Category: Law & order
-
Police arrest man following hack of Ajax football club
Police arrest man following hack of Ajax football club Dutch police have arrested a 35-year-old man suspected of hacking into the computer systems of Amsterdam football giant Ajax, after the personal data of hundreds of thousands of supporters was put at risk. Read more in my article on the Hot for Security blog. Graham Cluley…
-
Smashing Security podcast #469: What your Oura ring won’t tell you
Smashing Security podcast #469: What your Oura ring won’t tell you CISA, the US government agency whose entire job is keeping America’s critical infrastructure safe from hackers, has had a contractor publish dozens of plain-text credentials to a public GitHub profile. Meanwhile, your Oura ring is quietly transmitting some of its data unencrypted – and…
-
FBI warns students and staff that ShinyHunters may come knocking after Canvas breach
FBI warns students and staff that ShinyHunters may come knocking after Canvas breach Having receive a ransom payment for its attack on Canvas, ShinyHunters and other extortion gangs are only likely to be further incentivised to launch similar attacks in future. Read more in my article on the Hot for Security blog. Graham Cluley Go…
-
Suspected Dream Market kingpin arrested after gold bars sent to his home address
Suspected Dream Market kingpin arrested after gold bars sent to his home address Lesson one for aspiring dark web kingpins: don’t have your laundered gold bars shipped to your home address. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
When ransomware gets physical: cybercriminals turn to threats of violence
When ransomware gets physical: cybercriminals turn to threats of violence Pay up, or we’ll pay someone to pay you a visit. Cybercrime gangs are increasingly turning to real-world threats – and even hiring local muscle to deliver the message. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Inside Department 4: Russia’s secret school for hackers
Inside Department 4: Russia’s secret school for hackers Most universities have a careers fair. At Bauman Moscow State Technical University, however, an elite group of students appear to have something rather more unusual: a direct pipeline into some of the world’s most notorious state-sponsored hacking groups. Read more in my article on the Hot for…
-
Sri Lanka makes 37 arrests as it raids another scam centre
Sri Lanka makes 37 arrests as it raids another scam centre You don’t need to live near a scam compound for it to wreck your life. Americans lost $5.8 billion to crypto investment scams last year alone – and a raid in Sri Lanka this month shows exactly how the operations behind them keep finding…
-
Teenager alleged to be Scattered Spider hacker arrested in Finland, faces US extradition
Teenager alleged to be Scattered Spider hacker arrested in Finland, faces US extradition Here’s a tip for you all. Unless you want to draw attention to yourself as a cybercriminal, don’t flaunt your diamond-encrusted “HACK THE PLANET” necklace on Snapchat, or pose as a Sopranos crime boss while the FBI is reportedly closing in. Read…
-
Alleged Silk Typhoon hacker extradited to the United States to face charges
Alleged Silk Typhoon hacker extradited to the United States to face charges A man accused of working as a hacker for China’s Ministry of State Security has been extradited to the USA from Italy, and faces – if found guilty – the prospect of decades behind bars. Read more in my article on the Hot…
-
French police arrest 21-year-old “HexDex” hacker over 100 alleged data breaches
French police arrest 21-year-old “HexDex” hacker over 100 alleged data breaches A 21-year-old man suspected of conducting approximately 100 data breaches since late 2025 – including a hack of the French Ministry of National Education that exposed records on almost a quarter of a million employees – has been arrested at his home in western…
-
AI and cryptocurrency scams are costing Americans billions, FBI reports
AI and cryptocurrency scams are costing Americans billions, FBI reports The fraud landscape has been changed by AI and cryptocurrency in a way that should concern organisations and individuals alike. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
Smashing Security podcast #462: LinkedIn is spying on you, and you agreed to nothing
Smashing Security podcast #462: LinkedIn is spying on you, and you agreed to nothing LinkedIn has been secretly scanning your browser for over 6,000 installed extensions — on every single click you make. It can tell if you’re job hunting, what religion you are, and whether you have ADHD. And none of this is mentioned…
-
Life imprisonment for Cambodian scam compound operators – but will it make a difference?
