惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

量子位
小众软件
小众软件
S
SegmentFault 最新的问题
人人都是产品经理
人人都是产品经理
博客园 - 【当耐特】
博客园 - 三生石上(FineUI控件)
C
Check Point Blog
S
Schneier on Security
Microsoft Azure Blog
Microsoft Azure Blog
N
Netflix TechBlog - Medium
Engineering at Meta
Engineering at Meta
GbyAI
GbyAI
罗磊的独立博客
有赞技术团队
有赞技术团队
V
V2EX
Y
Y Combinator Blog
博客园 - 叶小钗
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
F
Fortinet All Blogs
W
WeLiveSecurity
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Stack Overflow Blog
Stack Overflow Blog
The Cloudflare Blog
S
Security @ Cisco Blogs
TaoSecurity Blog
TaoSecurity Blog
MyScale Blog
MyScale Blog
Hugging Face - Blog
Hugging Face - Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
www.infosecurity-magazine.com
www.infosecurity-magazine.com
PCI Perspectives
PCI Perspectives
H
Heimdal Security Blog
Schneier on Security
Schneier on Security
Security Latest
Security Latest
AWS News Blog
AWS News Blog
月光博客
月光博客
Security Archives - TechRepublic
Security Archives - TechRepublic
Recent Announcements
Recent Announcements
Google DeepMind News
Google DeepMind News
博客园 - Franky
Cisco Talos Blog
Cisco Talos Blog
T
Threat Research - Cisco Blogs
M
MIT News - Artificial intelligence
T
Troy Hunt's Blog
N
News and Events Feed by Topic
Cloudbric
Cloudbric
Scott Helme
Scott Helme
云风的 BLOG
云风的 BLOG
Attack and Defense Labs
Attack and Defense Labs

