First VPN’s 33 servers were seized after aiding 25 ransomware groups, disrupting anonymous cybercrime infrastructure.
Category: cybercrime/malcode
US and Canada arrest and charge suspected Kimwolf botnet admin
U.S. and Canadian authorities arrested and charged a Canadian man with operating the KimWolf distributed denial-of-service (DDoS) botnet, which infected nearly two million devices worldwide.
23-year-old Jacob Butler (also known online as “Dort”) was arrested by Canadian authorities in Ottawa on Wednesday pursuant to an extradition warrant.
According to a criminal complaint unsealed on Thursday in the District of Alaska, Butler was taken into custody based on IP address and online account information, transaction records, and online messaging records that exposed his links to the KimWolf botnet.
The Growing Cybersecurity Risks To The Supply Chain In The AI Era
#cybersecurity #suppychains #ai #tech
Supply chains are a primary target for cybercriminals and provide the foundation of global commerce in the hyper-connected digital ecosystem of today. Artificial intelligence (AI) simultaneously exacerbates vulnerabilities as it revolutionizes operations through predictive analytics, automation, and real-time visibility. Sophisticated threat actors, ransomware groups, and nation-state actors employ AI to exploit the vulnerable links in intricate, multi-tiered supply networks.
Artificial intelligence can create dual-use dynamics. It promotes efficiency by facilitating real-time data transfers and hyper-connected operations, while simultaneously significantly expanding the attack surface. Compromises of a single vendor or update have been shown to have a cascading effect on economies, governments, and critical infrastructure through supply chain attacks.
In The AI Era, Supply Chains Are Prime Targets.
The complexity of supply chains is inherent, as they encompass continents, jurisdictions, and a multitude of third-party vendors, contractors, and software components. Each link—whether it be legacy systems, unvetted code, IoT devices, or 5G-enabled connections—provides potential entry points. AI exacerbates these risks by allowing attackers to automate reconnaissance, create polymorphic malware that evades detection, create personalized phishing campaigns, and identify vulnerabilities quicker than defenders can apply patches.
9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years.
The vulnerability, tracked as CVE-2026–46333 (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of several major distributions like Debian, Fedora, and Ubuntu. It’s also codenamed ssh-keysign-pwn.
According to Qualys, which discovered the flaw, the problem is rooted in the kernel’s __ptrace_may_access function and was introduced in November 2016.
Ukraine identifies infostealer operator tied to 28,000 stolen accounts
The Ukrainian cyberpolice, working in conjunction with U.S. law enforcement, has identified an 18-year-old man from Odesa suspected of running an infostealer malware operation targeting users of an online store in California.
According to the Ukrainian police, the threat actor used information-stealing malware between 2024 and 2025 to infect users’ devices and steal browser sessions and account credentials.
Infostealers are a popular type of malware that harvests sensitive data, including passwords, browser cookies, session tokens, crypto wallets, and payment information, from infected devices and sends it to cybercriminals for account theft, fraud, and resale.
GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories
GitHub on Tuesday said it’s investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform’s source code and internal organizations for sale on a cybercrime forum.
“While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity,” the Microsoft-owned subsidiary said.
The company also noted that it will notify customers via established incident response and notification channels if any impact is discovered.
INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests
Group-IB, which was one of the private sector companies that participated in the effort, said it provided “actionable intelligence” on over 5,000 compromised accounts, including those that were associated with government infrastructure, and shared details about active phishing infrastructure across the region.
“Cybercrime is borderless, and the only effective response is one that is equally borderless,” Joe Sander, CEO of Team Cymru, said. “Operation Ramz is exactly that kind of response, law enforcement and trusted private-sector partners pooling intelligence, moving in concert, and dismantling the infrastructure that criminals depend on.”
Countries that took part in Operation Ramz included Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and the U.A.E.
