惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
博客园 - 三生石上(FineUI控件)
博客园 - 司徒正美
博客园_首页
J
Java Code Geeks
V2EX - 技术
V2EX - 技术
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
TaoSecurity Blog
TaoSecurity Blog
T
Troy Hunt's Blog
Forbes - Security
Forbes - Security
Schneier on Security
Schneier on Security
Hugging Face - Blog
Hugging Face - Blog
PCI Perspectives
PCI Perspectives
O
OpenAI News
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Hacker News: Ask HN
Hacker News: Ask HN
Application and Cybersecurity Blog
Application and Cybersecurity Blog
H
Heimdal Security Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
博客园 - 聂微东
量子位
酷 壳 – CoolShell
酷 壳 – CoolShell
大猫的无限游戏
大猫的无限游戏
WordPress大学
WordPress大学
美团技术团队
V
V2EX
Cisco Talos Blog
Cisco Talos Blog
小众软件
小众软件
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
C
Cybersecurity and Infrastructure Security Agency CISA
有赞技术团队
有赞技术团队
腾讯CDC
Cloudbric
Cloudbric
Google DeepMind News
Google DeepMind News
博客园 - 【当耐特】
SecWiki News
SecWiki News
IT之家
IT之家
C
Cisco Blogs
雷峰网
雷峰网
aimingoo的专栏
aimingoo的专栏
B
Blog RSS Feed
S
Schneier on Security
Security Latest
Security Latest
Scott Helme
Scott Helme
H
Help Net Security
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
P
Palo Alto Networks Blog
L
LINUX DO - 热门话题
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC

The Hacker News

SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation 22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023 5 Places where Mature SOCs Keep MTTR Fast and Others Waste Time NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files ⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More Why Most AI Deployments Stall After the Demo Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems $13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories [Webinar] Eliminate Ghost Identities Before They Expose Your Enterprise Data The Hacker News The Hacker News Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More Deterministic + Agentic AI: The Architecture Exposure Validation Requires Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report) 108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025 FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts ⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More Your MTTD Looks Great. Your Post-Alert Gap Doesn't North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs Browser Extensions Are the New AI Consumption Channel That No One Is Talking About Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installs UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories The Hidden Security Risks of Shadow AI in Enterprises Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025 Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP) Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign [Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign The Hidden Cost of Recurring Credential Incidents New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps ⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks $285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation 36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners The State of Trusted Open Source Report WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails
Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M
info@thehack · 2026-05-04 · via The Hacker News

A coordinated international operation involving U.S. and Chinese authorities has arrested at least 276 suspects and shut down nine scam centers used for cryptocurrency investment fraud schemes targeting Americans, resulting in millions of dollars in losses.

The crackdown was led by the Dubai Police, under the United Arab Emirates (UAE) Ministry of Interior, in partnership with the U.S. Federal Bureau of Investigation (FBI) and the Chinese Ministry of Public Security. Among those arrested are individuals from Burma and Indonesia, who were apprehended by authorities from Dubai and Thailand.

Thet Min Nyi, 27, Wiliang Awang, 23, Andreas Chandra, 29, Lisa Mariam, 29, and two fugitive co-conspirators have been charged with federal fraud and money laundering charges in the U.S.

"Fraudsters who target Americans from overseas cannot operate with impunity, no matter where in the world they reside," Assistant Attorney General A. Tysen Duva of the Justice Department's (DoJ) Criminal Division said. "Scam center organizers and fraudsters who defraud Americans and others will face justice in American courts and in courts around the world. In contemporary society, fraud is borderless, and law enforcement activity to combat it and eliminate it is as well."

According to the indictment, the defendants are alleged to have managed, worked for, and recruited others to work at three different companies named Ko Thet Company, Sanduo Group, and Giant Company that allegedly operated several scam centers. Thet Min Nyi is believed to be the manager and recruiter for the Ko Thet Company.

