Security News

Microsoft disrupted an alleged threat actor group that built viable cybercrime-as-a-service businesses. Dubbed Storm-1152 by Microsoft, the group bilked enterprises and consumers globally out of millions of dollars.

Microsoft on Wednesday said it obtained a court order to seize infrastructure set up by a group called Storm-1152 that peddled roughly 750 million fraudulent Microsoft accounts and tools through a...

Microsoft's Digital Crimes Unit seized multiple domains used by a Vietnam-based cybercrime group that registered over 750 million fraudulent accounts and raked in millions of dollars by selling them online to other cybercriminals. Storm-1152 is a major cybercrime-as-a-service provider and the number one seller of fraudulent Outlook accounts, as well as other illegal "Products," including an automatic CAPTCHA-solving service to bypass Microsoft's CAPTCHA challenges and register more fraudulent Microsoft email accounts.

A new cybercrime marketplace, OLVX, has emerged and is quickly gaining new customers looking to purchase tools to conduct online fraud and cyberattacks. OLVX follows a recent trend where cybercrime marketplaces are increasingly hosted on the clearnet instead of the dark web, making them more accessible to a broader range of users and possible to promote through search engine optimization.

U.S. cybersecurity and intelligence agencies have released a joint advisory about a cybercriminal group known as Scattered Spider that's known to employ sophisticated phishing tactics to...

A new dropper-as-a-service cybercrime operation named 'SecuriDropper' has emerged, using a method that bypasses the 'Restricted Settings' feature in Android to install malware on devices and obtain access to Accessibility Services. Restricted Settings is a security feature introduced with Android 13 that prevents side-loaded applications installed from outside Google Play to access powerful features like the Accessibility settings and Notification Listener.

The U.S. Department of the Treasury imposed sanctions against a Russian woman for taking part in the laundering of virtual currency for the country's elites and cybercriminal crews, including the...

A threat actor that security researchers call Prolific Puma has been providing link shortening services to cybercriminals for at least four years while keeping a sufficiently low profile to...

The Nigerian Police Form has arrested six suspects and dismantled a mentoring hub linked to cybercrime activities, including business email compromise, romance, and investment scams. After receiving intelligence and investigating a group of individuals suspected of cybercrime, six individuals were arrested on September 13th, 2023, in the Dantata estate area.

A new information stealer named ExelaStealer has become the latest entrant to an already crowded landscape filled with various off-the-shelf malware designed to capture sensitive data from...