The Register - Security

India's cyber agency sets clock at 12 hours to tackle exploited bugs as AI turns up the heat Are we human? MyPillow must decide whether to be firm or soft as ransomware crims demand pay Experts pour cold borscht on Farage's Russian hack claim AI eyes scanning for bugs create a worrisome Linux security trend A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim's crypto wallets Techie claims Trump Mobile website was leaking thousands of people's data Dems slam Trump for making cybersecurity hold out the tin cup while splurging on ballroom and Jan. 6 'slush fund' Attackers spill plaintext passwords of 46k Myspace93 users after 2021 breach Microsoft open-sources agentic AI safety tools Are we human? America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames America's top cyber-defense agency left a GitHub repo open with passwords, keys, tokens – and incredibly obvious filenames Shai-Hulud copycat worm infects yet another npm package MPs want social media treated more like unsafe toys than harmless apps Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data To gain root access, intruder just had to ask AWS patched Quick auth bypass, says customers weren't using control Disgruntled researcher releases two more Microsoft zero-days Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub Foxconn confirms cyberattack after ransomware crew claims it stole confidential Apple, Nvidia files US bank reports itself after slinging customer data at 'unauthorized AI app' Anthropic’s bug-hunting Mythos was greatest marketing stunt ever, says cURL creator Best Western Hotels confirms web app data breach Arctic Wolf cuts 250 jobs in AI push 1 in 8 workers say selling company logins is justifiable Iran cyberspies LARPing as ransomware crims in espionage ops UK age-gating plans risk breaking the internet, privacy groups warn India orders infosec red alert in case Mythos sparks crime 'CopyFail' attackers start cashing in on Linux flaw ShinyHunters claims dump puts 119K Vimeo emails in the wild ShinyHunters claims 119K Vimeo emails in the wild Singapore boffins get diverse SIEMs singing in harmony Shadow IT has given way to shadow AI. Enter AI-BOMs AI-BOMs replace SBOMs as way to track AI agents and bots Home Office adds £216M to travel doc contract before bids FBI: China's hacker-for-hire ecosystem 'out of control' UK business breach rate stuck at 43%... blame the phishing What type of 'C2 on a sleep cycle' do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia Chinese spy group caught lurking in Poland, Asia networks Critical cPanel, WHM flaw probs exploited as 0-day, pros say ORNL builds more sensitive GPS interference detector Microsoft patch fell short. New Windows flaw exploited Fooling large language models just keeps getting simpler Wiz hands GitHub AI-aided bug report that isn Don’t pay VECT a ransom - your big files are likely gone Pitney Bowes the latest victim of ShinyHunters’ breach-spree Ongoing supply-chain attack targets security, dev tools Medical and utility tech companies admit digital breakins Cybersecurity professional getting more work and less pay Crime crew impersonates help desk, abuses Teams chats ShinyHunters claim they have cruise giant Carnival’s booty CISA, NCSC issue Firestarter backdoor warning Intel expects AI inference to drive demand for its CPUs Open source models can find bugs as well as Mythos Researchers find sabotage malware that may predate Stuxnet Attackers could disable all of a city's public EV chargers Age checks could turn internet into an ID checkpoint, complains Proton CEO If malware via monitor cables is a matter of national security, this might be the gadget for you France's 'Secure' ID agency probes breach as crooks claim 19M records Scotland Yard can keep using live facial recognition on Londoners, say judges Nation-states want to cause harm, not just steal cash - stop handing your cyber defenses to the cheapest contractor Murder, she wrote: Ex-FBI chief wants some ransomware crims charged with homicide macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets Yet another ex-ransomware negotiator admits turning rogue after payoff from crimelords AI-assisted intruders pwned Vercel via OAuth abuse and a pilfered employee account Crook claims to leak 'video surveillance footage' of companies Met police trials snoop tech platform in push to cuff more London shoplifters Adaptavist Group breach spawns imposter emails as ransomware crew claims mega-haul Panasonic creates device-locked QR codes to speed facial biometric capture Iran claims US used backdoors to knock out networking equipment during war Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus Scot becomes second Scattered Spider-linked crook to plead guilty in US Just like phishing for gullible humans, prompt injecting AIs is here to stay Locked-out iPhone user tells The Reg that Apple is scrambling to fix character flaw passcode bug Git identity spoof fools Claude into giving bad code the nod McGraw Hill linked to 13.5M-record data leak Microsoft announces product it doesn't want anyone to buy Server-room lock was nothing but a crock Nobody knows how many CVEs Anthropic's Project Glasswing has actually found Autovista blames ransomware for service disruption French cops free mother and son after crypto kidnapping UK told its Big Tech habit is now a national security risk Commvault has a Ctrl+Z for rogue AI agents No honor among thieves as 0APT threatens rival ransomware gang Krybit Fake Linux leader using Slack to con devs into giving up their secrets Booking.com warns of possible reservation data exposure NHS pays £46K to prep next Microsoft licensing round China wants AI to prepare school lessons and mark homework Anthropic's Mythos has The Kettle crew curious, skeptical Two different attackers poisoned popular open source tools Hungary officials used weak passwords exposed in breach dump CPUID hijacked to serve malware as HWMonitor downloads Unpacking AI security 2026 from experimentation agentic era Microsoft locks out top open source devs, blames process NHS Scotland-linked domains push pr0n and illegal streams Iran cyber actors disrupting US water, energy facilities, FBI warns Russia's Fancy Bear still attacking routers to boost fake sites, NCSC warns AI agents found vulns in this Linux and Unix print server Trump wants to take a battle axe to CISA again and slash $707M from budget
Don't glamorize cybercrims, roast them instead
Jessica Lyons Jessica Lyons · 2026-04-05 · via The Register - Security

Security

Researchers didn’t want to glamorize cybercrims. So they roasted them

True-crime tales of criminals making fools of themselves

INTERVIEW Cybercrime crews have become almost mystical entities, with security vendors assigning them names like Wizard Spider and Velvet Tempest.

They hide out in hidden corners of the dark web (often accompanied by a clearnet leak site), leading some infosec folks to talk about these miscreants as if they are invincible. But not everyone is on board with this trend.

