law enforcement | Breaking Cybersecurity News | The Hacker News

Meta has announced plans to discontinue support for end-to-end encryption (E2EE) for chats on Instagram after May 8, 2026. "If you have chats that are impacted by this change, you will see instructions on how you can download any media or messages you may want to keep," the social media giant said in a help document. "If you're on an older version of Instagram, you may also need to update the app before you can download your affected chats." When reached for comment, this is what Meta had to say: "Very few people were opting in to end-to-end encrypted messaging in DMs, so we're removing this option from Instagram in the coming months. Anyone who wants to keep messaging with end-to-end encryption can easily do that on WhatsApp." The American company first began testing E2EE for Instagram direct messages in 2021 as part of CEO Mark Zuckerberg's "privacy-focused vision for social networking." The feature is currently " only ...

INTERPOL on Friday announced the takedown of 45,000 malicious IP addresses and servers used in connection with phishing, malware, and ransomware campaigns, as part of the agency's ongoing efforts to dismantle criminal networks, disrupt emerging threats, and safeguard victims from scams. The effort is part of an international law enforcement operation that involved 72 countries and territories. It also led to the arrest of 94 people, with another 110 individuals still under investigation. A total of 212 electronic devices and servers were seized during raids at various key locations. One such operation in Bangladesh saw 40 suspects arrested and 134 electronic devices confiscated pertaining to a wide range of cybercrime offences, including loan and job scams, identity theft, and credit card fraud. In Togo, authorities apprehended 10 suspects accused of running a fraud ring from a residential area. While some were involved in hacking into social media accounts, others conducted s...

A court-authorized international law enforcement operation has dismantled a criminal proxy service named SocksEscort that enslaved thousands of residential routers worldwide into a botnet for committing large-scale fraud. "SocksEscort infected home and small business internet routers with malware," the U.S. Department of Justice (DoJ) said . "The malware allowed SocksEscort to direct internet traffic through the infected routers. SocksEscort sold this access to its customers." SocksEscort ("socksescort[.]com") is said to have offered to sell access to about 369,000 different IP addresses in 163 countries since the summer of 2020, with the service listing nearly 8,000 infected routers as of February 2026. Of these, 2,500 were located in the U.S. As of December 2025, SocksEscort's website claimed to offer "static residential IPs with unlimited bandwidth" and that they can bypass spam blocklists. It advertised over 35,900 proxies from 102 c...

The U.S. Department of Justice (DoJ) this week announced the seizure of $61 million worth of Tether that were allegedly associated with bogus cryptocurrency schemes known as pig butchering . The confiscated funds were traced to cryptocurrency addresses used for the laundering of criminally derived proceeds stolen from victims of cryptocurrency investment scams, the department added. "Criminal actors and professional money launderers use cyber-enabled fraud schemes to swindle their victims and conceal their ill-gotten gains," said HSI Charlotte Acting Special Agent in Charge Kyle D. Burns. "HSI special agents work diligently to trace the illicit proceeds of crime across the globe to disrupt and dismantle the transnational criminal organizations that seek to defraud hardworking Americans." As is the norm in such cybercrime operations, threat actors are known to target individuals by cultivating romantic relationships after approaching them on dating and social m...

A 29-year-old Ukrainian national has been sentenced to five years in prison in the U.S. for his role in facilitating North Korea's fraudulent information technology (IT) worker scheme. In November 2025, Oleksandr "Alexander" Didenko pleaded guilty to wire fraud conspiracy and aggravated identity theft for stealing the identities of U.S. citizens and selling them to IT workers to help them land jobs at 40 U.S. companies and draw regular salaries, which were then funneled back to the regime to support its weapons programs. He was apprehended by Polish authorities in late 2024, and later extradited to the U.S. Didenko has also been ordered to serve 12 months of supervised release and to pay $46,547.28 in restitution. Last year, Didenko also agreed to forfeit more than $1.4 million, which includes about $181,438 in U.S. dollars and cryptocurrency seized from him and his co-conspirators. The defendant is said to have run a website named Upworksell[.]com to help oversea...

