All news with #law enforcement action tag

Ukrainian Hacker Charged for Aiding Russian Hacktivists

🔒 U.S. prosecutors arraigned 33-year-old Victoria Dubranova, accusing her of supporting Russian state-linked hacktivist groups in cyberattacks against critical infrastructure, including water systems and election-related targets. Dubranova, known by aliases such as Vika and SovaSonya, was extradited this year and has pleaded not guilty to charges tied to NoName057(16) and CyberArmyofRussia_Reborn (CARR). She faces separate trials in February and April 2026 and potential sentences of up to 27 years and 5 years under the respective indictments.

Spain Arrests 19-Year-Old Suspect Over 64M Data Records

🔒 A 19-year-old suspect in Igualada, Barcelona, was arrested after authorities linked him to breaches at nine companies and the theft of 64 million private records. Police say the dataset included full names, home addresses, email addresses, phone numbers, DNI numbers and IBAN codes that the suspect attempted to sell on hacker forums using multiple accounts and pseudonyms. Officers seized computers and cryptocurrency wallets believed to hold proceeds from the sales; the investigation began in June. Separately, Ukrainian police arrested a 22-year-old who used custom malware and a 5,000-account bot farm to compromise and sell social media access.

California Man Pleads in $263M Cryptocurrency Theft

🔒 Evan Tangeman, 22, has pleaded guilty to laundering proceeds from a sophisticated criminal network that stole roughly US $263 million in cryptocurrency. Prosecutors say the Social Engineering Enterprise was organised via online gaming connections and used hackers, impersonating 'callers', burglars and money launderers to seize and convert victims' crypto. Tangeman admitted converting about US $3.5 million and faces sentencing on April 24, 2026.

Authorities Shut Down Thousands of Suspected Fraud Numbers

🔒 Investigators from the Cybercrime Center Baden-Württemberg, the Baden-Württemberg State Criminal Police (LKA) and BaFin said they have shut down more than 3,500 phone numbers believed to be used by investment, grandchild and fake-police scammers. The affected landline, mobile and VoIP numbers were disabled by providers, and about 350 Austrian numbers were taken offline in coordination with Vienna. The measure is part of Operation Herakles, intended to dismantle the technical infrastructure of fraud networks and protect consumers.

Poland Detains Ukrainians Carrying Advanced Hacking Gear

🔒Three Ukrainian nationals were arrested in Poland after police discovered a cache of devices alleged to be capable of interfering with strategic IT and telecommunications systems. Officers seized a Flipper Zero, a K19 RF/GS detector, antennas, laptops, numerous SIM cards, routers, portable drives, and cameras. The suspects, aged 39–43, face charges including fraud, computer fraud, and possession of tools intended for criminal activity, and are detained pending trial.

FBI Warns of Virtual Kidnapping Scams Using Altered Photos

🔒 The FBI has issued a public service announcement warning that criminals are manipulating images shared on social media to support virtual kidnapping ransom schemes. Scammers contact victims by text, claim a relative has been abducted, and send altered photo or video proof-of-life, sometimes using timed messages to prevent scrutiny. The FBI urges vigilance: avoid sharing travel details, establish a family code word, and capture screenshots or recordings for investigators. BleepingComputer identified multiple social media examples and reports of number spoofing.

German fraud ring used fake celebrity ads for investments

🔍 Investigators say an alleged international fraud ring used fake celebrity advertising to market a purported 'secret financial product,' duping at least 120 people across Germany out of more than €1.3 million. Authorities carried out coordinated searches in Germany and Israel, focusing on Tel Aviv and Düsseldorf, and targeted publishers accused of running misleading campaigns. The scheme promoted AI-optimized investment strategies and automated crypto trading via large social-media campaigns and fake news sites, and victims were typically left with total loss of invested capital while seized evidence is analyzed.

Momberger Alerts Customers of Fraudulent Invoice Emails

🔔 Momberger – Lack & Technik warns customers of a targeted email fraud campaign that began on December 1. The company says unauthorized access to an email account was used to send forged messages requesting payment of fictitious invoices; only existing customer addresses were targeted. Momberger urges recipients not to pay, open links, or attachments, and says systems have been secured while additional protections and authorities are involved.

Korea Arrests Suspects Selling Footage from Hacked Cameras

🚨The Korean National Police arrested four suspects accused of hacking over 120,000 IP cameras in homes and businesses and selling stolen intimate footage on an overseas illegal adult website. Authorities say the suspects uploaded large volumes of voyeuristic content, identified dozens of victims, and have already arrested some buyers. Police are working with foreign investigators to locate site operators, notify victims, and pursue takedown and remedial actions. Victims were urged to reset passwords, disable unneeded remote access, and apply firmware updates to prevent further compromise.

Rigged DeckMate 2 Shufflers Used to Cheat High-Stakes Poker

🃏 Security researchers demonstrated at Black Hat 2023 that the popular DeckMate 2 automated shuffler can be compromised to reveal card order, exploiting an exposed USB port, hard-coded credentials, and an internal camera. The device’s firmware hash check was bypassed in the proof-of-concept, allowing attackers to transmit card sequences to accomplices. Two years later, DOJ indictments show criminals used pre-hacked units, invisible card markings, and remote signaling to defraud players of millions.

