Fraud Tracker

A Ukrainian man has pleaded guilty to operating OnlyFake, an AI-powered website that generated and sold more than 10,000 photos of fake …

A yearlong Europol-coordinated operation dubbed “Project Compass” has led to 30 arrests and 179 suspects being tied to “The Com,” an online …

DIY store chain ManoMano is notifying customers of a data breach that was caused by hackers compromising a third-party service provider. The …

American manufacturer of medical devices, UFP Technologies, has disclosed that a cybersecurity incident has compromised its IT systems and data. UFP Technologies is …

The Larazus Group has a new partner in crime. The North Korean nation-state threat group dropped Medusa ransomware in a recent attack …

SolarWinds has released security updates to patch four critical Serv-U remote code execution vulnerabilities that could grant attackers root access to unpatched …

Hackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns. …

Article updated at the bottom with additional technical details about this campaign. Amazon is warning that a Russian-speaking hacker used multiple generative …

Texas Halts New H-1B Visa Applications at Public Universities and State Agencies Greg Abbott has ordered Texas public universities and state agencies …

Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken …

A Ukrainian national was sentenced to five years in prison for providing North Korean IT workers with stolen identities that helped them …

Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse …

Flare researchers monitoring underground Telegram channels and cybercrime forums have observed threat actors rapidly sharing proof-of-concept exploits, offensive tools, and stolen administrator …

A newly discovered and sophisticated Android malware called Keenadu has been found embedded in firmware from multiple device brands, enabling it to …

The Washington Hotel brand in Japan has announced that that its servers were compromised in a ransomware attack, exposing various business data. …

ShinyHunters, a well-known data extortion group, claims to have stolen more than 600,000 Canada Goose customer records containing personal and payment-related data. …

Threat actors are sending physical letters pretending to be from Trezor and Ledger, makers of cryptocurrency hardware wallets, to trick users into …

The Russian government is trying to block WhatsApp in the country as its crackdown on communication platforms outside its control intensifies. WhatsApp …

South Korea has fined luxury fashion brands Louis Vuitton, Christian Dior Couture, and Tiffany $25 million for failing to implement adequate security …

UPDATE A handful of European government agencies have been compromised by hackers in recent weeks, thanks to a new round of critical …

Recent research from Microsoft shows that AI assistants such as ChatGPT, Claude, Grok, and Microsoft 365 Copilot can be influenced to surface …

Two specific areas of cybersecurity — backups and identity and access management (IAM) — are responsible for nearly half (45%) of the …

Attackers are already actively exploiting six of the 59 vulnerabilities Microsoft disclosed in its latest security update, meaning security teams will need …

SmarterTools recently disclosed a breach that occurred as a result of vulnerabilities the company addressed last month. The software company’s product was …

Two Connecticut men face federal charges for allegedly defrauding FanDuel and other online gambling sites of $3 million over several years using …

Most enterprise work now happens in the browser. SaaS applications, identity providers, admin consoles, and AI tools have made it the primary …

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that ransomware actors are exploiting CVE-2026-24423, a critical vulnerability in SmarterMail that allows remote …

A newly discovered toolkit called DKnife has been used since 2019 to hijack traffic at the edge-device level and deliver malware in …

Germany’s domestic intelligence agency is warning of suspected state-sponsored threat actors targeting high-ranking individuals in phishing attacks via messaging apps like Signal. The …

A major U.S. payment gateway and solutions provider says a ransomware attack has knocked key systems offline, triggering a widespread outage affecting …