The scams involved tricking users into parting with their money through bogus cryptocurrency investments after building trust over time, often by entering into friendly or romantic relationships, a long-running scheme known as pig butchering or romance baiting. The illicit operation is closely intertwined with human trafficking, where foreign nationals are coerced into running the scams under slave-like conditions after being recruited with false offers of high-paying jobs. 

"After that, the scammers promoted investments in cryptocurrencies and assisted victims in setting up accounts and transferring cryptocurrency to investment platforms that, unbeknownst to the victims, were false," the DoJ said. "The alleged scammers touted their own successes and returns in cryptocurrency investments and encouraged their victims to invest more. They also encouraged their victims to borrow money from friends and family and take out loans, to be able to 'invest' more."

Cybersecurity

But as soon as the funds were transferred to the platforms, the assets were laundered to other cryptocurrency accounts, including some belonging to the fraudsters.

The DoJ said the FBI has notified almost 9,000 victims and saved victims an estimated $562 million as of April 2026 following the launch of an initiative called Operation Level Up, which began in January 2024 as a way to proactively identify and alert victims of cryptocurrency investment fraud schemes.

Two Chinese Nationals Charged for Crypto Scams

News of the indictment comes days after the DoJ charged two Chinese nationals – Jiang Wen Jie (aka Jiang Nan) and Huang Xingshan (aka Ah Zhe and Huang Xing Saan) – for their role in a major cryptocurrency investment fraud operation and for allegedly running the Shunda scam compound in Min Let Pan, Myanmar. The defendants have also been accused of planning to open a second scam center in Cambodia after Burmese authorities seized the first in November 2025.

Huang is assessed to have worked at Shunda as a high-level manager and personally participated in the physical punishment of trafficked compound workers, while Jiang served as a team leader overseeing workers who specifically targeted American victims in these schemes. They were arrested by Thai authorities in early 2026 while en route to Burma from Cambodia.

"The compound used scam websites and mobile applications disguised as legitimate investment platforms to defraud victims, including Americans," the DoJ said. "Workers within the compound were trafficked individuals who were held against their will and forced to defraud victims under the threat of violence and torture."

In addition, the crackdown has led to the seizure of a Telegram channel (@pogojobhiring2023) with more than 6,500 followers used to recruit human trafficking victims to a scam compound in Cambodia in order to work a law enforcement impersonation scam and a cluster of 503 fake investment websites used to defraud U.S. victims. The actions, led by a U.S. government Scam Center Strike Force, have also restrained more than $701 million in cryptocurrency alleged to be tied to money laundering from cryptocurrency scams.

Treasury Sanctions Cambodian Senator

Coinciding with these efforts, the U.S. Treasury Department has sanctioned a Cambodian senator behind a network of cyber scam compounds, and the State Department announced rewards of up to $10 million for information leading to the seizure or recovery of proceeds related to the Tai Chang scam center in Burma.

The sanctions target Cambodian Senator Kok An, Cambodian businessman Rithy Raksmei, their associates, and respective business operations, including holding companies like K99 Group for scam center operations. Kok An is assumed to have fled Thailand, with authorities issuing an arrest warrant for him and his children last July. 

"Kok An and his affiliates' network of scam centers, operating out of casinos and office parks retrofitted for fraudulent activity, launder victims' funds and provide a base to target U.S. citizens and commit human rights abuses with impunity," the Office of Foreign Assets Control (OFAC) said.

Kok An is the second Cambodian senator to be sanctioned by the U.S. Treasury after Ly Yong Phat, who was implicated in September 2024 for his alleged role in trafficking people into forced labor at online scam centers. 

The proliferating industrial-scale fraud operations have prompted Cambodia's parliament to pass the first law dedicated to targeting scam centres operating in the country. The law, which seeks to prevent scam centers from resurfacing after takedowns, will see those convicted of scams sentenced to anywhere between five and 10 years in prison and fined as much as $250,000.

