Newsletters

A Russian man has pleaded guilty to hacking US companies and selling access to ransomware groups.

Aleksei Olegovich Volkov went online under the hacker name of chubaka.kor, and worked as an initial access broker (IAB) for the Yanluowang ransomware.

Volkov used various techniques to breach a corporate employee's account, escalate access to the employer's network, and then sold that access to other cyber criminals.

Law enforcement agencies from Europe, Asia, and North America have dismantled a massive credit card fraud network that stole money from users using unwanted online subscriptions.

Eighteen suspects were arrested for defrauding users of more than €300 million since 2016.

According to Europol and Eurojust, the group stole credit card data, created accounts on online websites with the stolen information, and subscribed users to premium services.

Disruptive US cyber operations against Venezuela during President Trump's first term achieved their operational goals, according to new reporting from CNN. But they failed to meet the president's broader goal of ousting Venezuelan leader Nicolás Maduro

Sources told CNN that during Trump's first term a CIA operation to disable the computer network of Maduro's intelligence service was perfectly successful. A separate Cyber Command operation interrupted the satellite communications of Wagner Group mercenaries who were sent to Venezuela to protect Maduro.   

This adds to previous reporting from Wired late last year that revealed the CIA had temporarily disrupted the Venezuelan military's payroll system in the same campaign. 

The US Department of Justice has charged employees at two cybersecurity firms with hacking US companies and deploying ransomware.

According to court documents, charges have been levied against Kevin Tyler Martin, a former ransomware negotiator at DigitalMint, and Ryan Clifford Goldberg, a former incident response manager at cybersecurity company Sygnia.

The two worked with a third suspect to hack into US companies, steal their data, encrypt computers, and then ask for huge ransoms in the realm of millions of US dollars.

Oslo's public transportation agency conducted a security audit of its electric buses and, to nobody's surprise, found that its Chinese models could be remotely disabled by their manufacturer.

According to a report from local newspaper Aftenposten, the agency, Ruter, tested and took two electric bus models inside a Faraday cage room.

Ruter found that electric buses from Chinese company Yutong could be remotely disabled via remote control capabilities found in the bus software, diagnostics module, and battery and power control systems.

Russian authorities have arrested three individuals believed to have created and sold the Meduza infostealer.

The suspects were arrested this week in the Moscow metropolitan area, according to Russia's Interior Ministry. A video from the raids is available on the Ministry's media portal.

The Ministry's spokesperson, Irina Volk, said the malware was used in attacks against at least one government network in the Astrakhan region.

The former general manager of a US defence contractor, Peter Williams, has pleaded guilty to selling "eight sensitive and protected cyber-exploit components" to Russian 0day broker Operation Zero*.

The broker claims to buy exploits from developers and resell them to non-NATO buyers, including the Russian government.

Williams, an Australian national, was previously employed by Australia's signals intelligence agency ASD, from around 2007 to the mid-2010s. He later joined Linchpin Labs, which was acquired alongside Azimuth Security to form what eventually became L3Harris Trenchant, the vulnerability and exploit development subsidiary of L3Harris. By the time of his arrest, Williams had become the general manager there.

The company that formed from the remnants of Italian spyware vendor HackingTeam is now allegedly involved in hacking all sorts of private and public sector targets in Belarus and Russia.

Memento Labs has targeted media outlets, universities, research centers, government organizations, financial institutions, and other organizations.

The company operates a spyware platform named Dante, through which it deploys infrastructure, exploits, and its final payload—the LeetAgent implant/agent.

Russian lawmakers are working on a new bill that would require security researchers, security firms, and other white-hat hackers to report all vulnerabilities to the state, in a law that's similar in spirit to a law already in effect in China since 2021.

The bill is currently being discussed among lawmakers, and no official draft is available. It is part of Russia's efforts to regulate its white-hat ecosystem, a process officials began back in 2022.

All previous efforts failed, with the most recent one being knocked down in the Duma in July on the grounds that it did not take into account the special circumstances and needs of reporting bugs in government and critical infrastructure networks.

Apple's latest mobile operating system update, iOS 26, has made a change to a crucial log file that stores evidence of past spyware infections.

According to iPhone forensics and investigations firm iVerify, Apple is now rewriting the shutdown.log file after every device reboot, instead of appending new data at the end.

This is removing older log entries that contain indicators of compromise with spyware families such as NSO's Pegasus and Intellexa's Predator.