Cybercrime & Underground Economy
Coverage of dark web markets, ransomware ecosystems, fraud operations, financial crime services, monetization tactics, and the evolving underground economy driving global cybercriminal activity.
-
Sanctions Hit Russia’s Bulletproof Hosting Provider
U.S., UK, and Australia sanction Russia-based Media Land for providing bulletproof hosting to ransomware groups like LockBit, BlackSuit, and Play, freezing assets and prohibiting transactions.
·
·
1–2 minutes -
ShadowRay 2.0: Ray AI Flaw Exploited for Cryptomining
ShadowRay 2.0 exploits a Ray AI flaw, creating a self-spreading GPU cryptomining botnet. Attackers use unpatched vulnerabilities, GitLab, and GitHub to spread malware and hijack computing power.
·
·
3–4 minutes -
RondoDox Exploits Unpatched XWiki Servers (CVE-2025-24893)
RondoDox is exploiting CVE-2025-24893 in XWiki to run miners, gain shells and add servers to DDoS botnets.
·
·
1–2 minutes -
Fake AI and WhatsApp apps on third‑party Android stores hide spyware, ad fraud
Appknox warns that fake ChatGPT, DALL·E and WhatsApp apps on third‑party Android stores range from harmless wrappers to spyware that intercepts OTPs.
·
·
1–2 minutes -
North Korean IT Worker Fraud Uncovered, $15M Seized
North Korean IT worker fraud scheme exposed, $15M seized.
·
·
2–4 minutes -
Phishing Campaign Targets Travel Websites
A Russian-speaking threat group launched a sophisticated phishing campaign, creating over 4,300 fake travel websites to steal payment information from hotel guests.
·
·
1–2 minutes -
What is Operation Endgame?
Operation Endgame is a major international law enforcement initiative aimed at disrupting and dismantling significant cybercrime infrastructure globally, targeting widespread malware families, botnets, and other illicit tools.
·
·
2–3 minutes -
What is Rhadamanthys Infostealer?
Rhadamanthys Infostealer compromises digital security by illicitly acquiring sensitive user data. This sophisticated malicious software operates as a Malware-as-a-Service (MaaS), posing a significant threat to individuals and organizations. It facilitates…
·
·
2–3 minutes -
Understanding Package Registry Flooding
Package registry flooding is a cyberattack where threat actors overwhelm software package repositories with fake entries to hide malicious content, erode trust, and create vulnerabilities in the software supply chain.…
·
·
3–4 minutes -
What is an npm Worm?
An npm worm is a self-propagating campaign that exploits the npm registry by distributing fake or deceptive software packages to flood the registry. These financially motivated campaigns often use automated…
·
·
3–4 minutes