Life imprisonment for Cambodian scam compound operators – but will it make a difference? Cambodia has taken a dramatic step in its fight against scam compounds that have imprisoned innocent people, and forced them to work as virtual slaves defrauding victims via the internet around the world with romance scams and dodgy investment schemes. Read…
-
Nigerian romance scammer jailed after being caught out by fellow fraudster
Nigerian romance scammer jailed after being caught out by fellow fraudster A Nigerian fraudster spent years posing as a woman online, romancing unsuspecting American men out of their savings – until he accidentally tried the same trick on a fellow scammer, who told him to “learn how to do a clean job.” The recovered chat…
-
Smashing Security podcast #461: This man hid $400 million in a fishing rod. Then it vanished
Smashing Security podcast #461: This man hid $400 million in a fishing rod. Then it vanished A cannabis-growing, beekeeping, gyrocopter-flying Irishman invested his drug money in Bitcoin back in 2011 – and now sits on a fortune worth $400 million. There’s just one small problem: the access codes were tucked inside his fishing rod case,…
-
Alleged RedLine malware developer extradited to United States
Alleged RedLine malware developer extradited to United States A man has appeared in federal court in Austin, Texas, after being extradited to the United States to face charges related to his alleged role as a key developer of the notorious RedLine malware. Read more in my article on the Hot for Security blog. Graham Cluley…
-
Smashing Security podcast #460: Never knock on the door of a nuclear submarine base and ask for a selfie
Smashing Security podcast #460: Never knock on the door of a nuclear submarine base and ask for a selfie A disgruntled data analyst decides that the best response to losing his contract is to steal the entire company payroll database and demand $2.5 million in Bitcoin – signing his extortion emails from a company called…
-
How one man used 10,000 bots to steal $8,000,000 from music artists
How one man used 10,000 bots to steal $8,000,000 from music artists A man has pleaded guilty to defrauding online music streaming platforms out of more than US $8 million, after creating hundreds of thousands of songs with AI, and then using bots to play them billions of times. Read more in my article on…
-
Fraudsters are using public planning records to target permit applicants
Fraudsters are using public planning records to target permit applicants If you’re in the middle of applying for a planning or zoning permit, there is some unwelcome news: cyber-criminals have found a way to exploit the bureaucratic tedium of the process against you. Read more in my article on the Fortra blog. Graham Cluley Go…
-
Smashing Security podcast #458: How not to steal $46 million from the US government
Smashing Security podcast #458: How not to steal $46 million from the US government A Wikipedia security engineer accidentally wakes a dormant JavaScript worm that hadn’t stirred since 2024 – and within minutes, giant woodpecker images are plastered across the internet’s favourite encyclopaedia. Meanwhile, a crypto contractor hired to help the US Marshals manage seized…
-
Twitter suspended 800 million accounts last year – so why does manipulation remain so rampant?
Twitter suspended 800 million accounts last year – so why does manipulation remain so rampant? Elon Musk’s social media site says it suspended 800 million accounts in a year for spam and manipulation – but with state-backed campaigns still flooding the platform, the real question is how many fake accounts remain. Read more in my…
-
How hackers bypassed MFA with a $120 phishing kit – until a global takedown shut it down
How hackers bypassed MFA with a $120 phishing kit – until a global takedown shut it down In a co-ordinated public-private operation between law enforcement agencies and cybersecurity industry partners, Tycoon 2FA – one of the world’s most prolific phishing-as-a-service platforms – has been dismantled. Read more in my article on the Hot for Security…
-
Smashing Security podcast #457: How a cybersecurity boss framed his own employee
Smashing Security podcast #457: How a cybersecurity boss framed his own employee When a top cybersecurity firm discovered it had a leak, you would expect the FBI to be called. Instead, the person put in charge of the investigation was the actual leaker… who promptly sent an innocent colleague into a career-ending ambush. In this…
-
They seized $4.8m in crypto… then gave the master key to the internet
They seized $4.8m in crypto… then gave the master key to the internet South Korea’s National Tax Service (NTS) has found itself in the middle of a deeply embarrassing – and costly – blunder after accidentally handing thieves the master key to a seized cryptocurrency wallet. Read more in my article on the Hot for…
-
Notorious ransomware gang allegedly blackmailed by fake FSB officer
