Ransomware payments pass $4.5 billion
Ransomware payments reported to the U.S. Treasury’ s Financial Crimes Enforcement Network (FinCEN) has now topped $4.5 billion USD, with 2023 standing out as the most expensive year on record. More than $2.1 billion was paid between 2022 and 2024, including $1.1 billion in 2023 alone. Akira accounted for the most reported incidents, but ALPHV/BlackCat took in the biggest haul with nearly $400 million in payments. Financial services, manufacturing, and healthcare remained the hardest-hit sectors, and most ransom demands stayed under $250,000.
Cybercrime networks orchestrate real-world violence
This is one of those stories where I triple checked my sources. Europol’s Operation GRIMM has arrested nearly 200 people, including minors, over the past six months for involvement in contract killings and other violent crimes orchestrated online. The operation targets “violence-as-a-service” networks that groom teens to commit attacks. Cases include two attempted murder plots and a triple shooting that killed three people in the Netherlands earlier this year. Investigators say the activity is tied to cybercrime groups like The Com who are more commonly known for their SIM swapping and extortion scams.
Three arrested over possessing hacking tools
Polish police arrested three Ukrainian nationals after finding them with hacking and surveillance equipment, including Flipper Zero devices, laptops, portable hard drives, SIM cards, and signal detectors. Authorities say the men could not explain why they were carrying the tools and allege the equipment could have been used to target critical IT systems in Poland. Police emphasized that the charges stem from the potential for misuse of the tools, not confirmed damage or breaches. The individuals now face charges of fraud, computer fraud, and possession of devices intended for criminal activity.
Russian crackdown on malware scam
Russian police say they’ve taken down a crew that stole more than 200 million rubles (USD $2.6 million) using malware built on NFCGate, an open-source tool now popular among financial cybercriminals. According to the Interior Ministry, the group tricked victims into installing fake banking apps, then harvested card data by having them tap their cards to their phones — letting attackers drain ATMs nationwide without the cardholder present. Russian security firm F6 estimates at least 1.6 billion rubles (USD $18 million) has been stolen using this specific scheme to date.
Huge thanks to our sponsor, Adaptive Security
Marquis Software breach hits 780,000 customers
Texas-based fintech provider Marquis Software Solutions, which works with over 700 banks and credit unions across the U.S., said they were hacked due to an exploited SonicWall firewall vulnerability. At least 74 banks and credit unions were impacted, with typical PII being stolen. Though there were some comments about how this attack could have been avoided in the first place, as the list of remediation efforts from the company included patching firewall devices, changing passwords, and adding VPN lock-out rules.
ClayRat spyware evolves
A new version of the ClayRat Android spyware is out, and it’s a big leap from the strain first spotted in October. According to Zimperium, the malware now abuses Accessibility Services to log PINs and passwords, record the entire screen, spoof app overlays, and even block users from deleting it — giving attackers near‑total control of infected devices. Researchers have already found more than 700 malicious APKs tied to the campaign, spread through phishing sites and look-alike apps impersonating services like YouTube and regional taxi tools.
UK warns AI models may never be secure (well…duh)
The UK’s National Cyber Security Centre warned that large language models (LLMs) like ChatGPT have a fundamental flaw that could let attackers hijack them. Known as prompt injection, the issue arises because LLMs treat all input as instructions, making it impossible to fully separate safe data from commands. Researchers have shown this can be exploited in development tools, browser agents, and other AI integrations. While companies like OpenAI and Anthropic are trying fixes, the NCSC says these vulnerabilities may never be completely solved.
Meta lets EU users share less data
The European Commission approved Meta’s plan to give Instagram and Facebook users in the EU the choice to share less personal data and see fewer personalized ads, starting January. The move follows a €200 million fine earlier this year for violating the Digital Markets Act. Meta says the changes make the privacy option more transparent through updated wording and design. This is the first time the company has offered users a choice over how much data they share.