Cyber Law, Policy & Regulation

Australia Doubled Social-Media Penalties to A$99M and Expanded eSafety Powers Over Under-16 Ban

The Australian government moved to double the maximum penalty for breaches of its under-16 social-media ban to A$99 million and to expand the eSafety Commissioner's powers to compel compliance evidence from platforms and third-party age-assurance providers. eSafety is investigating Instagram, Facebook, YouTube, Snapchat, and TikTok.

cyberlaws australia online-safety child-safety esafety
Cybercrime, Fraud & Underground Markets

DCloud Uni-App Framework Powered Over 236,000 Investment-Scam Sites Worldwide

The Chinese open-source DCloud Uni-App framework underpinned a global investment-scam economy, fingerprinted across 236,493 scam-site domains observed from 2022 to 2026 on major cloud and bulletproof hosts. Spread via social engineering, it powered fraud schemes including the RainbowEx pig-butchering operation that defrauded an Argentine town.

cybercrime fraud investment-scam pig-butchering china
AI Milestones & Breakthroughs

Mozilla 0DIN Demonstrated GitHub Repo Attack Tricking AI Coding Agents Into Running Malware

Mozilla's 0DIN team demonstrated a proof-of-concept attack in which a clean-looking GitHub repository with deliberately failing setup steps coaxes AI coding agents into an auto-recovery flow that fetches and executes a DNS-hosted reverse shell. Claude Code was shown vulnerable, with no in-the-wild exploitation reported.

airesearch ai-agents prompt-injection github
Cybercrime, Fraud & Underground Markets

Woodgnat Access Broker Deployed Backdoor.Mistic to Feed Ransomware Affiliates

Symantec attributed a stealthy in-memory backdoor, Mistic, to the initial-access broker Woodgnat (KongTuke), active since 2024 and feeding footholds to Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta. Distribution spanned compromised WordPress sites, ClickFix social engineering, and fake IT-helpdesk messages on Microsoft Teams.

cybercrime initial-access-broker ransomware social-engineering woodgnat
Cyber Law, Policy & Regulation

First Circuit Upheld Dismissal of Bayamon Medical Center Data-Breach Class Action on Standing

The US First Circuit affirmed dismissal of a putative class action over Bayamon Medical Center's 2019 ransomware breach, holding the plaintiff failed to plausibly allege her identity-theft injury was fairly traceable to that breach. The ruling reinforces the Article III traceability defense in data-breach litigation.

cyberlaws litigation data-breach healthcare standing
Cybercrime, Fraud & Underground Markets

Anonymous-Linked Hacker Aubrey Cottle Sentenced to 18 Months for Texas GOP Breach

Ontario Superior Court sentenced Canadian hacktivist Aubrey Cottle to 18 months for the September 2021 Anonymous-linked breach of the Texas Republican Party, which defaced its website and exfiltrated 180 GB of donor and personal data via web host Epik. Time served left roughly 175 days.

cybercrime anonymous hacktivism sentencing
Nation-State Attacks & Cyber Espionage

StrikeShark Espionage Campaign Hit Government and Diplomatic Targets With SharkLoader and Cobalt Strike

Kaspersky's GReAT uncovered StrikeShark, a global espionage campaign deploying a novel SharkLoader dropper and Cobalt Strike Beacon against government, diplomatic, and software-development targets across Asia, the Middle East, Latin America, and Europe. Operators exploited internet-facing Exchange, SharePoint, FortiOS, and other flaws, with low-confidence Chinese-speaking attribution.

cyberops espionage china cobalt-strike breach-confirmed
Ransomware, Malware & Destructive Attacks

Russian Cybercriminals Linked to Jaguar Land Rover Ransomware Attack Costing UK £1.9 Billion

Investigators tied the September 2025 ransomware attack that halted Jaguar Land Rover production for five weeks to Russian cybercriminals who used phishing and social engineering. The Cyber Monitoring Centre estimated the shutdown cost the UK economy £1.9 billion, roughly $2.5 billion, hitting over 5,000 businesses.

ransomware jaguar-land-rover russia united-kingdom attribution
Nation-State Attacks & Cyber Espionage

Russian Intelligence Phishing Campaign Targeted Signal Backup Recovery Keys

An FBI and CISA advisory detailed an expanded Russian intelligence phishing campaign that tricks targets into surrendering their Signal backup recovery key, letting operators restore message history and hijack accounts. Targets include US and Ukrainian officials, military personnel, and journalists; the stolen key remains reusable.

cyberops russia phishing signal espionage breach-confirmed
Surveillance, Spyware & Intelligence Agencies

ATF Cancelled Penlink Webloc Phone-Tracking Contract After Congressional Scrutiny

The Bureau of Alcohol, Tobacco, Firearms and Explosives terminated its contract for Penlink's Webloc location-tracking tool after Senator Ron Wyden pressed the agency on warrantless cellphone tracking. Director Robert Cekada confirmed the agency had run over 340 searches, 222 tied to active cases, without warrants.

surveillance location-tracking penlink data-broker united-states
Nation-State Attacks & Cyber Espionage

Russia's Turla Deployed STOCKSTAY Backdoor Against Ukrainian Government and Military

Google's Threat Intelligence Group attributed a new espionage backdoor, STOCKSTAY, to FSB-linked Turla, used against Ukrainian government and military targets through at least January 2026. Delivered via phishing from a compromised university account and CVE-2025-8088, it enabled file exfiltration, screen capture, and command execution.

cyberops turla russia ukraine espionage breach-confirmed
Software & Supply Chain Attacks

Polymarket Supply-Chain Attack Drained $3 Million via Compromised Frontend Vendor

A compromised third-party vendor injected a malicious script into Polymarket's web frontend, draining about $3 million in pUSD from at least 11 users via a phishing flow. Attackers converted the proceeds to roughly 1,893 ETH. Polymarket pledged to refund affected users.

supply-chain crypto phishing
Nation-State Attacks & Cyber Espionage

China-Linked CL-STA-1062 Hit Southeast Asian Energy and Government With TinyRCT Backdoor

Palo Alto Networks Unit 42 attributed a custom backdoor, TinyRCT, to China-aligned cluster CL-STA-1062, which compromised at least ten state-owned energy and government organizations across Southeast Asia between October and December 2025. The espionage toolset enabled stealthy data theft, command execution, and long-term network access.

cyberops china espionage critical-infrastructure breach-confirmed
Cybercrime, Fraud & Underground Markets

Poland Arrested Four in SIM-Swap Ring That Drained Millions From Crypto Exchanges

Poland's Cybercrime Bureau, with the FBI and Homeland Security Investigations, arrested four members of a SIM-swapping ring that hijacked phone numbers to loot cryptocurrency-exchange accounts and launder millions. Suspects face up to 25 years for organized crime, hacking, and money laundering.

cybercrime sim-swapping crypto arrest poland
Cybercrime, Fraud & Underground Markets

Iranian-Turkish Hacker Tied to $3.4 Billion in University Intrusions Arrested in Montenegro

Montenegrin police and the FBI arrested a 39-year-old dual Iranian-Turkish national in Kotor, wanted in New York on hacking charges. US prosecutors accuse him of breaching over 150 universities since 2013, causing $3.4 billion in damage and funneling stolen access to Iran's Revolutionary Guard.

cybercrime iran arrest irgc