Notorious ransomware gang allegedly blackmailed by fake FSB officer There is a certain poetic justice in a cybersecurity-related story that has emerged from Moscow this week: A man has been accused of trying to extort money… from a notorious Russian ransomware gang. Read more in my article on the Hot for Security blog. Graham Cluley…
-
Smashing Security podcast #456: How to lose friends and DDoS people
Smashing Security podcast #456: How to lose friends and DDoS people When the mysterious operator of an internet archiving-service decided to silence a curious Finnish blogger, they didn’t just send a stroppy email – they allegedly weaponised their own CAPTCHA page to launch a DDoS attack, threatened to invent an entirely new genre of AI…
-
Spanish police say they have arrested hacker who booked luxury hotel rooms for just one cent
Spanish police say they have arrested hacker who booked luxury hotel rooms for just one cent Spain’s police force has announced that it has arrested a 20-year-old man who they claim managed to book luxury hotel rooms worth up to €1,000 a night for just one euro cent. Read more in my article on the…
-
Dutch police arrest man for “hacking” after accidentally sending him confidential files
Dutch police arrest man for “hacking” after accidentally sending him confidential files Police in The Netherlands say they have arrested a 40-year-old man on suspicion of hacking… after police officers accidentally sent him a link granting him access to their own confidential documents Read more in my article on the Hot for Security blog. Graham…
-
Urgent warnings from UK and US cyber agencies after Polish energy grid attack
Urgent warnings from UK and US cyber agencies after Polish energy grid attack A coordinated cyberattack that targeted Poland’s energy infrastructure in late December 2025 has prompted cybersecurity agencies to issue urgent warnings to critical national infrastructure operators on both sides of the Atlantic. Read more in my article on the Fortra blog. Graham Cluley…
-
Polish hacker charged seven years after massive Morele.net data breach
Polish hacker charged seven years after massive Morele.net data breach A 29-year-old Polish man has been charged in connection with a data breach that exposed the personal details of around 2.5 million customers of the popular Polish e-commerce website Morele.net. Read more in my article on the Hot for Security blog. Graham Cluley Go to…
-
Smashing Security podcast #454: AI was not plotting humanity’s demise. Humans were
Smashing Security podcast #454: AI was not plotting humanity’s demise. Humans were AI bots are having existential crises, inventing religions, and allegedly plotting against humanity… or so the internet would have you believe. We dig into Moltbook, the “AI-only” social network that sent Twitter into a meltdown, attracted breathless talk of the singularity, and turned…
-
Fake Dubai Crown Prince tracked to Nigerian mansion after $2.5M romance scam
Fake Dubai Crown Prince tracked to Nigerian mansion after $2.5M romance scam When a Romanian businesswoman fell for a fake Dubai Crown Prince in a $2.5 million romance scam, investigators tracked the fraudster to his Nigerian mansion – only to discover he was masquerading as a campaigning philanthropist. Read more in my article on the…
-
Incognito Market admin sentenced to 30 years for running $105 million dark web drug empire
Incognito Market admin sentenced to 30 years for running $105 million dark web drug empire He promised “the best security there is” to hundreds of thousands of drug buyers, while quietly making the kind of mistake that guaranteed a 30-year sentence. And maybe training police on cryptocurrency while running a running a vast Tor-hidden drug…
-
FBI takes notorious RAMP ransomware forum offline
FBI takes notorious RAMP ransomware forum offline The FBI has seized control of RAMP, a notorious cybercrime online forum that bragged to be the only place that allowed ransomware, and boasted over 14,000 active users. Now some of those users’ details are likely to be in the hands of the police… Read more in my…
-
Smashing Security podcast #452: The dark web’s worst assassins, and Pegasus in the dock
Smashing Security podcast #452: The dark web’s worst assassins, and Pegasus in the dock In episode 452, a London-based YouTuber wins a landmark court case against Saudi Arabia after his phone was hacked with Pegasus spyware — exposing how a single, seemingly harmless text message can turn a smartphone into a round-the-clock surveillance device. Plus,…
-
Four arrested in crackdown on Discord-based SWATting and doxing
Four arrested in crackdown on Discord-based SWATting and doxing How badly do you want to win an online argument? I certainly hope it’s not enough to put the life of the other person at risk. Police in Hungary and Romania have arrested four young men suspected of making hoax bomb threats and terrorising internet users…
-
Smashing Security podcast #451: I hacked the government, and your headphones are next