An international cybercrime operation against online scams has led to 651 arrests and recovered more than $4.3 million as part of an effort led by law enforcement agencies from 16 African countries. The initiative, codenamed Operation Red Card 2.0, took place between December 8, 2025 and January 30, 2026, according to INTERPOL. It targeted infrastructure and actors behind high-yield investment scams, mobile money fraud, and fraudulent mobile loan applications. Countries that participated in the law enforcement operation included Angola, Benin, Cameroon, Côte d’Ivoire, Chad, Gabon, Gambia, Ghana, Kenya, Namibia, Nigeria, Rwanda, Senegal, Uganda, Zambia, and Zimbabwe. It was conducted under the African Joint Operation against Cybercrime (AFJOC). "During the eight-week operation, investigations exposed scams linked to over USD 45 million in financial losses and identified 1,247 victims, predominantly from the African continent but also from other regions of the world," INTE...

New research from the Citizen Lab has found signs that Kenyan authorities used a commercial forensic extraction tool manufactured by Israeli company Cellebrite to break into a prominent dissident's phone, making it the latest case of abuse of the technology targeting civil society. The interdisciplinary research unit at the University of Toronto's Munk School of Global Affairs & Public Policy said it found the indicators on a personal phone belonging to Boniface Mwangi, a Kenyan pro-democracy activist who has announced plans to run for president in 2027. Specifically, it has emerged that Cellebrite's forensic extraction tools were used on his Samsung phone while it was in police custody following his arrest in July 2025. The phone was returned to him nearly two months later, in September, at which point Mwangi found that the phone was no longer password-protected and could be unlocked without requiring a password. It's been assessed with high confidence that ...

Behind the scenes of law enforcement in cyber: what do we know about caught cybercriminals? What brought them in, where do they come from and what was their function in the crimescape? Introduction: One view on the scattered fight against cybercrime The growing sophistication and diversification of cybercrime have compelled law enforcement agencies worldwide to respond through increasingly coordinated and publicized actions. Yet, despite the visibility of these operations, there remains no comprehensive overview, to our knowledge, on how law enforcement is addressing cybercrime globally. Publicly available information is dispersed across agencies, jurisdictions, case-specific reporting (e.g., “Operation Endgame”) [1] , and reporting formats, offering fragmented insights rather than a cohesive understanding of what types of crime are being targeted, what actions are taken, and who the offenders are. This results in isolated glimpses rather than a consistent global picture. Therefor...

A Telegram-based guarantee marketplace known for advertising a broad range of illicit services appears to be winding down its operations, according to new findings from Elliptic. The blockchain intelligence company said Tudou Guarantee has effectively ceased transactions through its public Telegram groups following a period of significant growth. The marketplace is estimated to have processed over $12 billion in transactions, making it the third-largest illicit marketplace of all time. "Other parts of Tudou Guarantee, such as its gambling operations, continue to function, so it remains to be seen whether this represents the first stages of a full shutdown or a pivot away from fraud-related activity," the company said . Tudou Guarantee is just one of the many Telegram-based marketplaces serving cyber fraudsters, the others being HuiOne Guarantee and Xinbi Guarantee , which collectively engaged in over $35 billion in USDT transactions. Thousands of channels associated with...

Ukrainian and German law enforcement authorities have identified two Ukrainians suspected of working for the Russia-linked ransomware-as-a-service (RaaS) group Black Basta. In addition, the group's alleged leader, a 35-year-old Russian national named Oleg Evgenievich Nefedov (Нефедов Олег Евгеньевич), has been added to the European Union's Most Wanted and INTERPOL's Red Notice lists, authorities noted. "According to the investigation, the suspects specialized in technical hacking of protected systems and were involved in preparing cyberattacks using ransomware," the Cyber Police of Ukraine said in a statement.  The agency said the accused individuals functioned as "hash crackers," who specialize in extracting passwords from information systems using specialized software. Once the credential information was obtained, members of the ransomware group broke into corporate networks and ultimately deployed ransomware and extorted money to recover the e...