Former CISA boss Jen Easterly and others have called on the industry to stop glamorizing these groups, and instead give them horrible names like "Scrawny Nuisance" or "Evil Ferret." 

During an interview with The Register at the RSA Conference, Trellix VP of threat intel John Fokker said he's sick of it, too. 

"I'm trying to spark a debate, or a healthy conversation, about what we can do as an industry," he said. "Everybody's glorifying threat actors, and that's not helping our customers or organizations. These are just individuals, they just use computers, and they just want to steal your data and make money. They're not mythical. They don't have superpowers."

These are just individuals, they just use computers, and they just want to steal your data and make money. They're not mythical. They don't have superpowers

So his team at threat detection and response firm Trellix decided to take an "almost psyops" approach to covering the criminal underground. "We don't want to glorify them, what's the opposite we can do? We're going to roast them."

And thus, the Dark Web Roast was born. It's a regular blog complete with memes, mockery, and a Ricky Gervais' "they're just jokes" inspired disclaimer: "While these incidents are genuinely amusing, they represent real criminal activities causing significant harm. This content is for threat intelligence and educational purposes only."

The most recent edition features a ransomware gang that bulk-drafted and scheduled their extortion attempts like a content calendar: "Considering the sheer, numbing volume of their posts, it's a solid bet that their 'victims' are probably just fake sites they spun up themselves for content, because nothing screams legitimacy like inflating your stats with phantom compromises," the researchers wrote.

There's also an exploit developer named cortana9000 who found a Cisco remote code execution bug (CVE-2026-20045) under active exploitation by government-backed goons and asked on a forum, "so how much is this worth" ... then listed it on another forum for $70,000. 

"A fellow forum member, KlopInko, swooped in with the devastating one-liner: 'since it's known, it's a 1day exploit' - essentially telling cortana9000 that his $70K payday had already started depreciating the moment he opened his mouth," according to the roast.

There's also a crim, using the handle patagon on DarkForums, who tried to sell full domain admin access to Russia's energy grid for less than a used car, undervaluing their apparent find by "many orders of magnitude."

When cops go trolling

Fokker points to the LockBit infrastructure seizure and dismantling led by the UK's National Crime Agency (NCA) as the beginning of a deliberate change in law enforcement's response toward cybercriminals. In that case, the cops trolled the notorious ransomware gang via its own website before ultimately unveiling LockBitSupp's true identity.

Taking down groups' infrastructure isn't enough, because they can simply spin up new servers and domains, which, we should point out, LockBit did. Then it becomes a game of whack-a-mole.

"Criminals say, 'OK, I can play this game all day long.' So that doesn't really work," Fokker said. But public mockery (as with LockBit), and infiltration like the FBI did with Hive's ransomware network, can fracture trust among cyberthieves. And this fragmentation can help defenders dismantle criminal operations and keep people and data safe.

"In the criminal underground, it's more network-based and individual-based," Fokker said. Ransomware crews work with initial access brokers or exploit developers to break into victims' networks, and they have developers who are writing malware, and affiliates carrying out the attacks. 

Fracturing trust among thieves

"This also creates dependencies," Fokker said. "You have groups that were in the partnership with the ransomware group, and they were breaking into or they were stealing data, and then you have exit scams, or the decryptor didn't work, and that causes cracks in the business model."

Trellix assisted international cops in the long-running Operation Endgame, and during the November 2025 Rhadamanthys infostealer takedown, officials released a smug animated video hinting at intelligence gathered during the operation and designed to undermine trust within criminal organizations.

The video shows an administrator skimming the most valuable secrets and cryptocurrency keys for personal gain, while passing only less lucrative data to customers. Trellix learned about this incident during a briefing with Dutch police.

"They said to us, 'We found out that this admin is also stealing from his own customers,'" Fokker remembers. After the Europol press release came out, Trellix unleashed the snark in a Dark Web Roast.

"We basically said you're stupid if you work with him, because he's just getting rich, and we just make fun of him," Fokker said. "We don't know if the impact was measurable, but still, we had an opportunity to run with that story and make a complete fool out of this admin. So that's something." ®