Farrar, Straus and Giroux In 2022, journalist Carlos Barragán moved to Lagos, Nigeria to investigate a cybercrime network of text-based internet phishing, also known as “sweetheart scams.” He found that a small band of young men known as the “Yahoo Boys” were creating fake avatars to lure American victims into online romances — a 21st-century...Read More
The discovery that millions of digital home devices are secretly powering dangerous cyberattacks began with a phone call more than two years ago from a top Microsoft security executive to his counterpart at Comcast. What Comcast found has rocked the cybersecurity world and taken years to unravel The tech giant was investigating a digital break-in...Read More
The Federal Bureau of Investigation (FBI), one of the United States’ most prominent law enforcement agencies, has issued a warning regarding the growing misuse of Traffic Distribution Systems (TDS) by cybercriminals. According to the agency, compromised TDS platforms are increasingly being leveraged to facilitate ransomware attacks, phishing campaigns, and various forms of financial fraud. Traffic...Read More
Here is a ransomware trend that is becoming more frequent in 2026: The same victim organizations are posted twice, under two different flags. This is occurring frequently enough that we stopped treating it as a curiosity and went looking for the why behind this trend. We expected one answer, but we found at least five....Read More
While total phishing volume declined for the second year in a row, ThreatLabz identified 413,524 AI-generated site instances, underscoring how quickly adversaries can scale high-fidelity phishing News Highlights Quality Over Quantity: Phishing volume fell 20% for the second year in a row as attackers recalibrate to high-fidelity, AI-accelerated lures. Services Sector Surge: Targeted hits...Read More
The Gentlemen ransomware-as-a-service (RaaS) operation is actively developing and maintaining a suite of endpoint detection and response (EDR) killers that it hands out to affiliates for impairing system defenses before deploying the encryptor. This mature portfolio of EDR-terminating tools is centered around a framework that’s known as GentleKiller. “They also incorporate third-party or leaked tools...Read More
Commercial printing and imaging technologies company Kodak has confirmed suffering a data breach after the ShinyHunters cybercrime group claimed to have stolen information from its systems. Kodak was named on the ShinyHunters website on June 15, with the hackers claiming to have obtained more than 2.2 million records of customer personal information and other corporate...Read More
AI agents don’t just need identities. They need accountability. That distinction matters more than most enterprise security teams have fully reckoned with. The conversation I have most often with security and technology leaders right now is not about whether to deploy agentic AI. It is about what happens once those agents are operating across production...Read More
Cybercrime , Fraud Management & Cybercrime Police Seize Evil Corp-Tied Group’s Servers, Clean Subverted WordPress Sites Mathew J. Schwartz (euroinfosec) • June 19, 2026 Image: Shutterstock A criminal hacking operation that sold access to hacked computers to other cybercriminals had more than a hundred servers seized by police, who also cleaned tens of...Read More
As many as 145 npm packages associated with the Mastra namespace (“@mastra/*”), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack codenamed easy-day-js, per findings from Endor Labs, JFrog, OX Security, SafeDep, Socket, StepSecurity, and Synk. “A single npm account...Read More