Smashing Security podcast #451: I hacked the government, and your headphones are next In episode 451 of “Smashing Security,” we meet the cybercriminal who hacked the US Supreme Court, Veterans Affairs, and more – and then helpfully posted screenshots (and even someone’s blood type) on an account called “I hacked the government.” Plus we discuss…
-
pcTattletale founder pleads guilty in rare stalkerware prosecution
pcTattletale founder pleads guilty in rare stalkerware prosecution The founder of a spyware company that encouraged customers to secretly monitor their romantic partners has pleaded guilty to federal charges – marking one of the few successful US prosecutions of a stalkerware operator. Read more in my article on the Hot for Security blog. Graham Cluley…
-
Man jailed for teaching criminals how to use malware
Man jailed for teaching criminals how to use malware A 49-year-old man has received a five-and-a-half year jail sentence after admitting to creating detailed video tutorials that showed members of a criminal gang how to infect Android phones with spyware and drain their bank accounts. Read more in my article on the Hot for Security…
-
FBI warns of surge in account takeover (ATO) fraud schemes – what you need to know
FBI warns of surge in account takeover (ATO) fraud schemes – what you need to know The FBI has recently issued a public service announcement that warns that since January 2025 there have been more than 5,100 complaints of account takeover fraud, and total reported losses in excess of US $262 million. Read more in…
-
State-backed spyware attacks are targeting Signal and WhatsApp users, CISA warns
State-backed spyware attacks are targeting Signal and WhatsApp users, CISA warns CISA, the US Cybersecurity and Infrastructure Security Agency, has issued a new warning that cybercriminals and state-backed hacking groups are using spyware to compromise smartphones belonging to users of popular encrypted messaging apps such as Signal, WhatsApp, and Telegram. Read more in my article…
-
Operation Endgame disrupts Rhadamanthys information-stealing malware
Operation Endgame disrupts Rhadamanthys information-stealing malware International cybercrime-fighting agencies, co-ordinated by Europol, took down over 1000 servers and seized 20 domains earlier this month as part of Operation Endgame 3.0. Their target? Three major malware platforms: the infostealer known as Rhadamanthys, the VenomRAT remote access trojan, and the Elysium botnet. Read more in my article…
-
UK’s new cybersecurity bill takes aim at ransomware gangs and state-backed hackers
UK’s new cybersecurity bill takes aim at ransomware gangs and state-backed hackers After years of delays, the UK government has finally introduced landmark cybersecurity legislation that could reshape how British organisations defend against digital attacks. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
Wind farm worker sentenced after turning turbines into a secret crypto mine
Wind farm worker sentenced after turning turbines into a secret crypto mine A technical manager at a Dutch wind farm operator has been sentenced after it was discovered he had secretly installed cryptocurrency mining rigs at two wind farm sites – just as the company was recovering from a ransomware attack. Read more in my…
-
Russian hacker admits helping Yanluowang ransomware infect companies
Russian hacker admits helping Yanluowang ransomware infect companies A Russian hacker accused of helping ransomware gangs break into businesses across the United States is set to plead guilty, according to recently filed federal court documents. 25-year-old Aleksey Olegovich Volkov worked as an “initial access broker”, a cybercriminal specialist who focuses on the earliest stage of…
-
Smashing Security podcast #442: The hack that messed with time, and rogue ransom where negotiators
Smashing Security podcast #442: The hack that messed with time, and rogue ransom where negotiators Time itself comes under attack as a state-backed hacking gang spends two years tunnelling toward a nation’s master clock — with chaos potentially only a tick away. Plus when ransomware negotiators turn to the dark side, what could possibly go…
-
“Pay up or we share the tapes”: Hackers target massage parlour clients in blackmail scheme
“Pay up or we share the tapes”: Hackers target massage parlour clients in blackmail scheme South Korean police have uncovered a hacking operation that stole sensitive data from massage parlours and blackmailed their male clientele. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
The human cost of the UK Government’s Afghan data leak
The human cost of the UK Government’s Afghan data leak Can data leaks do real harm? Yes, they can. And so can a failure to respond appropriately. Graham Cluley Go to grahamcluley
-
Spam text scammer fined £200,000 for targeting people in debt, after sending nearly one million messages
