Cybercrime & Underground Economy
Coverage of dark web markets, ransomware ecosystems, fraud operations, financial crime services, monetization tactics, and the evolving underground economy driving global cybercriminal activity.
-
Malicious npm package posing as OpenClaw installer deploys RAT, steals macOS credentials
Researchers say a malicious npm package named @openclaw-ai/openclawai masqueraded as an OpenClaw installer, deployed a remote access trojan, and stole sensitive data from macOS systems after being uploaded by a…
·
·
1–2 minutes -
UNC4899 breached crypto firm after developer AirDropped trojanized file to work device
The North Korea-linked threat actor UNC4899 is suspected of breaching a cryptocurrency organization in 2025 after a developer transferred a trojanized file to a work device, leading to a cloud…
·
·
1–2 minutes -
Ransomware Trends 2026: Healthcare, Defense, and Threat Actor Tactics
Ransomware attacks in 2026 continue to disrupt healthcare, with clinic closures and operational outages. Defensive innovations like honeypots and evolving threat actor tactics shape the landscape.
·
·
4–7 minutes -
Understanding Phishing Attacks
Learn about the various types of phishing attacks, how they trick victims, and essential defense strategies to protect your personal and organizational data from these pervasive cy
·
·
3–4 minutes -
GlassWorm macOS malware targets crypto wallets again
GlassWorm macOS malware returns via rogue VSCode/OpenVSX extensions that plant AppleScript payloads, steal developer tokens, and try to swap Ledger and Trezor apps.
·
·
4–5 minutes -
Covenant Health data breach widens to 478,188 patients
Covenant Health data breach totals jumped to 478,188 patients after a forensic re-scan of 1.35 million stolen files linked to the Qilin ransomware group.
·
·
6–10 minutes -
Google Cloud phishing bypasses email filters
Attackers weaponized Google Cloud Application Integration to bypass email filters. The campaign targeted 3,200 organizations across five continents with a sophisticated multi-stage phishing attack.
·
·
5–8 minutes -
Malicious Blender Files Used to Spread Malware
Cybersecurity experts are warning about malicious Blender files being used to spread malware that steals sensitive data. These files, found on platforms like CGTrader, leverage embedded Python scripts to initiate…
·
·
1–2 minutes -
JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers
A new cybersecurity campaign, dubbed JackFix, is tricking users into installing malware via fake Windows update pop-ups on adult websites. Attackers use ClickFix lures to deceive victims into running malicious…
·
·
2–3 minutes -
Ex-Officer Gets Suspended Sentence for Selling Police Files to Journalist Nephew
A former police officer in Yekaterinburg has received a four-year suspended sentence after admitting to selling confidential police files. The court press service confirmed the ruling on Tuesday. Andrei Karpov,…
·
·
1–2 minutes