Europol on Friday announced the arrest of 34 individuals in Spain who are alleged to be part of an international criminal organization called Black Axe . As part of an operation conducted by the Spanish National Police, in coordination with the Bavarian State Criminal Police Office and Europol, 28 arrests were made in Seville, along with three others in Madrid, two in Málaga, and one in Barcelona. "The criminal network is known for its involvement in a wide range of criminal activities, including cyber-enabled fraud, drug trafficking, human trafficking and prostitution, kidnapping, armed robbery and fraudulent spiritual practices," Europol said in a statement. It's estimated that the criminal network is responsible for fraud resulting in damages exceeding €5.93 million ($6.9 million). In addition to the arrests, authorities have frozen €119,352 ($138,935) in bank accounts and seized €66,403 ($77,290) in cash during house searches. Black Axe is assessed to be a hier...

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Tuesday removed three individuals linked to the Intellexa Consortium, the holding company behind a commercial spyware known as Predator , from the specially designated nationals list. The names of the individuals are as follows - Merom Harpaz Andrea Nicola Constantino Hermes Gambazzi Sara Aleksandra Fayssal Hamou Hamou was sanctioned by OFAC in March 2024, and Harpaz and Gambazzi were targeted in September 2024 in connection with developing, operating, and distributing Predator. The Treasury's press release does not give any reason as to why they were removed from the list. However, in a statement shared with Reuters, it said the removal "was done as part of the normal administrative process in response to a petition request for reconsideration." The department added that the individuals had "demonstrated measures to separate themselves from the Intellexa Consortium....

The fraudulent investment scheme known as Nomani has witnessed an increase by 62%, according to data from ESET, as campaigns distributing the threat have also expanded beyond Facebook to include other social media platforms, such as YouTube. The Slovak cybersecurity company said it blocked over 64,000 unique URLs associated with the threat this year. A majority of the detections originated from Czechia, Japan, Slovakia, Spain, and Poland. Nomani was first documented by ESET in December 2024 as leveraging social media malvertising, company-branded posts, and artificial intelligence (AI)-powered video testimonials to deceive users into investing their funds in non-existent investment products that falsely claim significant returns. When victims request payout of the promised profits, they are asked to pay more fees or provide additional personal information, such as ID and credit card information. As is typical of investment scams of this kind, the end goal is financial loss. It...

A law enforcement operation coordinated by INTERPOL has led to the recovery of $3 million and the arrest of 574 suspects by authorities from 19 countries, amidst a continued crackdown on cybercrime networks in Africa. The coordinated effort, named Operation Sentinel, took place between October 27 and November 27, 2025, and mainly focused on business email compromise (BEC), digital extortion, and ransomware on the continent. Participating nations included Benin, Botswana, Burkina Faso, Cameroon, Chad, Congo, Djibouti, Democratic Republic of the Congo, Gabon, Ghana, Kenya, Malawi, Nigeria, Senegal, South Africa, South Sudan, Uganda, Zambia, and Zimbabwe. Over the course of the initiative, more than 6,000 malicious links were taken down and six distinct ransomware variants were decrypted. The names of the ransomware families were not disclosed. The investigated incidents were linked to estimated financial losses exceeding $21 million, INTERPOL added. Multiple suspects have been arr...

The U.S. Justice Department (DoJ) on Monday announced the seizure of a web domain and database that it said was used to further a criminal scheme designed to target and defraud Americans by means of a bank account takeover scheme. The domain in question, web3adspanels[.]org, was used as a backend web panel to host and manipulate illegally harvested bank login credentials. Users to the website are now greeted by a seizure banner that says the domain was taken down in an international law enforcement operation led by authorities from the U.S. and Estonia. "The criminal group perpetrating the bank account takeover fraud delivered fraudulent advertisements through search engines, including Google and Bing," the DoJ said . "These fraudulent advertisements imitate the sponsored search engine advertisements used by legitimate banking entities." The ads served as a conduit to redirect unsuspecting users to fake bank websites operated by the threat actors, who harvested ...