Cambodian Scam Compound Linked to Android MaaS

What's more, an Android banking trojan has been uncovered, likely operating from multiple locations, including the K99 Triumph City compound owned by Cambodia's K99 Group, that's capable of facilitating real-time surveillance, credential theft, data exfiltration, as well as financial fraud. The banking trojan is said to have been used since at least 2023.

The sophisticated malware-as-a-service (MaaS) platform shares infrastructure and behavioral overlaps with activity previously attributed to threat actors tracked as Vigorish Viper and Vault Viper, per a joint report from Infoblox and Vietnamese non-profit Chong Lua Dao.

"The operation remains active, registering around 35 new domains per month -- both registered domain generation algorithm (RDGA) domains and lookalike domains -- that impersonate legitimate organizations and government services to distribute the malware," researchers said.

"The domains are designed to spoof banks, pension funds, social security organizations, utility providers, and various revenue, immigration, telecom, and law enforcement agencies. More recently, the scope of the scam has expanded, both geographically and contextually, to include lures targeting airlines and e-commerce platforms, as well as countries in Africa and Latin America."

In all, 400 targeted lure domains are said to have been registered in 2025 and used to deceive and infect victims as part of what's assessed to be a coordinated operation. The attack chain is as follows -

  • Malicious URLs are distributed to users through SMS messages or emails that appear to come from government officials.
  • Victims visit a fake Google Play Store app listing page or a government service website.
  • Once the APK is installed and launched, it escalates permissions to facilitate persistence.
  • The malware connects to an external server and enables the operator to remotely keep tabs on the victim device and harvest data.
  • Attackers inject bogus overlay screens on top of online banking apps to capture credentials and then use the access to transfer funds to accounts under their control.

"The activity associated with this infrastructure continues to adapt and expand, sustaining large-scale campaigns targeting countries such as Thailand, Indonesia, the Philippines, and Vietnam, while increasingly diversifying into Africa and Latin America," Infoblox and Chong Lua Dao noted.

Cybersecurity

"With access to large multilingual labor pools, growing technical capability, and sky-high profits, they are not only adopting but adapting and commoditizing malware, infrastructure, and social engineering techniques into versatile and scalable attack models. What emerges is an ecosystem that is agile, experimental, and commercially driven – one where tools are continuously repurposed, refined, and redeployed to maximize reach and profit."

Operation Atlantic Seizes $12M

The developments unfold against the backdrop of Operation Atlantic, which has successfully frozen approximately $12 million from a cybercrime operation targeting cryptocurrency and investment scammers using a technique called "approval phishing" to gain access to crypto-wallets and empty their funds.

Approval phishing refers to a form of cryptocurrency fraud in which victims are deceived into signing a blockchain transaction that grants a scammer complete control over their wallet, allowing them to drain all their assets. According to TRM Labs, these phishing attacks are "often wrapped inside investment scams or romance fraud."

"This tactic is often used in online investment fraud, often referred to as pig butchering, to lure victims into handing over ever-increasing amounts to scammers," the U.S. Secret Service said in a statement.

More than 20,000 victims have been identified across 30 countries, including Canada, the U.K., and the U.S. Authorities have also confiscated more than 120 domains used by the threat actors behind the scheme for phishing, and identified an additional $33 million in funds that are believed to be linked to investment fraud schemes globally.

In early April, the Treasury Department's Office of Cybersecurity and Critical Infrastructure Protection (OCCIP) announced a new information-sharing initiative to strengthen cybersecurity across the digital asset industry. As part of the effort, U.S. digital asset firms and industry organizations that meet the Treasury's criteria will be eligible to receive actionable cybersecurity information at no extra cost.

"The initiative will provide timely, actionable cybersecurity information to eligible U.S. digital asset firms and industry organizations, helping them better identify, prevent, and respond to cyber threats targeting their customers and networks," the Treasury Department said.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.