Cybercrime & Underground Economy
Coverage of dark web markets, ransomware ecosystems, fraud operations, financial crime services, monetization tactics, and the evolving underground economy driving global cybercriminal activity.
-
Dutch Police Arrest Eight in VerifTools Identity Fraud Case
Dutch authorities have arrested eight individuals suspected of using the VerifTools website to generate fake identity documents and commit identity fraud.
-
Microsoft Finds Flaw in Android Crypto Wallets
A vulnerability in an Android SDK exposed data of over 30 million crypto wallet users. The flaw has been patched and apps removed from the Play Store.
-
US & UK Target ‘Approval Phishing’ Scams
A joint operation has frozen $12 million in stolen crypto from ‘approval phishing’ scams. Thousands of victims have been identified and warned.
-
Hallmark Data Breach Exposes 1.7 Million Customers
Hallmark has disclosed a data breach that exposed the personal information of 1.7 million people after a hack on its Salesforce environment.
-
Ex-Lafarge CEO Jailed for Financing Syrian Terror Groups
Former Lafarge CEO Bruno Lafont and eight other ex-employees have been found guilty of financing terrorism in Syria. The company was also fined €1.125 million.
-
Booking.com Alerts Customers to Potential Data Breach
Booking.com has notified an undisclosed number of customers about a potential data breach, warning that their personal and reservation information may have been compromised.
-
€50,000 Seized From Smuggled Teddy Bear in DHL Hub
Dutch authorities intercepted €50,000 concealed inside a teddy bear at a DHL sorting center, highlighting how the underground economy exploits logistics networks.
-
Meta disables 150,000 accounts linked to Southeast Asia scam centers
Meta says it disabled more than 150,000 Facebook and Instagram accounts tied to scam center networks in Southeast Asia during a joint international disruption effort that also led to arrests in Thailand.
-
INTERPOL operation takes down 45,000 malicious IPs and leads to 94 arrests
INTERPOL says Operation Synergia III dismantled more than 45,000 malicious IP addresses and servers used in phishing, malware, and ransomware activity, resulting in 94 arrests across 72 countries and territories.
-
Malicious npm package posing as OpenClaw installer deploys RAT, steals macOS credentials
Researchers say a malicious npm package named @openclaw-ai/openclawai masqueraded as an OpenClaw installer, deployed a remote access trojan, and stole sensitive data from macOS systems after being uploaded by a user named openclaw-ai on March 3, 2026.