Coupang Confirms 33.7M Customer Records Exposed in Breach

⚠️ Coupang has confirmed unauthorized access to delivery-related personal information affecting an estimated 33.7 million customers, including names, email addresses and phone numbers. The company says payment details and login credentials were not accessed, and it has blocked the access route and strengthened internal monitoring. Seoul police have identified a suspect, believed to be a former employee who has left South Korea, and are analysing server logs while tracking an IP address tied to the incident.

German, Swiss Authorities Shut Crypto Mixer, Seize €25M

🔒 Investigators from Germany and Switzerland have shut down a cryptocurrency mixing service and seized server infrastructure, securing crypto assets with a converted value of around €25 million. Authorities say the platform, cryptomixer.io, was active since 2016 and allowed anonymous deposits and withdrawals. The operators are suspected of commercial money laundering and running a criminal trading platform; evidence including servers and email accounts was seized in Switzerland.

Europol Takes Down Cryptomixer Bitcoin Mixing Service

🔒 Europol, working with Swiss and German authorities, has seized over €25m in Bitcoin and taken control of the Cryptomixer service following coordinated actions in Zurich between 24 and 28 November. Three servers, the cryptomixer.io domain and more than 12 terabytes of data were confiscated, and a seizure banner replaced the site after law enforcement shut down the hybrid mixing platform. Since its founding in 2016, Cryptomixer is believed to have processed more than €1.3bn in Bitcoin and was widely used to obfuscate proceeds from ransomware, drug and weapons trafficking, and payment card fraud.

Australian Man Jailed Seven Years for 'Evil Twin' Wi‑Fi

🔒 A 44-year-old man has been sentenced to seven years after pleading guilty to operating “evil twin” Wi‑Fi networks to harvest credentials and intimate images. AFP officers found a Wi‑Fi Pineapple, a laptop and a phone after airline staff reported a suspicious hotspot during a domestic flight. Forensic analysis recovered thousands of images and account credentials, and investigators linked malicious pages to airports and flights. Authorities advised users to disable automatic Wi‑Fi, use a reputable VPN, turn off file sharing and avoid sensitive transactions on public hotspots.

Police Seize Cryptomixer and €24M in Bitcoin Servers

🔒 Law enforcement in Switzerland and Germany dismantled the Cryptomixer cryptocurrency-mixing service during Operation Olympia, seizing three servers, the cryptomixer.io domain, and about €24 million in Bitcoin. Europol and Eurojust supported the operation. Cryptomixer had been used to obfuscate proceeds from ransomware, drug and weapons trafficking, and payment card fraud by pooling and redistributing funds across many addresses, often taking a commission for the service.

Operator jailed for in-flight evil twin Wi-Fi attacks

🔒 An Australian man was sentenced to seven years and four months for operating an evil twin Wi-Fi network that targeted airline passengers and airport patrons in Perth, Melbourne and Adelaide. He deployed a WiFi Pineapple to clone legitimate SSIDs and present phishing captive portals that harvested social media credentials, then used those accounts to access victims' private messages and intimate images. Forensic analysis of seized devices recovered thousands of stolen images, videos, credentials and records of fraudulent Wi‑Fi pages.

French Football Federation Discloses Member Data Breach

⚽ The French Football Federation (FFF) disclosed a data breach after attackers used a compromised account to access administrative management software used by clubs. FFF detected the unauthorized access, disabled the compromised account, and reset all user passwords across the system. Before they were evicted, threat actors exfiltrated personal and contact information for members. The federation said it has filed a criminal complaint, notified regulators, and will directly inform affected individuals while urging vigilance against phishing attempts.

November 2025 security roundup: leaks, ransomware, policing

🔍 In his November roundup, ESET Chief Security Evangelist Tony Anscombe highlights major cybersecurity developments that warrant attention. He draws attention to Wiz's finding that API keys, tokens and other sensitive credentials were exposed in repositories at several leading AI companies, and to a joint advisory revealing the Akira ransomware group's estimated $244 million takings. Tony also flags privacy concerns around X's new location feature, outlines how Australia intends to enforce a proposed under‑16 social media ban, and notes a Europol/Eurojust operation that disrupted malware families including Rhadamanthys.

Care That You Share: Holiday Risks and Mitigations

🛡️ This edition of Talos Threat Source urges a simple behavioral shift: practice care in what, how, and why you share information during the holiday season and beyond. The briefing highlights operational pressures as teams run lean and attackers intensify phishing and supply‑chain campaigns, and it outlines practical changes such as retiring obsolete ClamAV signatures and encouraging feature‑release container tags for better security maintenance. Thoughtful, timely sharing of tips, IOCs, and status updates can materially improve collective resilience when resources are constrained.

FBI Warns of Widespread Account Takeover Fraud Since 2025

🔒 Since January 2025 the FBI reports account takeover (ATO) schemes have produced losses exceeding $262 million. Cybercriminals impersonate bank, payroll and health account providers and use phishing domains, SEO poisoning and social engineering to harvest credentials and one-time codes. The Bureau recommends enabling MFA, using unique complex passwords, monitoring accounts regularly, avoiding search ads and verifying unsolicited calls or messages before sharing any login information.