A criminal network running call centers in Dnipro, Ivano-Frankivsk, and Kyiv was targeted by authorities in the Czech Republic, Latvia, Lithuania, and Ukraine. Over 400 victims in Europe were defrauded of over €10 million ($11.7 million) by the network. According to reports, the U.K.
government will "encourage" Google and Apple to stop phones from showing nude photos unless users confirm that they are adults. Russian-speaking operators are promoting SantaStealer, a new modular information stealer, on Telegram and underground forums like Lolz. By sending messages from compromised accounts with a link to a Facebook-style preview, the GhostPairing attack entices victims.
The attack is a variation of a method that was employed by Russian hackers and exploits the platform's legitimate device-linking feature. Earlier this year, state-sponsored actors intercepted WhatsApp and Signal messages. On the Russian video-sharing website RuTube, malicious actors have been seen hosting videos that promote Roblox cheats, deceiving users into clicking on links that result in Trojan and stealer malware.
To improve Windows authentication, Microsoft discontinues RC4 (Rivest Cipher
4) encryption in Kerberos.
Domain controller defaults will be changed to only permit AES-SHA1 encryption by the middle of
2026.
Two Chinese nationals were arrested by Serbian police for operating a makeshift IMSI catcher in their vehicle, which served as a fictitious mobile base station. Approximately 1,000 Model Context Protocol (MCP) servers are open on the internet without authorization, according to recent research from Bitsight. 17 people are charged by the CBI, including four foreign nationals.
58 businesses and citizens. organized cyber gang based in the Chandigarh region and the National Capital Region (NCR). Clusters identified as KongTuke and SmartApeSG have been linked to ClickFix attacks.
In order to send phishing emails from legitimate @google.com addresses and get around SPF, DKIM, and DMARC checks, threat actors are abusing Google's Application Integration service. Fake CAPTCHA checks have been used in a recent wave of Click fix attacks to fool users into pasting in the Windows Run dialog. Threat actors have joined the exploitation bandwagon, causing the fallout from React2Shell to continue spreading.
Attacks with a variety of motivations and origins have coincided with the growth of stealth backdoors and public exploits. Faster code, more clever lures, and fewer pauses are the recurring themes in these tales. between abuse and discovery.
These are the signals worth paying attention to for the time being, but next week will bring a new set of shifts. Keep your eyes open, make the connections, and observe what happens next.