Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: law enforcement

Ukraine identifies infostealer operator tied to 28,000 stolen accounts

The Ukrainian cyberpolice, working in conjunction with U.S. law enforcement, has identified an 18-year-old man from Odesa suspected of running an infostealer malware operation targeting users of an online store in California.

According to the Ukrainian police, the threat actor used information-stealing malware between 2024 and 2025 to infect users’ devices and steal browser sessions and account credentials.

Infostealers are a popular type of malware that harvests sensitive data, including passwords, browser cookies, session tokens, crypto wallets, and payment information, from infected devices and sends it to cybercriminals for account theft, fraud, and resale.

INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests

Group-IB, which was one of the private sector companies that participated in the effort, said it provided “actionable intelligence” on over 5,000 compromised accounts, including those that were associated with government infrastructure, and shared details about active phishing infrastructure across the region.

“Cybercrime is borderless, and the only effective response is one that is equally borderless,” Joe Sander, CEO of Team Cymru, said. “Operation Ramz is exactly that kind of response, law enforcement and trusted private-sector partners pooling intelligence, moving in concert, and dismantling the infrastructure that criminals depend on.”

Countries that took part in Operation Ramz included Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, and the U.A.E.

US reportedly charges Scattered Spider hacker arrested in Finland

A 19-year-old dual United States and Estonian citizen arrested in Finland earlier this month faces federal charges in the U.S. alleging he was a prolific member of the notorious Scattered Spider hacking collective.

According to temporarily unsealed court records obtained by the Chicago Tribune, the suspect (who used the online alias “Bouquet”) helped extort millions of dollars from multiple large corporations worldwide.

The suspected Scattered Spider member, who was allegedly arrested by Finnish law enforcement at Helsinki’s airport on April 10 while attempting to board a flight to Japan, is facing wire fraud, conspiracy, and computer intrusion charges.

Former ransomware negotiator pleads guilty to BlackCat attacks

41-year-old Angelo Martino, a former employee of cybersecurity incident response company DigitalMint, has pleaded guilty to targeting U.S. companies in BlackCat (ALPHV) ransomware attacks in 2023.

Together with two other Sygnia and DigitalMint ransomware negotiators (33-year-old Ryan Clifford Goldberg and 28-year-old Kevin Tyler Martin), Martino was charged with conspiracy to interfere with interstate commerce by extortion, interference with interstate commerce by extortion, and intentional damage to protected computers.

Martino was initially identified only as “Co-Conspirator 1” in an October 2025 indictment, but was named in court documents unsealed in March. Martin and Goldberg also pleaded guilty to conspiracy to obstruct commerce by extortion and are facing up to 20 years in prison each.

Tycoon2FA phishing platform returns after recent police disruption

The Tycoon2FA phishing-as-a-service (PhaaS) platform that Europol and partners disrupted on March 4 has already returned to previously observed activity levels.

Microsoft led the technical disruption, which involved seizing 330 domains part of Tycoon2FA’s backbone infrastructure that included control panels and phishing pages used in attacks.

However, the disruption caused by the law enforcement was short-lived, as CrowdStrike noticed the cybercrime service return to normal operational volumes within days.

Florida woman imprisoned for massive Microsoft license fraud scheme

A Florida woman was sentenced to 22 months in prison for running a massive years-long scheme to traffic thousands of stolen Microsoft Certificate of Authenticity (COA) labels.

52-year-old Heidi Richards (also known as Heidi Hastings, Heidi Shaffer, and Heidi Williams), who operated an e-commerce business called Trinity Software Distribution, was also ordered to pay a $50,000 fine.

COA labels are small stickers that authenticate software and carry unique product key codes used to activate products distributed on physical media, such as Microsoft’s Windows operating system and Office productivity suite.

GOOD LUCK, HAVE FUN, DON’T DIE — Welcome To The Perfect Prison

Gore Verbinski’s Good Luck, Have Fun, Dont Die hits like a nasty mirror held up at the worst possible angle. On paper, the setup sounds almost playful: a “Man From the Future” drops into a diner in Los Angeles and has to recruit the exact combination of disgruntled strangers for a one-night mission to stop a rogue AI. But the horror isn’t metal skeletons and laser fire. It’s the idea that the end of humanity doesn’t arrive with an explosion. It arrives with an upgrade. A perfectly tuned stream of algorithmic entertainment that doesn’t merely distract people—it replaces them. A manufactured paradise so frictionless, so gratifying, so chemically rewarding, that the messy, strenuous, inconvenient act of being human starts to feel obsolete.

#goodluckhavefundontdie #samrockwell #ai #algorithm.

Check out my playlists on film here — Film Explored — • Film Explored.

Check out my playlist on Alien here — • New to Aliens? Start Here.

Check out my playlist on Predator here — • New to Predator? Start Here.

Police arrests 651 suspects in African cybercrime crackdown

African law enforcement agencies arrested 651 suspects and recovered over $4.3 million in a joint operation targeting investment fraud, mobile money scams, and fake loan applications.

As INTERPOL revealed on Wednesday, Operation Red Card 2.0 identified 1,247 victims between December 8 and January 30 while targeting cybercrime operations linked to over $45 million in financial losses.

Authorities across 16 countries also seized 2,341 devices and took down 1,442 malicious websites, domains, and servers during this joint action coordinated by the African Joint Operation against Cybercrime (AFJOC).

New Amaranth Dragon cyberespionage group exploits WinRAR flaw

A new threat actor called Amaranth Dragon, linked to APT41 state-sponsored Chinese operations, exploited the CVE-2025–8088 vulnerability in WinRAR in espionage attacks on government and law enforcement agencies.

The hackers combined legitimate tools with the custom Amaranth Loader to deliver encrypted payloads from command-and-control (C2) servers behind Cloudflare infrastructure, for more accurate targeting and increased stealth.

According to researchers at cybersecurity company Check Point, Amaranth Dragon targeted organizations in Singapore, Thailand, Indonesia, Cambodia, Laos, and the Philippines.

Washington state proposes new 3D-printed gun controls with ‘blocking features’ and blueprint detection algorithm — proposal would carry sentences of five years in prison, $15,000 fine for violation

All three are explained in more detail in the bill, but arrive at broadly the same destination. This law, if approved, would prevent 3D printer brands from selling their wares in Washington State without stringent controls to prevent the printing of 3D firearms, or indeed parts that could be used to modify existing weapons.

According to the bill, violating this proposed law would be a class C felony, which means anyone found in violation of these terms could face up to five years in prison and a $15,000 fine.

Washington is not the first state to propose addressing 3D-printed firearms by way of legislation, and is unlikely to be the last. Earlier this month New York took steps to ban 3D-printed guns, proposing the mandating of 3D printer safeguards and cracking down on the sharing and possession of 3D files containing guns or gun components.

/* */