Authorities from 21 countries dismantled 53 domains, arrested four people, and disrupted DDoS-for-hire infrastructure in a coordinated effort called Operation PowerOFF. Law enforcement seized databases with records for over 3 million alleged users, sent more than 75,000 warnings, served 25 search warrants, and removed advertising to curb use of IP stressors and booters. #OperationPowerOFF #Europol
Category: Cyber Security News
Two New Jersey men were sentenced for running a scheme that placed North Korean operatives inside more than 100 U.S. companies, generating over $5 million for the regime and stealing sensitive, ITARâcontrolled defense files. The operation used shell companies, stolen identities and laptop farms to launder wages back to Pyongyang and poses ongoing nationalâsecurity risks due to the dualâuse intelligence capabilities of DPRK IT workers. #DPRK #ITAR
Congress is debating reauthorization of Section 702 of FISA under the 2024 Reforming Intelligence and Securing America Act (RISAA), with supporters saying it codified reforms and critics saying its real-world effects are unclear. Major disputes focus on ambiguous query counting tied to an FBI “participants” filter, possible expansion of covered service providers, a critical FISC opinion, and partisan disagreement over a clean extension. #Section702 #RISAA
Researchers from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42 report threat actors exploiting vulnerabilities in TBK DVRs and end-of-life TP-Link routers to deploy Mirai-like botnets, including a Nexcorium variant. The campaigns leverage CVE-2024-3721 to deliver downloaders, use brute-force Telnet and other exploits for lateral movement and persistence, and scans…
![Cybersecurity News | Daily Recap [17 Apr 2026]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [17 Apr 2026]")
Daily Recap, law enforcement across 21 countries disrupted DDoS-for-hire networks in Operation PowerOFF, seizing 53 domains and warning over 75,000 users. The roundup also covers prosecutions such as Kamerin Stokes for DraftKings account theft and North Korea laptop-farm schemes that redirected over $5 million, along with exploitation of nginx-ui CVE-2026-33032 and Apache ActiveMQ flaws enabling SYSTEM privileges. #PowerOFF #DraftKings #APT28 #GRU #LaptopFarms #NginxUI #ActiveMQ #Windows #KuwaitBanks #TennesseeHospital #NorthernIrelandEducationAuthority
Payouts King ransomware operators are abusing the QEMU emulator to run hidden Alpine Linux virtual machines on compromised hosts, using port forwarding and reverse SSH tunnels to execute payloads, harvest credentials, and bypass endpoint security. Sophos and Zscaler link these campaigns to GOLD ENCOUNTER and likely former BlackBasta affiliates, with initial access achieved via exposed VPNs, CitrixBleed 2 exploitation, Microsoft Teams phishing, and QuickAssist abuse. #PayoutsKing #QEMU
Law enforcement in more than 20 countries coordinated a takedown of DDoS-for-hire platforms, seizing over 50 domains, identifying about 75,000 users, executing 25 search warrants and arresting four people. U.S. authorities also seized eight sites including Vac Stresser and Mythical Stress and exposed low-cost subscription plans that enabled large-scale attacks. #VacStresser…
More than 18 months after the June 2024 Qilin ransomware attack on Synnovis, at least one NHS trust (SLaM) remains without fully restored pathology systems and is managing large backlogs of delayed test results. The attack disrupted blood testing, cancelled operations, exposed sensitive data of nearly one million patients, and has…
This SecurityWeek roundup highlights legislative, defensive, and investigative developments alongside multiple active threats and disclosures affecting cloud services, developer tools, and education systems. Notable stories include the W3LL phishing takedown, a spreading GlassWorm IDE dropper, active ShowDoc RCE exploitation, AWS RES fixes, and large data leaks tied to ShinyHunters. #GlassWorm #ShinyHunters…
Shadow AI emerges as employees adopt unapproved generative and agentic AI tools, creating invisible, unmanaged risks that magnify those of traditional shadow IT. CoChat provides enterprise visibility, governance, and a human-in-the-loop control layer to interrupt dangerous autonomous actions and enable collaborative use of multiple LLMs across teams. #CoChat #OpenClaw…
White House chief of staff Susie Wiles plans to sound out Anthropic CEO Dario Amodei about the company’s new Mythos model, which has drawn federal attention for how it could transform national security and the economy. The meeting comes amid tensions with the Trump administration over Anthropic’s safeguards and limited release…
The underground credit card market has grown more volatile and deceptive, pushing actors to adopt structured vetting, supplier validation, and stricter OPSEC to avoid scams and law enforcement exposure. A forum guide analyzed by Flare details vendorâvetting checklists, mirror infrastructure, and payment hygieneâhighlighting shops like CardingHub and the use of privacy coins such as Monero. #CardingHub #Monero
Kyrgyzstan-based crypto exchange Grinex suspended operations after a $13.7 million theft from wallets used by Russian users, an attack the exchange attributed to foreign (Western) intelligence agencies while blockchain analysts traced the stolen funds through TRON and Ethereum via the SunSwap protocol. Grinex, widely reported as a rebrand of sanctioned Russian exchange Garantex and operator of the ruble-backed stablecoin A7A5, says the attack aimed to harm Russiaâs financial sovereignty, but independent firms Elliptic and TRM Labs have not published technical evidence linking the theft to a specific state actor. #Grinex #Garantex #A7A5 #SunSwap #TokenSpot
This weekâs roundup covers multimillion-dollar crypto thefts, state-linked fraud schemes, regulatory scrutiny, underground exploit markets, and extortion-driven breaches. Attackers are increasingly exploiting routers, DNS layers, third-party services, and decentralized systems to intercept data, manipulate transactions, and evade enforcement. #Grinex #ShinyHunters…
Phishing and other AI-driven attacks are evolving faster than many MSP and corporate defenses, enabling targeted business email compromise and ransomware that can bypass traditional controls. BleepingComputer’s webinar with Kaseya on May 14, 2026 explores how integrating prevention, detection, and backup/BCDR enables MSPs to reduce downtime and ensure rapid recovery #Kaseya #BleepingComputer