Agentic AI buys non-existent goods, a sweeping raid on African hackers, and other cybersecurity developments | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

A roundup of the week’s key cybersecurity developments.

Fake CAPTCHA pilfers crypto-wallet data

The DNSFilter team published research on bad actors using bogus anti-bot pages — CAPTCHAs — to steal users’ financial data.

A DNSFilter customer spotted the malicious interface. At first glance the check looked legitimate, but it attempted to install the Lumma Stealer malware. The content-filtering system blocked the threat in time, allowing the team to analyse the attack in detail.

After the first confirmation attempt the interface returned an error and suggested a fix. It instructed users to open the Windows Registry via a key combination and paste in attacker code already copied to the clipboard.

According to the research, the stealer targets any financial information, scanning for passwords, cookies, two-factor authentication tokens, cryptocurrency wallets, remote-access credentials and password-manager vaults.

DNSFilter says users interacted with this CAPTCHA 23 times over three days; 17% followed the attacker’s instructions.

Nebraska miner jailed for fraud

A Nebraska resident was sentenced to one year in prison for defrauding cloud-computing services to mine cryptocurrencies.

According to the indictment, from January to August 2021 Parks used various aliases and companies he controlled, including CP3O LLC and MultiMillionaire LLC, to create accounts with several cloud providers.

He mined Monero, Ethereum and Litecoin, deceiving providers into giving him “elevated levels” of service and delaying billing. According to the Justice Department, he told one company he used the compute resources to build “a global online school focused on media, technology and business strategy” and that his goal was “to simultaneously educate 10,000 students”.

Parks earned $1m and laundered it through several crypto exchanges, online payment services, an NFT marketplace and bank accounts. After converting all crypto to cash, he spent the proceeds on a Mercedes-Benz S AMG, jewellery and first-class flights.

US seizes over $2.8m in crypto from ransomware operator

The US Department of Justice announced the seizure of more than $2.8m in cryptocurrency from Ianis Alexandrovich Antropenko, an alleged operator of the Zeppelin ransomware.

According to the statement, he used Zeppelin to attack a broad range of individuals, companies and organisations worldwide, including in the United States. Antropenko and his associates encrypted and stole victims’ data, then demanded ransom. After receiving payments, he tried to launder the funds through the ChipMixer mixer, whose servers were seized by authorities in March 2023.

Among other laundering methods, the fraudster used cash-for-crypto exchanges and structured deposits. In addition to digital assets, authorities seized $70,000 in cash and a luxury car.

China briefly cut off from the global internet

According to researchers at the Great Firewall Report, on August 20th the Great Firewall suffered a failure. Another expert view suggested national authorities were testing for a future block of the external internet.

All traffic on TCP port 443, the standard for HTTPS connections, was blocked for 74 minutes. China was effectively cut off from the global internet: users could not access most sites hosted abroad. The incident disrupted several Apple and Tesla services that rely on the port for core functions.

Perplexity’s agentic browser bought fake goods

Agentic AI browsers can autonomously surf the web, make purchases and manage various online tasks. The leading example today is Comet from Perplexity.

A test by Guardio Labs, a developer of browser-protection extensions, found these browsers are vulnerable to phishing, prompt injection and purchases from fake online shops.

In one test Comet was asked to buy an Apple Watch on a counterfeit Walmart site created via Lovable. The model scanned the site without verifying its authenticity, proceeded to checkout and automatically filled in credit-card and address details, completing the purchase without asking the user for confirmation.

In a second test, researchers prepared a fake Wells Fargo email sent from a ProtonMail address with a link to a live phishing page. Comet treated the message as genuine bank instructions, followed the link, loaded the fake Wells Fargo login page and prompted the user to enter credentials.

Largest crackdown on African hackers

From June to August 2025, law-enforcement agencies in 18 African countries and the United Kingdom arrested more than 1,200 suspects under Operation Serengeti 2.0, reported Interpol.

Authorities seized $97.4m.

They also dismantled 11,432 pieces of infrastructure linked to ransomware, online fraud and business email compromise, which affected 87,858 victims worldwide.

Also on ForkLog:

• ZachXBT criticised the myth of the “genius” of North Korean hackers.
• The US reconsidered its stance on DeFi after the Tornado Cash case.
• Scammers swindled $91m from a bitcoin investor.
• In six months, losses from RWA-protocol hacks exceeded $14.6m.
• Binance and other exchanges launched a network to fight crypto crime in real time.
• The Monero community proposed new ways to protect the network from 51% attacks.
• a16z outlined a way to preserve privacy without compromising security.
• Qubic developers will conduct a 51% attack on Dogecoin.
• The founder of a darknet marketplace was detained in the Czech Republic over a bitcoin bribe case.

What to read this weekend?

In the modern world, a cryptocurrency wallet is not merely an account but a digital imprint of identity: transaction history, DAO participation, social ties and even a credit score. ForkLog explores what such formalisation could mean.

Нашли ошибку в тексте? Выделите ее и нажмите CTRL+ENTER