Spam text scammer fined £200,000 for targeting people in debt, after sending nearly one million messages The UK Information Commissioner’s Office (ICO) has levied a fine of £200,000 against a sole trader who sent almost one million spam text messages to people across the country – many of whom were already struggling with debt. Read…
-
Smashing Security podcast #441: Inside the mob’s million-dollar poker hack, and a Formula 1 fumble
Smashing Security podcast #441: Inside the mob’s million-dollar poker hack, and a Formula 1 fumble Basketball stars have allegedly joined forces with the mafia to fleece high-rollers in a poker scam involving hacked shufflers, covert cameras, and an X-ray card table. Meanwhile, researchers have found they could poke around an FIA driver portal to pull…
-
Smashing Security podcast #440: How to hack a prison, and the hidden threat of online checkouts
Smashing Security podcast #440: How to hack a prison, and the hidden threat of online checkouts A literal insider threat: we head to a Romanian prison where “self-service” web kiosks allowed inmates to run wild. Then we head to the checkout aisle to ask why JavaScript on payment pages went feral, and how new PCI…
-
John Bolton charged over classified emails after Iranian hack of his AOL account
John Bolton charged over classified emails after Iranian hack of his AOL account Former US national security adviser John Bolton is the latest in a line of Donald Trump’s critics to find themselves on the sharp end of charges from the US Department of Justice. Bolton, who left the White Hose in 2021 and wrote…
-
Hundreds of masked ICE agents doxxed by hackers, as personal details posted on Telegram
Hundreds of masked ICE agents doxxed by hackers, as personal details posted on Telegram Hundreds of US government officials working for the FBI, ICE, and Department of Justice have had their personal data leaked by a notorious hacking group. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Operation Heracles strikes blow against massive network of fraudulent crypto trading sites
Operation Heracles strikes blow against massive network of fraudulent crypto trading sites In a significant crackdown against online cybercriminals, German authorities have successfully dismantled a network of fraudulent cryptocurrency investment sites that has targeted millions of unsuspecting people across Europe. Read more in my article on the Hot for Security blog. Graham Cluley Go to…
-
NCSC warns companies to prepare for a day when your screens go dark
NCSC warns companies to prepare for a day when your screens go dark The UK’s National Cyber Security Centre warns that the country now faces four nationally significant cyberattacks every week – a 129% jump in a year. Some headlines claim the NCSC is urging organisations to “go back to pen and paper,” but the…
-
BreachForums seized, but hackers say they will still leak Salesforce data
BreachForums seized, but hackers say they will still leak Salesforce data Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
From fake lovers to sextortionists: 260 scammers arrested in Africa
From fake lovers to sextortionists: 260 scammers arrested in Africa INTERPOL has announced the arrest of 260 alleged romance scammers, sextortionists, and online fraudsters as part of a multi-national operation across Africa. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Dutch teens recruited on Telegram, accused of Russia-backed hacking plot
Dutch teens recruited on Telegram, accused of Russia-backed hacking plot Two 17-year-olds have been arrested by Dutch authorities on suspicion of spying for pro-Russian hackers. The teenagers, who are said to have been recruited as “disposable agents” via Telegram, were reportedly arrested last week “on suspicion that are linked to government-sponsored interference.” Read more in…
-
Smashing Security podcast #436: The €600,000 gold heist, powered by ransomware
Smashing Security podcast #436: The €600,000 gold heist, powered by ransomware Ransomware doesn’t just freeze computers – it can silence alarms too. And when the Natural History Museum in Paris went dark, thieves helped themselves to €600,000 worth of gold in a daring late-night heist. Meanwhile, developers have a new headache: a worm dubbed “Shai…
-
Vastaamo psychotherapy hack: US citizen charged in latest twist of notorious data breach
Vastaamo psychotherapy hack: US citizen charged in latest twist of notorious data breach 28-year-old Daniel Lee Newhard, an American citizen living in Estonia, has been charged in relation to the notorious hack of Vastaamo, the biggest data breach in Finnish history. Read more in my article on the Hot for Security blog. Graham Cluley Go…
-
“Pompompurin” resentenced: BreachForums creator heads back behind bars
“Pompompurin” resentenced: BreachForums creator heads back behind bars Conor Brian Fitzpatrick, the creator of the notorious BreachForums hacking forum, has been resentenced to three years in prison after a US appeals court overturned his prior sentence of time served and 20 years of supervised release. Read more in my article on the Hot for Security…
-
Smashing Security podcast #435: Lights! Camera! Hacktion!