The U.S. Department of Justice (DoJ) this week announced the indictment of 54 individuals in connection with a multi-million dollar ATM jackpotting scheme. The large-scale conspiracy involved deploying malware named Ploutus to hack into automated teller machines (ATMs) across the U.S. and force them to dispense cash. The indicted members are alleged to be part of Tren de Aragua (TdA, Spanish for "the train of Aragua"), a Venezuelan gang designated a foreign terrorist organization by the U.S. State Department.  In July 2025, the U.S. government announced sanctions against the group's head, Hector Rusthenford Guerrero Flores (aka Niño Guerrero), and five other key members for their involvement in the "illicit drug trade, human smuggling and trafficking, extortion, sexual exploitation of women and children, and money laundering, among other criminal activities." The Justice Department said an indictment returned on December 9, 2025, has charged a group of...

Authorities in Nigeria have announced the arrest of three "high-profile internet fraud suspects" who are alleged to have been involved in phishing attacks targeting major corporations, including the main developer behind the RaccoonO365 phishing-as-a-service (PhaaS) scheme. The Nigeria Police Force National Cybercrime Centre (NPF–NCCC) said investigations conducted in collaboration with Microsoft and the Federal Bureau of Investigation (FBI) led to the identification of Okitipi Samuel, also known as Moses Felix, as the principal suspect and developer of the phishing infrastructure. "Investigations reveal that he operated a Telegram channel through which phishing links were sold in exchange for cryptocurrency and hosted fraudulent login portals on Cloudflare using stolen or fraudulently obtained email credentials," the NPF said in a post shared on social media. In addition, laptops, mobile devices, and other digital equipment linked to the operation have been se...

Key Takeaways: 85 active ransomware and extortion groups observed in Q3 2025, reflecting the most decentralized ransomware ecosystem to date. 1,590 victims disclosed across 85 leak sites, showing high, sustained activity despite law-enforcement pressure. 14 new ransomware brands launched this quarter, proving how quickly affiliates reconstitute after takedowns. LockBit’s reappearance with version 5.0 signals potential re-centralization after months of fragmentation. In Q3 2025, Check Point Research recorded a record 85 active ransomware and extortion groups , the highest ever observed. What was once a concentrated market dominated by a few ransomware-as-a-service (RaaS) giants has splintered into dozens of smaller, short-lived operations. This proliferation of leak sites represents a fundamental structural shift. The same enforcement and market pressures that disrupted large RaaS groups have fueled a wave of opportunistic, decentralized actors, many run by former affiliat...

Malware families like Rhadamanthys Stealer , Venom RAT , and the Elysium botnet have been disrupted as part of a coordinated law enforcement operation led by Europol and Eurojust. The activity, which took place between November 10 and 13, 2025, marks Please remove image compression the latest phase of Operation Endgame , an ongoing operation designed to take down criminal infrastructures and combat ransomware enablers worldwide. Besides dismantling the "three large cybercrime enablers," authorities have also arrested the main suspect behind Venom RAT in Greece on November 3, more than 1,025 servers have been taken down, and 20 domains have been seized. "The dismantled malware infrastructure consisted of hundreds of thousands of infected computers containing several million stolen credentials," Europol said in a statement. "Many of the victims were not aware of the infection of their systems." It's worth noting that the Elysium botnet neutralize...

Nine people have been arrested in connection with a coordinated law enforcement operation that targeted a cryptocurrency money laundering network that defrauded victims of €600 million (~$688 million). According to a statement released by Eurojust today, the action took place between October 27 and 29 across Cyprus, Spain, and Germany, with the suspects arrested on charges of involvement in money laundering from fraudulent activities. In addition to the arrests of the individuals from their homes, authorities conducted searches that led to the seizure of €800,000 ($918,000) in bank accounts, €415,000 ($476,000) in cryptocurrencies, and €300,000 ($344,000) in cash. Participating nations in the "synchronized" effort alongside Eurojust were agencies from France, Belgium, Cyprus, Germany, and Spain. "The members of the network created dozens of fake cryptocurrency investment platforms that looked like legitimate websites and promised high returns," Eurojust said . ...