized third parties may have been able to access certain booking information associated with your reservation,” read the notificaiton to customers, according to one user’s post on Reddit. Several other Reddit users replying to the post said they received the same notification. The message from the company included the aforementioned types of compromised data, as well as “anything that you may have shared with the accommodation.”  The user who posted the notification on Reddit told TechCrunch that they received a phishing message via WhatsApp two weeks ago that included “booking details and personal information.” That suggests hackers are leveraging the stolen information to target Booking.com customers.  Booking.com spokesperson Courtney Camp told TechCrunch that the company “noticed some suspicious activity involving unauthorized third parties being able to access some …

Anthropic’s AI hacking tech triggers concern in German cyber agency – POLITICO

Anthropic’s AI hacking tech triggers concern in German cyber agency – POLITICO

Published by Sam Flores

Anthropic announced on Tuesday evening that it shared its latest model with a newly formed group of 12 cybersecurity firms and 40 other unnamed organizations to scan and stress-test their systems. Experts fear the model, if used for malicious purposes, could lead to massive cybersecurity breaches across the tech supply chain. BSI has not yet directly tested the tool, Plattner said in a written statement, but the agency had conversations with developers that had have given it “meaningful insight” into how the Mythos model works. Cyber officials have dialed up their warnings in recent months that AI tools are getting better at finding cyber flaws. The head of the EU’s cyber agency ENISA in February described the impact of AI on cybersecurity as an oncoming “storm.” According to Plattner, the German cyber chief, Anthropic’s new Mythos model means “we may reach a point in the medium term where unknown, classical software vulnerabilities simply cease to exist.” Source link

After fighting malware for decades, this cybersecurity veteran is now hacking drones

After fighting malware for decades, this cybersecurity veteran is now hacking drones

Published by skeptic

Mikko Hyppönen is pacing back and forth on the stage, with his trademark dark blonde ponytail resting on an impeccable teal suit. A seasoned speaker, he is trying to make an important point to a room full of fellow hackers and security researchers at one of the industry’s global annual meet-ups. “I often call this ‘cybersecurity Tetris’,” he tells the audience with a serious face, reeling off the rules of the classic video game. When you complete a whole line of bricks, the row vanishes, leaving the rest of the bricks to fall into a new line. “So your successes disappear, while your failures pile up,” he tells the audience during his keynote at Black Hat in Las Vegas in 2025. “The challenge we face as cybersecurity people is that our work is invisible… when you do your job perfectly, the end result is that nothing happens.” Hyppönen’s work, however, has certainly not been invisible. As one of the industry’s longest serving cybersecurity figures, he has spent more than 35 years fighting malware. When he …

Cambodia parliament approves law to combat cybercrime scam rings | News

Cambodia parliament approves law to combat cybercrime scam rings | News

Published by Sam Flores

Justice Minister Keut Rith says the law aimed to enhance the “cleaning operation” across the country. Published On 3 Apr 20263 Apr 2026 Cambodia’s National Assembly has approved its first law targeting scam centres accused of defrauding foreigners of billions of dollars amid rising pressure to curb these illicit operations. Justice Minister Keut Rith on Friday said the law aimed to enhance the “cleaning operation” taking ⁠place across the country and ensure the centres do not return after the crackdown. Recommended Stories list of 3 itemsend of list “This law is strict like the fishing net, strict to ensure we don’t have the ⁠online scams any more in Cambodia, strict in order to serve the interests of the Cambodian nation and people,” he told reporters, adding that the problem had impacted the economy, tourism and investment. The passage of the legislation aimed to “send a message to cyberscammers that Cambodia is not a place to do scams”, he said. The legislation will now go to Cambodia’s king for a final signature. The law lays out …