Smashing Security podcast #435: Lights! Camera! Hacktion! When “bad actors” stop being hackers and start being… actual actors. This week, Graham and special guest Jenny Radcliffe play “Hacker or Ham?” (yes, Steven Seagal, we’re looking at you), before diving into a campaign which saw an Iranian gang luring Israeli performers with fake casting calls for…
-
From mischief to malware: ICO warns schools about student hackers
From mischief to malware: ICO warns schools about student hackers Recent research released by the ICO say that school pupils should be considered as an “insider threat” by schools. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
Smashing Security podcast #434: Whopper Hackers, and AI Whoppers
Smashing Security podcast #434: Whopper Hackers, and AI Whoppers Ever wondered what would happen if Burger King left the keys to the kingdom lying around for anyone to use? Ethical hackers did – and uncovered drive-thru recordings, hard-coded passwords, and even the power to open a Whopper outlet on the moon. Meanwhile, over in Silicon…
-
US charges suspected ransomware kingpin, and offers $10 million bounty for his capture
US charges suspected ransomware kingpin, and offers $10 million bounty for his capture A US federal court has unssealed charges against a Ukrainian national who authorities allege was a key figure behind several strains of ransomware, including LockerGoga, MegaCortex, and Nefilim. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
Germany charges hacker with Rosneft cyberattack in latest wake-up call for critical infrastructure
Germany charges hacker with Rosneft cyberattack in latest wake-up call for critical infrastructure A 30‑year‑old man has been charged with launching a cyberattack on the German subsidiary of Russia’s state-owned oil giant Rosneft. The cyberattack, which happened in March 2022 in the aftermath of Russia’s invasion of Ukraine, crippled the company’s operations and cost millions…
-
Parents warned that robot toys spied on children’s location without consent
Parents warned that robot toys spied on children’s location without consent Parents are being reminded to exercise caution about the toys that they purchase their children, after the United States Federal Trade Commission (FTC) announced it had taken action against a robot toy maker. Read more in my article on the Hot for Security blog.…
-
Hacker suspected of trying to cheat his way into university is arrested in Spain
Hacker suspected of trying to cheat his way into university is arrested in Spain Spanish police have arrested a suspected hacker for accessing a government website in order to alter the high school and university entrance exam grades of not only himself, but also some of his closest classmates. Read more in my article on…
-
Alleged mastermind behind K-Pop celebrity stock heist extradited to South Korea
Alleged mastermind behind K-Pop celebrity stock heist extradited to South Korea A suspected hacker, believed to be the mastermind behind an organised campaign of attacks that stole millions of dollars worth of stocks from celebrities, including BTS singer Jung Kook, has been extradited to South Korea. Read more in my article on the Hot for…
-
Yemen Cyber Army hacker jailed after stealing millions of people’s data
Yemen Cyber Army hacker jailed after stealing millions of people’s data A 26-year-old hacker, who breached websites in North America, Yemen, and Israel, and stole the details of millions of people has been sent to prison. Graham Cluley Go to grahamcluley
-
Europol says Telegram post about 50,000 Qilin ransomware award is fake
Europol says Telegram post about 50,000 Qilin ransomware award is fake Some cybersecurity news outlets were duped a few days ago by a claim that Europol was offering a $50,000 bounty for information about two members of the Qilin ransomware group. Turns out it was all a hoax. Read more details about what happened in…
-
Smashing Security podcast #431: How to mine millions without paying the bill
Smashing Security podcast #431: How to mine millions without paying the bill In episode 431 of the “Smashing Security” podcast, a self-proclaimed crypto-influencer calling himself CP3O thought he had found a shortcut to riches — by racking up millions in unpaid cloud bills. Meanwhile, we look at the growing threat of EDR-killer tools that can…
-
Speed cameras knocked out after cyber attack
Speed cameras knocked out after cyber attack A hack of the Netherlands’ Public Prosecution Service has had an unusual side effect – causing some speed cameras to be no longer capturing evidence of motorists breaking the rules of the road. Read more in my article on the Hot for Security blog. Graham Cluley Go to…
-
US reveals it seized $1 million worth of Bitcoin from Russian BlackSuit ransomware gang
US reveals it seized $1 million worth of Bitcoin from Russian BlackSuit ransomware gang The United States Department of Justice has revealed that the recent takedown of the BlackSuit ransomware gang’s servers, domains, and dark web extortion site, also saw the seizure of US $1,091,453 worth of cryptocurrency. Read more in my article on the…
-
Ransomware plunges insurance company into bankruptcy
Ransomware plunges insurance company into bankruptcy Collapsed company’s founder says that its fortunes were hampered by the refusal of authorities to release the criminals’ seized funds to victims. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
Smashing Security podcast #427: When 2G attacks, and a romantic road trip goes wrong
Smashing Security podcast #427: When 2G attacks, and a romantic road trip goes wrong Graham warns why it is high time we said goodbye to 2G – the outdated mobile network being exploited by cybercriminals with suitcase-sized SMS blasters. From New Zealand to London, scammers are driving around cities like dodgy Uber drivers, spewing phishing…
-
UK to ban public sector from paying ransomware demands
UK to ban public sector from paying ransomware demands Ransomware, considered by British authorities to be the UK’s greatest cybercrime threat, costing the nation billions of pounds and with the capbility to bring essential services to a standstill, is in the gunsights of government. Read more in my article on the Hot for Security blog.…
-
Europol targets Kremlin-backed cybercrime gang NoName057(16)
Europol targets Kremlin-backed cybercrime gang NoName057(16) The hacking group NoName057(16) has been operating since 2022, launching cyber attacks on government organisations, media bodies, critical infrastructure, and private companies in Ukraine, America, Canada, and across Europe in a seeming attempt to silence voices that the group considers anti-Russian. Read more in my article on the Hot…
-
Loaf and order: Belgian police launch bread-based cybersecurity campaign
Loaf and order: Belgian police launch bread-based cybersecurity campaign The future of cybersecurity awareness might just be… gluten-based. Graham Cluley Go to grahamcluley
-
Police dismantle DiskStation ransomware gang targeting NAS devices, arrest suspected ringleader
Police dismantle DiskStation ransomware gang targeting NAS devices, arrest suspected ringleader Police have struck a blow against the DiskStation ransomware gang which targets Synology NAS devices, and arresting its suspected ringleader. Make sure that you have properly hardened the security of your Network Access Storage devices to reduce the chances of your data being locked…
-
SIM scammer’s sentence increased to 12 years, after failing to pay back victim $20 million
SIM scammer’s sentence increased to 12 years, after failing to pay back victim $20 million Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Quelle surprise! Twitter faces criminal probe in France
Quelle surprise! Twitter faces criminal probe in France A criminal investigation into Twitter has been initiated by French prosecutors, over allegations that its algorithm is manipulated for the purposes of “foreign interference.” Graham Cluley Go to grahamcluley
-
Russian basketball player arrested in ransomware case despite being “useless with computers”
Russian basketball player arrested in ransomware case despite being “useless with computers” A Russian professional basketball player has been arrested for allegedly acting as a negotiator for a ransomware gang… and despite his lawyer claiming he’s “useless” with computers. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Smashing Security podcast #425: Call of Duty: From pew-pew to pwned
Smashing Security podcast #425: Call of Duty: From pew-pew to pwned In episode 425 of “Smashing Security”, Graham reveals how “Call of Duty: WWII” has been weaponised – allowing hackers to hijack your entire PC during online matches, thanks to ancient code and Microsoft’s Game Pass. Meanwhile, Carole digs into a con targeting the recently…
-
Employee arrested after Brazil’s central bank service provider hacked for US $140 million
Employee arrested after Brazil’s central bank service provider hacked for US $140 million This month could barely have started any worse for some financial institutions in Brazil. Approximately US $140 million was stolen from the reserve accounts of six financial institutions after a cyber attack hit a service provider. Read more in my article on…
-
Smashing Security podcast #424: Surveillance, spyware, and self-driving snafus