Europe’s cyber agency blames hacking gangs for massive data breach and leak

Europe’s cyber agency blames hacking gangs for massive data breach and leak

Published by skeptic

The European Union’s cybersecurity agency said Thursday that a recent hack and data breach at the EU’s executive body was the work of a cybercriminal group known as TeamPCP.  In a new report, CERT-EU also reported that the hackers stole around 92 gigabytes of compressed data from a compromised Amazon Web Services (AWS) account used by the bloc’s executive, the European Commission, which included personal data containing names, email addresses, and the contents of emails.  The breach affected the cloud infrastructure of the Commission’s Europa.eu platform, which member states use to host websites and publications of the bloc’s institutions and agencies. CERT-EU wrote that the data of at least 29 other EU entities may be affected, and that dozens of internal European Commission clients could have had data stolen as well.  The stolen data was then posted online by another hacking group, the notorious ShinyHunters.  While the size of the data breach is itself notable, the cyber agency’s attribution blaming two separate hacking groups for the same incident is unusual. A member of ShinyHunters told …

EU blames major cybercrime group for cloud infrastructure breach – POLITICO

EU blames major cybercrime group for cloud infrastructure breach – POLITICO

Published by Sam Flores

The Commission reported the incident last Friday, having discovered it earlier in the week. The attack affected the Commission’s public website platform europa.eu based on Amazon Web Services. Data pertaining to at least 29 other EU entities may be affected, CERT-EU said. Commission spokesperson Thomas Regnier told reporters earlier this week that the data in question was “potentially already in the public domain.” The technical analysis on Thursday confirmed reports that the notorious cybercriminal group ShinyHunters sold the data, which the hackers claimed included “data dumps of mail servers, confidential documents, contracts and much more sensitive material.” “On March 28, the data extortion group ShinyHunters made the stolen data publicly available on their dark web leak site,” CERT-EU said. “The published dataset was approximately 91.7 GB compressed (340 GB uncompressed),” it added. Source link

MEPs told to leave phone at home for China trip – POLITICO

MEPs told to leave phone at home for China trip – POLITICO

Published by Sam Flores

A Parliament spokesperson said that “all necessary preventive and reactive measures are in place to ensure the security and safety of MEPs and [European Parliament] staff during official missions.” Both lawmakers and officials have been given “briefings, training and assistance regarding security,” they added. The European Parliament has used burner phones and security pouches to protect devices like mobile phones before, including on a trip to Hungary last year, POLITICO first reported. Other European Union institutions have beefed up their protections against cyberespionage, too. One senior official, granted anonymity to disclose details about security policy, told POLITICO’s Brussels Playbook that the Council of the EU had guidelines stating that “no electronics are taken to the U.S. or China … When this is not possible, the electronics that are brought back must be wiped.” Commission officials heading to the United States have also been issued burner phones and basic laptops to avoid espionage risks, the Financial Times reported last year. Source link

MEPs block tech firms from scanning for child sexual abuse material – POLITICO

MEPs block tech firms from scanning for child sexual abuse material – POLITICO

Published by Sam Flores

The center-right European People’s Party (EPP) mounted a last-ditch attempt to keep the scanning rules alive by filing an amendment to Thursday’s vote that would have aligned Parliament’s position with that of capitals. But lawmakers voted against the EPP’s suggested fix, deepening the rift between privacy proponents and child rights defenders. Leaders of Parliament’s political groups got a letter from four European commissioners on Wednesday, urging them to solve the issue and allow their members to break ranks in the crucial vote, POLITICO first reported. Merz, speaking in the country’s parliament on Wednesday, also called for the law to be extended. Large platforms Meta (which owns WhatsApp, Facebook and Instagram), TikTok, Snapchat, Google, Microsoft and LinkedIn (owned by Microsoft) said in a joint statement last week that the EU’s inability to reach a deal was “irresponsible.” “Failure to act will reduce the legal clarity that has enabled companies for nearly 20 years to voluntarily detect and report known child sexual abuse material (CSAM) in interpersonal communication services,” the tech giants said, pushing for a solution …