Smashing Security podcast #424: Surveillance, spyware, and self-driving snafus A Mexican drug cartel spies on the FBI using traffic cameras and spyware — because “ubiquitous technical surveillance” is no longer just for dystopian thrillers. Graham digs into a chilling new US Justice Department report that shows how surveillance tech was weaponised to deadly effect. Meanwhile,…
-
50 customers of French bank hit after insider helped SIM swap scammers
50 customers of French bank hit after insider helped SIM swap scammers French police have arrested a business student interning at the bank Société Générale who is accused of helping SIM-swapping scammers to defraud 50 of its clients. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
When hackers become hitmen
When hackers become hitmen So, you think hacking is just about stealing information, extorting ransoms, or wiping out company data? The truth is, sometimes it’s about killing people too… Graham Cluley Go to grahamcluley
-
BreachForums broken up? French police arrest five members of notorious cybercrime site
BreachForums broken up? French police arrest five members of notorious cybercrime site Suspected high-ranking members of one of the world’s largest online marketplaces for leaked data have been arrested by French police. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Smashing Security podcast #423: Operation Endgame, deepfakes, and dead slugs
Smashing Security podcast #423: Operation Endgame, deepfakes, and dead slugs In this episode of the “Smashing Security” podcast, Graham unravels Operation Endgame – the surprisingly stylish police crackdown that is seizing botnets, mocking malware authors with anime videos, and taunting cybercriminals via Telegram. And BBC cyber correspondent Joe Tidy joins us to talk about “Ctrl-Alt-Chaos”,…
-
Twitter refuses to explain what it’s doing about hate speech and misinformation, sues New York State for asking
Twitter refuses to explain what it’s doing about hate speech and misinformation, sues New York State for asking Elon Musk’s Twitter is suing New York State. Why? Because apparently being asked to explain how your social media platform handles hate speech and misinformation is an unconstitutional burden. Graham Cluley Go to grahamcluley
-
Smashing Security podcast #422: The curious case of the code copier
Smashing Security podcast #422: The curious case of the code copier A GCHQ intern forgets the golden rule of spy school — don’t take the secrets home with you — and finds himself swapping Cheltenham for a cell. Meanwhile, an Australian hacker flies too close to the sun, hacks his way into a US indictment,…
-
Ransomware gang busted in Thailand hotel raid
Ransomware gang busted in Thailand hotel raid In a dramatic raid at a hotel in central Pattaya this week, Thai police have unearthed a criminal gang that was operating a ransomware and illicit gambling operation. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Dutch police identify users as young as 11-year-old on Cracked.io hacking forum
Dutch police identify users as young as 11-year-old on Cracked.io hacking forum Dutch police have announced that they have identified 126 individuals linked to the now dismantled Cracked.io cybercrime forum. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
South African man imprisoned after ransom demand against his former employer
South African man imprisoned after ransom demand against his former employer Lucky Erasmus and a company insider installed software without authorisation on Ecentric’s systems which granted them remote access, enabling them to steal sensitive data and make unauthorised changes to senior managers’ passwords. Read more in my article on the Hot for Security blog. Graham…
-
Smashing Security podcast #421: Toothpick flirts, Google leaks, and ICE ICE scammers
Smashing Security podcast #421: Toothpick flirts, Google leaks, and ICE ICE scammers What do a sleazy nightclub carpet, Google’s gaping privacy hole, and an international student conned by fake ICE agents have in common? This week’s episode of the “Smashing Security” podcast obviously. Graham explains how a Singaporean bug-hunter cracked Google’s defences and could brute-force…
-
US offers $10 million reward for tips about state-linked RedLine hackers
US offers $10 million reward for tips about state-linked RedLine hackers How would you like to earn yourself millions of dollars? Well, it may just be possible – if you have information which could help expose the identities of cybercriminals involved with the notorious RedLine information-stealing malware. Read more in my article on the Tripwire…